Reddit Reddit reviews Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software

We found 41 Reddit comments about Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software. Here are the top ones, ranked by their Reddit score.

Computers & Technology
Books
Networking & Cloud Computing
Internet & Telecommunications
Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
No Starch Press
Check price on Amazon

41 Reddit comments about Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software:

u/koeningyou666 · 73 pointsr/netsecstudents

In my opinion; every book in this bundle is a bag of shit.

Here's a list of reputable books, again in my opinion (All links are Non-Affiliate Links):

Web Hacking:

The Web Hackers Handbook (Link)

Infrastructure:

Network Security Assessment (Link)

Please Note: The examples in the book are dated (even though it's been updated to v3), but this book is the best for learning Infrastructure Testing Methodology.

General:

Hacking: The Art of Exploitation (Link)

Grey Hat Hacking (Link)

Linux:

Hacking Exposed: Linux (I don't have a link to a specific book as there are many editions / revisions for this book. Please read the reviews for the edition you want to purchase)

Metasploit:

I recommend the online course "Metaspliot Unleashed" (Link) as opposed to buying the book (Link).

Nmap:

The man pages. The book (Link) is a great reference and looks great on the bookshelf. The reality is, using Nmap is like baking a cake. There are too many variables involved in running the perfect portscan, every environment is different and as such will require tweaking to run efficiently.

Malware Analysis:

Practical Malware Analysis (Link)

The book is old, but the methodology is rock solid.

Programming / Scripting:

Python: Automate the Boring Stuff (Link)

Hope that helps.

u/LinuxStreetFighter · 38 pointsr/sysadmin

What do you want to do? "Security" is a nonsense term that doesn't mean anything to employers.

I'd pass on certs, as most of them are worthless and don't teach you anything relevant in the security field. OSCP is good and the SANS FOR 610 is good, but LOL at paying $6,000 for a certification.

Build a lab. For Malware Analysis learn REMnux, IDA Pro, Ollydbg, and look at C++ and C.

For Penetration Testing learn TCP/IP, play with Backbox and Kali when you have a soild understanding of TCP/IP and networking in general. Learn Python, Bash, and PowerShell.

Practical Malware Analysis

Practical Forensic Imaging

Those books are solid for learning IR and Malware Analysis.

Check out /r/netsecstudents

For fucks sake, stay off this sub-reddit for anything Security related. Just lmao at the responses in here. Too many people have read that shit book Phoenix Project and think Security is just policy and process.

u/DucBlangis · 20 pointsr/netsecstudents

Here is a "curriculum" of sorts I would suggest, as it's fairly close to how I learned:

  1. Programming. Definitely learn "C" first as all of the Exploitation and Assembly courses below assume you know C: The bible is pretty much Dennis Richie and Kernighan's "The C Programming Language", and here is the .pdf (this book is from 1988, I don't think anyone would mind). I actually prefer Kochan's book "Programming in C" which is very beginner freindly and was written in 2004 rather than 1988 making the language a little more "up to date" and accessible. There are plenty of "C Programming" tutorials on YouTube that you can use in conjunction with either of the aforementioned books as well. After learning C than you can try out some other languages. I personally suggest Python as it is very beginner friendly and is well documented. Ruby isn't a bad choice either.

  2. Architecture and Computer basics:
    Generally you'll probably want to look into IA-32 and the best starting point is the Intel Architecture manual itself, the .pdf can be found here (pdf link).
    Because of the depth of that .pdf I would suggest using it mainly as a reference guide while studying "Computer Systems: A Programmers Perspective" and "Secrets of Reverse Engineering".

  3. Operating Systems: Choose which you want to dig into: Linux or Windows, and put the effort into one of them, you can come back to the other later. I would probably suggest Linux unless you are planning on specializing in Malware Analysis, in which case I would suggest Windows. Linux: No Starch's "How Linux Works" is a great beginner resource as is their "Linux Command Line" book. I would also check out "Understanding the Linux Kernel" (that's a .pdf link). For Windows you can follow the Windows Programming wiki here or you can buy the book "Windows System Programming". The Windows Internals books are generally highly regarded, I didn't learn from them I use them more as a reference so I an't really speak to how well they would teach a "beginner".

