Reddit reviews Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
We found 16 Reddit comments about Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code. Here are the top ones, ranked by their Reddit score.
Wiley Publishing
It really depends on what niche you're looking on covering. It's difficult, I feel, to brush up on "infosec" to any level of practical proficiency without focusing on a few subsets. Based on your interests, I would recommend the following books.
General Hacking:
Hacking Exposed
The Art of Exploitation
The Art of Deception
Intrusion Detection / Incident Response:
Network Flow Analysis
The Tao of Network Security Monitoring
Practical Intrusion Analysis
Real Digital Forensics
Reverse Engineering:
Reversing: Secrets of Reverse Engineering
The Ida Pro Book
Malware Analyst Cookbook
Malware Forensics
Digital Forensics:
File System Forensic Analysis
Windows Forensic Analysis
Real Digital Forensics
The Rootkit Arsenal
Hope this helps. If you're a University student, you might have access to Safari Books Online, which has access to almost all of these books, and more. You can also purchase a personal subscription for like $23 a month. It's a bit pricey, but they have an awesome library of technical books.
Copy paste from a post I made earlier
Malware RE isn't really all that much voodoo as it seems, you take the executable and break it down into steps.
First check out the PE headers and find what strings you can, characteristics. Figure out if the malware is packed or not.
A quick and dirty way to get an idea of what it does it run it with certain tools on the system and a linux box to intercept all network communications. This is called behavioral analysis.
After that you can load it into a disassembler like IDA Pro and start looking for interesting functions or windows API calls. Things like WriteFile, VirtualAllocEx, ReadFile then figure out that they are doing.
After that you can take it into your debugger (I like OllyDbg) and set some breakpoints at interesting functions to see what the malware is doing in the stack. Like I said, its not voodoo once you look into it further.
Creating the malware is a whole different story and outside my skill set. In fact I hate programming and know only high level programming, basically I can interpret code and what it wants to do. But I have an easier time reading Assembly (lol) than something like C++. But coding malware is just like coding anything else, design it for what you want it to do and get to work. Stuff like Stuxnet had probably at a minimum 10 extremely talented coders behind it.
Here is a great list of learning sources.
Cybrary.it Malware Analysis Course - Free
Opensource Malware Analysis Course - Free
Dr. Fu's Malware Analysis Course - Free
OpenSecurityTraining.info - Free
SANS FOR610 Reverse Engineering and Malware Analysis - Expensive
Practical Malware Analysis
Practical Reverse Engineering
Malware Analyst's Cookbook
For reverse engineering:
For malware analysis and malware techniques
For programming
This should be enough for you to get started.
Some thoughts:
I've had people recommend the following books:
Other resources:
Yes.
Hacking Exposed
Shellcoders Handbook
Reverse Engineering
Malware Analyst's Cookbook
Gray Hat Python
Gray Hat Hacking Second Edition
Writing Security Tools & Exploits
Sockets, Shellcode, Porting and Coding: Reverese Engineering Exploits and Tool Coding for Security Professionals
Professional Penetration Testing
These are definitely some books you could start with. Once you've gone through those, you'll know more then a lot of them out there :)
There's these reddit threads on r/netsec:
http://www.reddit.com/r/netsec/comments/d3hua/how_to_get_started_in_netsec/
http://www.reddit.com/r/netsec/comments/ekyjw/interested_in_learning_about_network_security/
http://www.reddit.com/r/netsec/comments/es4si/what_are_some_good_netsec_books_out_there/
http://www.reddit.com/r/netsec/comments/g6r71/getting_started_in_network_security_a_list_of/
There's also loads of blogs and websites around, if you go hunting or look at some of these netsec threads, you'll find loads more material.
Malware Analysis and Pentesting are 2 somewhat different fields of practice, though they do have overlapping education and tactics.
For Pentesting I can't point you to a better framework than Vuln. Assesments. That will give you the step by step methodology to a pentest with listing of the tools you can use for each step. As I said towards the end of my initial post, I am not a huge fan of what most people call "pentesting" these days as it's turned into basically automated vulnerability scanning (Nessus, OpenVAS, etc) and then the use of canned exploits through Metasploit and similar toolsets. I just don't understand the appeal of that myself and because of that I can't really answer this question very thoroughly (though there are plenty here who can).
Now Malware Analysis is something I can talk about; it is where most of my fascination and passion resides. I would follow the "curriculum" I laid out above since most of that pertains to Reverse Engineering which is the crux of Malware Analysis. The only change I would make is to learn Assembly right after C and then after you're comfortable with C, write a few of your own programs and disassemble them yourself in conjuction with learning Assembly through this course which I already linked above in my original "curriculum" post. It wouldn;t hurt to also use this page to guide you as well.
As far as books specific to Malware Analysis, the standard seems to be Practical Malware Analysis and Malware Analyst Cookbook. Both of those are great books, the former has some fun labs for both beginners and advanced analysts to gain knowledge from. However, with that being said, malware is such a dynamic landscape, the constantly growing and unstable nature of this type of work means you have to be up to date at all times. The malware authors and threat actors are becoming more and more effective and creative, not to mention those which are well funded and persistent know usually as the dreaded "APT", adapt new TTP's daily and the methods used to evade our disassembling, escape VM's, cover up tracks, divert your attention, etc, etc.
