Top products from r/Malware

Some thoughts:

I've had people recommend the following books:

• Malware Analyst's Cookbook
  
  
• The Art of Memory Forensics
  
  
• For the next 23 hours or so, there's a Humble Bundle about hacking that might have some pertinent stuff (you already have PMA, but there's some other things that could be useful, and it's an amazing price)
  
  Other resources:
  
  
• Lenny Zeltser's site
  
  
• Dennis Yurichev's huge book on RE, available in a "lite" version as well as Russian
  
  
• He also has a challenge page if you want to try RE yourself

If you are debugging you can manipulate the execution path. For example, the IsDebuggerPresent function call returns a nonzero value when the program is running in the context of a debugger. In intel x86 asm, return values are generally stored in EAX. Next there will be a comparison between EAX and zero. If they don't match, the malware will typically terminate.

When using a debugger you can set EAX to 0 before the comparison takes place. This way even though you are debugging, the malware will not know it is running in the context of a debugger.

There are also ways where you can patch the executable to change sections of code. This way you won't have to manually change the register values each time. Instead everytime IsDebuggerPresent is called, it will take the execution path you want everytime.

Sorry if this is confusing, I'm not sure the best way to explain this. This is more advanced analysis techniques / reverse engineering, so if you don't know assembly then it might be over your head.

There are some good resources out there to learn though. Practical Malware Analysis is the go-to book. I've heard good things about the Leena tutorials on tuts4you. There was also a blogger called The Legend of Random (might be down) who made some cracking tutorials. I personally think a good way to learn is to write a simple windows program (using a higher level language) and reverse the binary. This way you know what the source code is and see what it looks like in ASM. (Make sure to do these in VMs or another isolated environment).

+1 for mentioning malwareunicorns Reverse Engineering Malware 101 course. I'm pretty excited about starting that after I'm done with some Powershell stuff.

Books for: /u/Kreator333 and /u/curiousdoggo

C/C++:

• The C Programming Language (2nd Edition) - K&R is fine for fundementals.
  
  
• Pointers on C the sections on pointers are phenomenal. The author explains them in great depth with lots of examples.
  
  
• TBH I haven't learned C++ yet but this definitive guide/list looks promising.
  
  Assembly/C:
  
  
• Hacking The Art of Exploitation 2nd Edition. Mainly the chapter on programming which pretty much has everything you need. It can get you started with C and ASM and how they compare by stepping through examples using GDB, etc.. Read this if you really want to hit the ground running and then jump into those other books you mentioned OP.
  
  Also OP while your learning the basics here do as many examples as you can. Don't just read it and assume you know everything. For C you can try coding a bunch of classical ciphers and for ASM, debug the assembly of simple programs in gdb. (check out godbolt) or try coding a echo client/server in Nasm.
  

https://handlers.sans.org/tliston/ThwartingVMDetection_Liston_Skoudis.pdf

This is it but you could also patch the instructions with nops instead of jumping with a little understanding of asm. Its good to learn.


This book is a gold mine:


Learning Malware Analysis: Explore the concepts, tools, and techniques to analyze and investigate Windows malware https://www.amazon.com/dp/B073D49Q6W/ref=cm_sw_r_cp_api_6fWVBb5VJV91Z

Hope it helps.

OP is a good guy and shitposts incessantly answers a lot of questions on Twitter. I have every confidence the book is well worth the $35 price of admission. This is the direct link to the Amazon page as well, non-affiliate.

I don't know any beginning X86 Assembly books but this is the closest thing I could find and strongly recommend you read this online or purchase it:

Assembly Language for Intel-Based Computers

Python:
Python for Informatics

Learning Python

I personally used these books in college

C/C++:
Please see SADISTICBLUE's comment above.

If you go wired instead of wireless you could use a network tap. You will see other traffic (ARP, etc.) but I don't think there's a way to solve this regardless of the solution, not from the hardware side. It is easy enough to filter out in Wireshark though.

https://www.amazon.com/midBit-Technologies-LLC-100-1000/dp/B0175EODCE/

Or much cheaper, but not bi-directional unless you reassemble the streams:

https://hakshop.com/products/throwing-star-lan-tap

Or some USB NICs and use computer.

Countdown to Zero Day by Kim Zetter is a good read (amazon)

Some resources which will indirectly help you for GREM

https://amzn.com/1593272901

https://amzn.com/1118787315

https://amzn.com/1593272898

I bought this one and like it a lot. It even comes with a disk with some neutered examples to analyze.

Practical Malware Analysis talks about how to set up a relatively secure analysis environment.

sure is. Go buy my book. https://www.amazon.com/Building-Virtual-Machine-Labs-Hands/dp/1546932631

This site contains a list of sites providing collections of malware samples : https://zeltser.com/malware-sample-sources/. If you haven't read any book about malware analysis yet I would recommend you to start with https://www.amazon.com/Practical-Malware-Analysis-Hands-Dissecting/dp/1593272901 since you could get yourself easily infected as a beginner

For challenges you might want to check out the book Practical Malware Analysis

As mentioned by /u/pepe_le_shoe you could always research real malware using a Honeypot to grab some. Or set up a bait email account.

You need more ram. 1GB is nowhere near enough for windows 7.
You also might want to read this and set up a lab. Or use vmware player and don't give the guest any network access. That said, I don't have a clue about malware analysis. ¯\_(ツ)_/¯

You don't really need to learn to write ASM. But if this is something you wan't to do then the book I used was Kip Irvines Assembly Language. https://www.amazon.com/Assembly-Language-x86-Processors-7th/dp/0133769402/ref=sr_1_1?ie=UTF8&qid=1518658846&sr=8-1&keywords=kip+irvine

The IDE I use is http://www.visualmasm.com/ and you have to install the MASM assembler http://www.masm32.com/

This is all assuming you're running a windows environment.

I use this box to format and secure erase USB (anything, not just flash drives, but memory cards via USB adapters) https://www.amazon.com/StarTech-com-Standalone-Duplicator-Eraser-Copier/dp/B00BOK3NQI

My thought is using this hardware thing is much less likely to get infected than doing it through any PC, works pretty fast, no problems yet.