  4. Assembly: You can't do much better than OpenSecurityTraining's "Introductory Intel x86: Architecture, Assembly, Applications, & Alliteration" class lectures from Xeno Kovah, found here. The book "Secrets of Reverse Engineering" has a very beginner friendly introduction to Assembly as does "Hacking: The Art of Exploitation".

  5. Exploitation: OpenSecurityTraining also has a great video series for Introduction to Exploits. "Hacking: The Art of Exploitation" is a really, really good book that is completely self-contained and will walk you through the basics of assembly. The author does introduce you to C and some basic principles of Linux but I would definitely suggest learning the basics of C and Linux command line first as his teaching style is pretty "hard and fast".

  6. Specialized fields such as Cryptology and Malware Analysis.


    Of course if you just want to do "pentesting/vuln assessment" in which you rely more on toolsets (for example, Nmap>Nessus>Metasploit) structured around a methodology/framework than you may want to look into one of the PACKT books on Kali or backtrack, get familiar with the tools you will use such as Nmap and Wireshark, and learn basic Networking (a simple CompTIA Networking+ book will be a good enough start). I personally did not go this route nor would I recommend it as it generally shys away from the foundations and seems to me to be settling for becoming comfortable with tools that abstract you from the real "meat" of exploitation and all the things that make NetSec great, fun and challenging in the first place. But everyone is different and it's really more of a personal choice. (By the way, I'm not suggesting this is "lame" or anything, it was just not for me.)

    *edited a name out





u/icytrues · 19 pointsr/AskNetsec
  • The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System, 2nd Edition (2012)

    This book covers rootkit development, not analysis, on Windows 7 and x86/IA32. It's a must read, if you're interested in rootkits.

  • Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats (Release date set to january 2019)

    While not yet released, it looks very promising. Over the years, Microsoft has continually introduced better protections against rootkits and malware in Windows. Among other things, the book will cover how some of the rootkits/bootkits seen in the wild have bypassed protections such as Secure Boot, kernel-mode signing, Patch Guard and Device Guard.

    I'd also recommend having a look at the following books:

  • Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software (2012)

  • Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation 1st Edition (2014)

  • The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory 1st Edition (2014)


    Also, Windows Internals for both Windows 7 and Windows 10 is a great reference to have laying around.
u/Snackman11 · 16 pointsr/computerforensics

Digital Forensic workbook is a great source for building foundational knowledge on many of the general computer forensic techniques. It covers info such as file system forensics, acquisition, software write blocking, registry analysis, email analysis, internet history analysis, recovering data in unallocated space, etc. Labs are included with the book so you can test the content learned against sample data.

Learning Malware Analysis Guides you through static analysis, dynamic analysis, using IDA pro, and other dismembers to determine the intent of malicious files.

Practical Malware Analysis

Wireshark Network Analysis

u/_o7 · 13 pointsr/HowToHack

Copy paste from a post I made earlier

Malware RE isn't really all that much voodoo as it seems, you take the executable and break it down into steps.

First check out the PE headers and find what strings you can, characteristics. Figure out if the malware is packed or not.

A quick and dirty way to get an idea of what it does it run it with certain tools on the system and a linux box to intercept all network communications. This is called behavioral analysis.

After that you can load it into a disassembler like IDA Pro and start looking for interesting functions or windows API calls. Things like WriteFile, VirtualAllocEx, ReadFile then figure out that they are doing.

After that you can take it into your debugger (I like OllyDbg) and set some breakpoints at interesting functions to see what the malware is doing in the stack. Like I said, its not voodoo once you look into it further.

Creating the malware is a whole different story and outside my skill set. In fact I hate programming and know only high level programming, basically I can interpret code and what it wants to do. But I have an easier time reading Assembly (lol) than something like C++. But coding malware is just like coding anything else, design it for what you want it to do and get to work. Stuff like Stuxnet had probably at a minimum 10 extremely talented coders behind it.

Here is a great list of learning sources.