Add a Malware Analysis section to books and punch in Malware Analyst's Cookbook. ;)
http://www.amazon.com/Malware-Analysts-Cookbook-DVD-Techniques/dp/0470613033
I would also add in OS hardening some where and link to NSA's guides:
http://www.nsa.gov/ia/mitigation_guidance/security_configuration_guides/operating_systems.shtml
There are a ton of different things you can do on the defensive side. The path here is a bit less defined because you can specialize in each of these areas with out ever really touching the other ones. But I think these are the most important skills as a defender, so I’ll break it up into three smaller chunks. For the most part, defender/Blue-team concepts draw from these skills, I’ve setup the courses in order, as some of these skills may feed into other areas.
IR:
Forensics:
Reverse Engineering (Dynamic and Static):
I know there’s not a lot of certs here, and unfortunately, that’s how it is across the blue team. Certs here are usually very vendor-specific, and not applicable to defense as a whole. Those certifications exist, but I’m not listing them here.
If people are interested, I can also do a similar write-up on Mobile Forensics and Cloud Forensics (which is my direct background).
Lastly, here are some of my favorite news sources across the InfoSec community -
News Sources
Sure thing! I don't do a whole lot of Malware RE, but where I started was with the book:
Of course, knowing assembly is very valuable for Malware Analysis as well, so it would be useful to still know most, if not all, of the stuff I listed in the other comment.
Other good places to start would be:
Definitely would start with the book, Practical Malware Analysis and get your feet wet a little bit. Then browse through the other stuff or if you're a visual person, watch some videos on youtube of how other people dissect Malware, just so you can see the bigger picture.
Hope that helps!
>Examples of projects I have completed: Coded a basic Linux kernel from the ground up for x86 machines, Working on a basic IRC botnet coded in Python, I have experience in Snort rules and have written Python scripts for log parsing. I have used Wire shark for packet sniffing etc, experience in using IDA for disassembling code for CTFs.
Why on earth would you pursue Sec+ and CISSP if you have experience in those things?
Build a Malware Lab, dude. Check out Practical Malware Analysis and The Art of Memory Forensics. With your experience you could probably wreck those over the summer.
If you want an old school, but relevant (more Red Teamer), you could check out Hacking: The Art of Exploitation and The Shellcoder's Handbook.
Practical Malware Analysis
The Art of Memory Forensics
Hacking
Shellcoder's Handbook
Malware Analyst's Cookbook
Okay so there are a couple of good places to start with malware. The first is Malware Analyst's Cookbook. It is a pretty decent beginner level resource.
From there, Practical Malware Analysis is excellent and goes a lot deeper.
For free resources I've heard good things about Dr. Fu's Malware Analysis Tutorials.
You will need to have a strong understanding of reverse engineering. I like Practical Reverse Engineering or Reverse Engineering for Beginners. The latter is free.
With RE comes assembly. I learned from the free book PC Assembly Language. The RE books should have some info on assembly as well.
You should also know the systems programming API and OS internals for whatever OS you're interested in. This is most likely Windows, so I recommend Windows System Programming and Windows Internals. You can find similar books for Linux and macOS too. Having a good understanding of C and C++ is helpful for this. Also get comfortable using your assembly level debugger on your OS of choice. WinDBG, x64dbg, and OllyDBG are all good on Windows. GDB is pretty much the default on Linux, and LLDB on macOS.
I also highly recommend some scripting language, whether it's Python, Ruby, Powershell or whatever for hacking up your own tools.
Lastly, there is a list on GitHub with a ton of helpful links.
I think that's enough for now.
As far as demand it's hard to say and probably depends a lot on where you're from. It's certainly not like the demand for webdevs but there's also not nearly as many people with the skillset. I'm not a malware analyst myself, I'm more focused on security research and embedded development.
I know those skills are especially high in demand around the Washington, DC area with defense contractors and government agencies. Especially if you can get a security clearance. Most other security firms I know of are always looking for good people with strong reversing and OS internals knowledge.
Let me know if you have any questions and I will try to answer.
I bought this one and like it a lot. It even comes with a disk with some neutered examples to analyze.
That's cool. I used to play around with malware (analyzing it via a debugger, writing it) and learned quite a bit about security (I'm sure you know how many idiots there are out there armed with PHP and an introduction book.)
Some questions, then:
My recommendations then for self study:
Read all those and you will be in good shape ;)
EDIT: I hate trying to get reddit to do what I want.
Currently Practical Malware Analysis is the go to book. The first few chapters go over basic techniques and tools. The remaining of the book focuses on advanced techniques like disassembling and debugging samples.
Another good book is Malware Analyst's Cookbook. This gives some good recipes and tools to use.
I don't have much experiencing detecting samples that AV misses. I would first start out with a tool like MalwareBytes Anti-Malware. A lot of malware will try to "phone home", so you could monitor networking from the system. There are also common places on the system malware uses. I've seen samples use the temp, startup, and application data directories. You should also check the registry for any files to run at start. Hope this helps.