Book Review: "Practical Malware Analysis"
Just started reading "Practical Malware Analysis, The Hands-On Guide to Dissecting Malicious Software" by Michael Sikorski and Andrew Honig, and this is really a 'zero to hero' type of book. It starts off simple enough, with basic analysis of binaries, but soon ramps up to all kinds of forensics and reversing techniques. It dosn't save you any of the gory details, showing tons of assembly code and windows systems internals along the way. It even dives into some more advanced stuff, such as dealing with malware that employs anti-disasembly, anti-debugging, and anti-virtual machine techniques. I would recommend this book to experienced computer scientists, penetration testers, and really anyone that is looking to get into reverse engineering. Overall I give this book 9 / 10 stars because it's really one of the best places to start learning reverse engineering, especially when talking about examining malware.
The book, while a little pricey, can be bought the cheapest on Kindle, or through a re-seller. And it's really worth it, to quote Chris Eagle (who wrote the Ida Pro Book, arguably one of the most advanced reverse engineering tools), "[Practical Malware Analysis is] the most comprehensive guide to analysis of malware, offering detailed coverage of all the essential skills required to understand the specific challenges presented by modern malware." And this is the guy has been on multiple winning DefCon CTF teams, both ddtek and Sk3wl of r00t, and has even helped host the DefCon CTF.
Here is a really great intro to the book, recorded by the authors themselves, who you can tell are extremely knowledgeable on the subject:
The authors of the book also put out some free malware reverse engineering labs, for those up to the challenge. Take caution, as this is real malware, so read the book and build out a test environment at the very least. I really enjoy working with the open source tools on the live examples they provide, alongside reading the lessons, as this really cements the knowledge for me. http://practicalmalwareanalysis.com/labs/
But don't take my word for it, there are a ton of excellent reviews out there!! The NoStarchPress page not only outlines the chapters in a nice format, but also has a collection of reviews from places like IEEE to SANS. NoStarch even offers a sample chapter, just so you can get a feel for how quality this book really is. http://www.nostarch.com/malware