Cybrary.it Malware Analysis Course - Free

Opensource Malware Analysis Course - Free

Dr. Fu's Malware Analysis Course - Free

OpenSecurityTraining.info - Free

SANS FOR610 Reverse Engineering and Malware Analysis - Expensive

Practical Malware Analysis

Practical Reverse Engineering

Malware Analyst's Cookbook

u/B_Byte · 12 pointsr/AskNetsec

I'd suggest you first take an ASM course.
This would be a great start
http://opensecuritytraining.info/Training.html
Next, you have two options.
You can get this awesome book
https://www.amazon.com/Practical-Malware-Analysis-Hands-Dissecting/dp/1593272901
or you can start with this course
https://samsclass.info/126/126_S16.shtml
which is a reduced version of the book.

After you're done, I think the best thing to do is to find someone who can sponsor you to attend SANS 610 course.

u/Nezteb · 11 pointsr/C_Programming

Some physical book recommendations:

u/Deterministic · 11 pointsr/itsaunixsystem

This really isn't as ridiculous as people are making it out to be. Encryption is commonly employed in malware as an anti-reverse-engineering measure. When you're a malware author and you want to make it harder for a malware analysis lab to figure out what it is that you did with a piece of malware (say you're targeting this malware at stealing credit card information, navigating a corporate network, compromising admin accounts within a company, etc.) you can encrypt your actual program code and include a snippet of code that runs on execution to decrypt the code by reading, decrypting, and writing back the region of memory where the encrypted code lives. This makes it a bit more annoying for a malware analyst to disassemble your malware and figure out what it's doing.

Python 6 is a bit silly though. Python 2.7 will be in use until the end of time.


For anyone curious about reading further, Practical Malware Analysis is a good resource.

u/Livelol · 10 pointsr/leagueoflegends

Best place to start is: http://www.amazon.com/Practical-Malware-Analysis-Dissecting-Malicious/dp/1593272901 ;)

Additionally, I study Computer Science & Systems Engineering, that helps a lot ;)

u/WellThenScrewIt · 9 pointsr/ReverseEngineering

Learn to write simple C programs. Then debug your own C programs, preferably in OS X or Linux using gcc/gdb. Then disassemble your own C code (learn how to disable optimization in the compiler; try it with no optimizaiton and then with increasing levels). Then look at C++ and (gasp) Visual BASIC and such. Turns out a ton of malware is written in these languages, and the snarl of garbage that you'll uncover that is just part of the auto-generated message handling stuff for VB will astound you, so don't start there...but it's important to understand those structures when you see them.

Then follow tutorials about reversing other programs. There are great books on this.

It helps a lot to know assembly language, but you'll tend to pick it up as you go.

You'll want better tools than just command-line disassemblers. I prefer IDA Pro.

There's a great book that uses IDA Pro with many examples to address precisely your questions.

Here's another great book on malware analysis that covers all kinds of tricks you might bump into when working on real targets.

I see all this as a long-term iterative exercise. It's fascinating.


u/everythingmalware · 9 pointsr/Malware

If you are debugging you can manipulate the execution path. For example, the IsDebuggerPresent function call returns a nonzero value when the program is running in the context of a debugger. In intel x86 asm, return values are generally stored in EAX. Next there will be a comparison between EAX and zero. If they don't match, the malware will typically terminate.

When using a debugger you can set EAX to 0 before the comparison takes place. This way even though you are debugging, the malware will not know it is running in the context of a debugger.

There are also ways where you can patch the executable to change sections of code. This way you won't have to manually change the register values each time. Instead everytime IsDebuggerPresent is called, it will take the execution path you want everytime.

Sorry if this is confusing, I'm not sure the best way to explain this. This is more advanced analysis techniques / reverse engineering, so if you don't know assembly then it might be over your head.

