Top products from r/Malware
We found 25 product mentions on r/Malware. We ranked the 17 resulting products by number of redditors who mentioned them. Here are the top 20.
1. Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
Sentiment score: 2
Number of reviews: 5
No Starch Press
2. Building Virtual Machine Labs: A Hands-On Guide
Sentiment score: 1
Number of reviews: 3
3. Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
Sentiment score: 1
Number of reviews: 2
Wiley Publishing
4. Learning Python, 5th Edition
Sentiment score: 1
Number of reviews: 1
O'Reilly Media
5. Learning Malware Analysis: Explore the concepts, tools, and techniques to analyze and investigate Windows malware
Sentiment score: 1
Number of reviews: 1
6. SharkTap Gigabit Network Sniffer
Sentiment score: 1
Number of reviews: 1
The SharkTap is a special purpose ethernet switch that allows you to 'tap into' an ethernet connection. It is intended to be used with the free Wireshark network analyzer or equivalent.Conventional switches route packets only to the intended destination port, reducing traffic, but preventing a third...
7. StarTech.com 1:2 Standalone USB Duplicator and Eraser - Memory Stick Cloner - USB 2.0 Flash Drive Copier / Thumb Eraser (USBDUP12),Black
Sentiment score: -1
Number of reviews: 1
DUPLICATE OR ERASE TWO USB DRIVES: The standalone USB duplicator lets you duplicate or wipe two USB drives simultaneously, without having to connect to a host computer.NO NEED TO WAIT: The USB cloner supports both asynchronous and synchronous duplication. Asynchronous duplication lets you remove and...
8. The IDA Pro Book, 2nd Edition: The Unofficial Guide to the World's Most Popular Disassembler
Sentiment score: 0
Number of reviews: 1
Used Book in Good Condition
9. Hacking: The Art of Exploitation, 2nd Edition
Sentiment score: 1
Number of reviews: 1
No Starch Press
10. Python for Informatics: Exploring Information
Sentiment score: 1
Number of reviews: 1
11. C Programming Language, 2nd Edition
Sentiment score: 1
Number of reviews: 1
Prentice Hall
12. The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory
Sentiment score: 1
Number of reviews: 1
Wiley
13. Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation
Sentiment score: 0
Number of reviews: 1
John Wiley Sons
14. Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon
Sentiment score: 0
Number of reviews: 1
Broadway Books
Some thoughts:
I've had people recommend the following books:
Other resources:
If you are debugging you can manipulate the execution path. For example, the IsDebuggerPresent function call returns a nonzero value when the program is running in the context of a debugger. In intel x86 asm, return values are generally stored in EAX. Next there will be a comparison between EAX and zero. If they don't match, the malware will typically terminate.
When using a debugger you can set EAX to 0 before the comparison takes place. This way even though you are debugging, the malware will not know it is running in the context of a debugger.
There are also ways where you can patch the executable to change sections of code. This way you won't have to manually change the register values each time. Instead everytime IsDebuggerPresent is called, it will take the execution path you want everytime.
Sorry if this is confusing, I'm not sure the best way to explain this. This is more advanced analysis techniques / reverse engineering, so if you don't know assembly then it might be over your head.
There are some good resources out there to learn though. Practical Malware Analysis is the go-to book. I've heard good things about the Leena tutorials on tuts4you. There was also a blogger called The Legend of Random (might be down) who made some cracking tutorials. I personally think a good way to learn is to write a simple windows program (using a higher level language) and reverse the binary. This way you know what the source code is and see what it looks like in ASM. (Make sure to do these in VMs or another isolated environment).
+1 for mentioning malwareunicorns Reverse Engineering Malware 101 course. I'm pretty excited about starting that after I'm done with some Powershell stuff.
Books for: /u/Kreator333 and /u/curiousdoggo
C/C++:
Assembly/C:
Also OP while your learning the basics here do as many examples as you can. Don't just read it and assume you know everything. For C you can try coding a bunch of classical ciphers and for ASM, debug the assembly of simple programs in gdb. (check out godbolt) or try coding a echo client/server in Nasm.
https://handlers.sans.org/tliston/ThwartingVMDetection_Liston_Skoudis.pdf
This is it but you could also patch the instructions with nops instead of jumping with a little understanding of asm. Its good to learn.
This book is a gold mine:
Learning Malware Analysis: Explore the concepts, tools, and techniques to analyze and investigate Windows malware https://www.amazon.com/dp/B073D49Q6W/ref=cm_sw_r_cp_api_6fWVBb5VJV91Z
Hope it helps.
OP is a good guy and
shitposts incessantlyanswers a lot of questions on Twitter. I have every confidence the book is well worth the $35 price of admission. This is the direct link to the Amazon page as well, non-affiliate.I don't know any beginning X86 Assembly books but this is the closest thing I could find and strongly recommend you read this online or purchase it:
Assembly Language for Intel-Based Computers
Python:
Python for Informatics
Learning Python
I personally used these books in college
C/C++:
Please see SADISTICBLUE's comment above.
If you go wired instead of wireless you could use a network tap. You will see other traffic (ARP, etc.) but I don't think there's a way to solve this regardless of the solution, not from the hardware side. It is easy enough to filter out in Wireshark though.
https://www.amazon.com/midBit-Technologies-LLC-100-1000/dp/B0175EODCE/
Or much cheaper, but not bi-directional unless you reassemble the streams:
https://hakshop.com/products/throwing-star-lan-tap
Or some USB NICs and use computer.
Countdown to Zero Day by Kim Zetter is a good read (amazon)
Some resources which will indirectly help you for GREM
https://amzn.com/1593272901
https://amzn.com/1118787315
https://amzn.com/1593272898
I bought this one and like it a lot. It even comes with a disk with some neutered examples to analyze.
Practical Malware Analysis talks about how to set up a relatively secure analysis environment.
sure is. Go buy my book. https://www.amazon.com/Building-Virtual-Machine-Labs-Hands/dp/1546932631
This site contains a list of sites providing collections of malware samples : https://zeltser.com/malware-sample-sources/. If you haven't read any book about malware analysis yet I would recommend you to start with https://www.amazon.com/Practical-Malware-Analysis-Hands-Dissecting/dp/1593272901 since you could get yourself easily infected as a beginner
For challenges you might want to check out the book Practical Malware Analysis
As mentioned by /u/pepe_le_shoe you could always research real malware using a Honeypot to grab some. Or set up a bait email account.
You need more ram. 1GB is nowhere near enough for windows 7.
You also might want to read this and set up a lab. Or use vmware player and don't give the guest any network access. That said, I don't have a clue about malware analysis. ¯\_(ツ)_/¯
You don't really need to learn to write ASM. But if this is something you wan't to do then the book I used was Kip Irvines Assembly Language. https://www.amazon.com/Assembly-Language-x86-Processors-7th/dp/0133769402/ref=sr_1_1?ie=UTF8&qid=1518658846&sr=8-1&keywords=kip+irvine
The IDE I use is http://www.visualmasm.com/ and you have to install the MASM assembler http://www.masm32.com/
This is all assuming you're running a windows environment.
I use this box to format and secure erase USB (anything, not just flash drives, but memory cards via USB adapters) https://www.amazon.com/StarTech-com-Standalone-Duplicator-Eraser-Copier/dp/B00BOK3NQI
My thought is using this hardware thing is much less likely to get infected than doing it through any PC, works pretty fast, no problems yet.