There are some good resources out there to learn though. Practical Malware Analysis is the go-to book. I've heard good things about the Leena tutorials on tuts4you. There was also a blogger called The Legend of Random (might be down) who made some cracking tutorials. I personally think a good way to learn is to write a simple windows program (using a higher level language) and reverse the binary. This way you know what the source code is and see what it looks like in ASM. (Make sure to do these in VMs or another isolated environment).

u/d1sr3 · 7 pointsr/Malware

This site contains a list of sites providing collections of malware samples : https://zeltser.com/malware-sample-sources/. If you haven't read any book about malware analysis yet I would recommend you to start with https://www.amazon.com/Practical-Malware-Analysis-Hands-Dissecting/dp/1593272901 since you could get yourself easily infected as a beginner

u/BinMapper · 6 pointsr/Malware

Some resources which will indirectly help you for GREM

https://amzn.com/1593272901

https://amzn.com/1118787315

https://amzn.com/1593272898

u/UnknownBinary · 5 pointsr/Malware

Practical Malware Analysis talks about how to set up a relatively secure analysis environment.

u/PM_ME_YOUR_SHELLCODE · 4 pointsr/RELounge

Reversing: Secrets of Reverse Engineering - Is probably the most common book recommendation. Its an older book (2005) but its about as gentle as it gets in terms of the core concepts but its missing a bit due to its age (32bit RE only). I'd liken it to something like Hacking: The Art of Exploitation for exploit developers. Its a solid book, it covers the fundamentals but it'll take a bit more work to get up to speed.

Practical Reverse Engineering - This one is a newer book (2014) while it doesn't cover as many topics as the above book, its less dated in what it does cover, and it does cast a wider net covering things you'll see today like ARM and x64 instead of just x86. I tend to recommend starting with this book, using Reversing and the next book as a reference if there is a chapter of interest.

Practical Malware Analysis - While this one has more traditional RE introduction, where it excels is in dynamic analysis and dealing with software that doesn't want to be analyzed. Now, its from 2012 and malware has changed since then, so its age certainly shows, but again fundamentals remain even if technical details change or are expanded upon.

Practical Binary Analysis - This is the newest book of the list (December 2018). It wouldn't use it alone, but after you've gone through any of the above books, consider this an add-on. Its focus is on dynamic analysis and its modern. I'll admit I haven't read the entire thing yet, but I've been pleased with what I have read.

Edit: s/.ca/.com/g

u/redhatGizmo · 4 pointsr/netsec

Are you talking about this book ?

u/PunkPen · 2 pointsr/CompTIA

Not a course, but a book. Practical Malware Analysis I have not read this book, yet, but it seems to be highly recommended in the field.

https://www.amazon.com/Practical-Malware-Analysis-Hands-Dissecting/dp/1593272901

u/specter800 · 2 pointsr/IAmA

Sec+ and a drive to grow and learn are pretty good. Network Security degrees are still in their infancy and I haven't interviewed anyone who has one that can differentiate themselves from people with certs. SANS certs like GCIH are nice but they're expensive as hell and probably not within the means of someone who can't leverage corporate education funding. Depending on what you want to do people can point you in the right direction. For example, if malware analysis/reverse-engineering are your thing, Practical Malware Analysis will give you a lot of knowledge that will help you. It's pretty overwhelming at first but just having touched on the concepts in the book will make you a more attractive hire.

u/[deleted] · 2 pointsr/technology

Oh you wanted books. For some reason I thought you wanted things to learn about, like you didn't think it was that easy or something.

The Art of Deception.

Pretty much anything by this guy.

This book gives you an insight to how the good guys go about fixing things once they go bad.

Metasploit is the novice's wet dream, as it's pretty easy to get started with and opens up a world of sophisticated exploits which wouldn't normally be available to someone new to the world of hacking.

Those are some books that might not get listed elsewhere, simply because they don't all literally tell you how to hack, as much as give you some idea as to what hacking means from different perspectives.

Edit: Reposting some of the other guy's books as he seems to think linking to publicly available materials is going to make some person on Reddit the next LulzSec 'mastermind' or something.

Hacking Exposed, Anti-Hacker Toolkit, Practical Malware Analysis, The Rootkit Arsenal, Steal This Computer Book.

You're not going to be a l33t h4x0r just by reading a few books, but you won't not be, either. :D

u/eagle2120 · 2 pointsr/ITCareerQuestions

There are a ton of different things you can do on the defensive side. The path here is a bit less defined because you can specialize in each of these areas with out ever really touching the other ones. But I think these are the most important skills as a defender, so I’ll break it up into three smaller chunks. For the most part, defender/Blue-team concepts draw from these skills, I’ve setup the courses in order, as some of these skills may feed into other areas.


IR:

u/CodeThree · 2 pointsr/Malware

For challenges you might want to check out the book Practical Malware Analysis

As mentioned by /u/pepe_le_shoe you could always research real malware using a Honeypot to grab some. Or set up a bait email account.

u/emtuls · 2 pointsr/ReverseEngineering

Sure thing! I don't do a whole lot of Malware RE, but where I started was with the book:

u/indigochill · 2 pointsr/HowToHack

Analyzing malware takes some learning, but fortunately there are books on this exact topic. For instance:

http://www.amazon.com/Practical-Malware-Analysis-Hands-Dissecting/dp/1593272901

Cybrary also has a course on it:

https://www.cybrary.it/course/malware-analysis/

u/darthsabbath · 2 pointsr/cscareerquestions

Okay so there are a couple of good places to start with malware. The first is Malware Analyst's Cookbook. It is a pretty decent beginner level resource.

From there, Practical Malware Analysis is excellent and goes a lot deeper.

For free resources I've heard good things about Dr. Fu's Malware Analysis Tutorials.

You will need to have a strong understanding of reverse engineering. I like Practical Reverse Engineering or Reverse Engineering for Beginners. The latter is free.

With RE comes assembly. I learned from the free book PC Assembly Language. The RE books should have some info on assembly as well.

You should also know the systems programming API and OS internals for whatever OS you're interested in. This is most likely Windows, so I recommend Windows System Programming and Windows Internals. You can find similar books for Linux and macOS too. Having a good understanding of C and C++ is helpful for this. Also get comfortable using your assembly level debugger on your OS of choice. WinDBG, x64dbg, and OllyDBG are all good on Windows. GDB is pretty much the default on Linux, and LLDB on macOS.

I also highly recommend some scripting language, whether it's Python, Ruby, Powershell or whatever for hacking up your own tools.

Lastly, there is a list on GitHub with a ton of helpful links.

I think that's enough for now.

As far as demand it's hard to say and probably depends a lot on where you're from. It's certainly not like the demand for webdevs but there's also not nearly as many people with the skillset. I'm not a malware analyst myself, I'm more focused on security research and embedded development.

I know those skills are especially high in demand around the Washington, DC area with defense contractors and government agencies. Especially if you can get a security clearance. Most other security firms I know of are always looking for good people with strong reversing and OS internals knowledge.

Let me know if you have any questions and I will try to answer.

u/rspic · 1 pointr/csMajors

Like qaisjp said, do a lot of CTFs.


Cyber security is a vast field with many potential sub-categories you can delve into: software reverse engineering, hardware reverse engineering, pentesting, cryptography, steganography etc. - The list is long.


For more info about ctf's and which ones are hosted:

  • https://ctftime.org/ctf-wtf/


    CTF's are usually separated into different subcategories and many people specialize in a few of them (not necessarily all), so I'd recommend you take a look around and see what you find interesting.


    Useful sites to visit:

  • https://www.hackthebox.eu/
  • https://overthewire.org/wargames/
  • https://ringzer0ctf.com
  • https://cryptopals.com/
  • http://ae27ff.meme.tips/
  • https://ctftime.org
  • https://nostarch.com/ (very HQ technical books)


    Reading CTF write-ups is also very useful, taking a look at how challenges are structured and how people solved them will give you insight into different ways of thinking about various problems. Reading a few might be a good idea, and perhaps you fill find a few categories that might be interesting: https://ctftime.org/writeups (Other write-ups may be found just by googling, a lot of blogs and github's out there)


    Personally, I am very reverse engineering focused so I will mostly be able to help you with resources in that area.


    RE links to take a look at:

  • https://github.com/wtsxDev/reverse-engineering
  • http://amzn.to/2jljYqE (Must read book if you want to delve into RE)
  • https://beginners.re/
  • https://revers.engineering/applied-reverse-engineering-series/ (a blog my friend made)


    If you do RE, coding is also vital (people tend to do C++ and/or C together with x86/x64 ASM, the latter which is essential for RE in the first place), but it is not exclusive to RE, coding is crucial in many if not all CTF categories and I think having a start as a programmer is a good way to enter parts of cyber security.


    There is also a reverse engineering discord, which I think you could benefit from, a lot of information can be found on there about various kinds of reversing:

    https://www.reddit.com/r/ReverseEngineering/comments/9n2qcb/join_the_reverse_engineering_discord_active/


    I think a lot also boils down to reading books, blogs etc. and having good knowledge of how various things work, the links above should be of help, and should lead you to other useful resources as well. You do not necessarily have to switch majors, good computer knowledge is very helpful, and most cyber sec people I know do either compsci, math + compsci, or just math. In the end it just boils to doing things however, and ctf's are a great way to do that.

    PS. With reversing you can also delve into game hacking which is super interesting and a lot of people do really funky shit with things like the windows kernel!

    If you have any questions about anything, feel free to ask.
u/Kkari · 1 pointr/HowToHack

Your welcome. :) If you are truly interested there is a pretty comprehensive book on practical malware analysis, I have never read it but I assume it demands a solid knowledge of the above mentioned topics.

https://www.amazon.com/Practical-Malware-Analysis-Hands-Dissecting/dp/1593272901/ref=sr_1_2?ie=UTF8&qid=1480495126&sr=8-2&keywords=malware

u/TheFakeITAdmin · 1 pointr/sysadmin

This is a pretty solid resource Practical Malware Analysis - Amazon

u/wishicouldpentest · 1 pointr/learnprogramming

I'm not too sure if this is the sort of answer you're looking for because it appears that you are pretty new to all this but...

If you read these books, then you will know everything you need (ranked by reward to required effort ratio):

https://www.amazon.com/Practical-Malware-Analysis-Hands-Dissecting/dp/1593272901

https://www.amazon.com/Practical-Reverse-Engineering-Reversing-Obfuscation/dp/1118787315

https://www.amazon.com/Windows-Internals-Part-architecture-management/dp/0735684189

However, the books might be pretty difficult to understand with how much you currently know.

u/Ampere_Sand · 1 pointr/cscareerquestions

Only have a few minutes to elaborate, but I'd recommend familiarizing yourself with the in and outs of the OSI networking stack like you plan to, and also study Operating Systems. A traditional OS class would be nice, but if you can complement that with a forensics class you will be balling.

It's also a good idea to figure out what subfield(s) of security you would like to pursue. Security is becoming so big and technical that it is almost impossible to be an expert in all aspects of security, so try them all and stick with 2-3 that you like - if the subfields complement each other you will make yourself an even stronger professional.

There's a ton of good resources online; if you make it a habit of browsing the links /u/eooe provided, you will learn about a lot more resources that will help. I would recommend the Life of Binaries class on http://opensecuritytraining.info/, and to add to the fun, Practical Malware Analysis by Sikorski is an amazing book on malware analysis that comes with exercises and labs that you can run with a pretty simple VM setup. The book describes how to set that up as well.

u/justjosh25 · 1 pointr/computerforensics

Check this out. Goes from really beginner levels stuff to more experienced by the end of the first section. This book will answer all your question about tool during all phases of forensics analysis. Hope it helps.

u/wither88 · 1 pointr/ReverseEngineering

https://www.amazon.com/Practical-Malware-Analysis-Hands-Dissecting/dp/1593272901

I rarely just recommend one source, since often authors have a specific take (say, a book might be targetted towards the academics, people who use a specific tool, or people who are doing some specific task) - but https://www.amazon.com/Practical-Malware-Analysis-Hands-Dissecting/dp/1593272901 is absolutely incredible from every angle.

Follow that with learning kernel syscall/monitoring tools [procexp,procmon,the sysinternals suite], disassembly tools[IDA/radare/whatever], and a debugger[WinDBG] + Mark's book on Windows Internals 6th edition both volumes (it's long but its worth it). And youre well on your way.

For Linux/BSD, look at kernelnewbies for Linux and the online handbook for at least FreeBSD, ktrace/ptrace/truss/strace for the syscall analysis type stuff, IDA/radare/hopper all are cross platform so you're golden there, and perhaps calling conventions (cdecl vs what-not).

u/granduh · 1 pointr/Ransomware

For anyone interested a good book to pick up is Practical Malware Analysis: https://www.amazon.com/Practical-Malware-Analysis-Hands-Dissecting/dp/1593272901