Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software 1st Edition, Kindle Edition

In depth coverage of major types of malware and their analysis. This book is over 10 years old, but the information is still pertinent and viable.

Before I begin, I have to disclose that I am a Mandiant employee, but I don't work directly with the authors of this book, nor do I have any sort of personal relationship with them. I have also published two books with No Starch Press. While I don't analyze malware exclusively for my job, I've done a fair amount of it as an auxiliary function of my work mostly focused on network security monitoring. I've also taken the SANS FOR610 Reverse Engineering Malware course and am GREM certified. I'd consider myself an experienced, but not expert level malware analyst.With that said, Practical Malware Analysis is one of my absolute favorite information security books. The topic of dissecting malware can be very daunting, as it requires a broad array of knowledge to be done effectively. You have to be able to interpret code, have a knowledge of internal system workings, and be able to read between the lines using an analysts intuition. I think this book does an excellent job relaying these concepts.PMA begins simply, starting with basic static and dynamic analysis. This also includes a discussion on setting up a virtual malware analysis lab. This is often enough to determine if a file malicious on its own. After this, the book quickly jumps to more advanced static and dynamic analysis concepts. PMA covers a wide away of topics, and touches on most every aspect of dissecting modern malware. If you are a beginner, then you will get plenty to sink your teeth into without feeling completely overwhelmed. If you are more experienced, you will find plenty of coverage of advanced topics, such as dealing with malware that has built in anti-debugging features.My favorite portion of PMA are the labs included with almost every chapter. The authors have taken the time to write custom "malware" and find existing malware samples that accompany each topic. These allow the reader to try out the skills they've just learned and then compare them against a set of answers in the back of the book. I wish more books did this.I work from home, and at my house I have a big bookshelf in my closet and a smaller bookshelf next to my desk. The books I've read that I don't use often are in the closet bookshelf. The books I've read that I use really often stay on the smaller shelf next to the desk. Not only does Practical Malware Analysis sit on the smaller bookshelf, it sits on the top of it along side such greats as "TCP/IP Illustrated." I think that is the best praise I can give a technical book.Simply put, If you want to learn how to analyze malware at a casual or advanced level, then PMA is THE book to purchase. Kudos to Sikorski and Honig on a job amazingly well done.

This book is surprisingly easy to read and very informative - if you have an IT background. It is not, however, a book for beginners.At the very least, you must have a working understanding of Assembly language and the x86 architecture. With little exception, almost all advanced analysis occurs at the assembly level. The book does not spend time teaching assembly. It jumps right into the assembly code and takes off running. If you do not understand assembly code, don't even bother picking up this book (or attempting to be a malware analyst).Secondly, you will need to have a solid understanding of the C programming language. Much of the assembly code you will be analyzing originated from a disassembled program originally written in C.Your main home computer is not ideal for analyzing malware. In many cases, you have to actually run the malware to see what it does.Therefore, a virtualization environment is preferred. Unless you already have access to a virtualized lab, familiarity with VMware (or equivalent) is very helpful for setting up your own lab.Experience with the Windows API, registry, DLLs, and basic file structure is also helpful. All of the sample malware is tailored for Windows computers. There is an entire chapter on the Windows API to get you up to speed if you only have a basic knowledge.Basic knowledge of Linux is also helpful. There are a handful of analysis tools that are Linux based. You will need to have at least one Linux (virtual machine preferred) to perform some of the labs.A basic understanding of TCP/IP networks is also good to have. Many of the malware files have a networking component.Lacking any of these skill sets will make reading this book very difficult.The best parts of this book are the labs at the end of the chapters. You will work on actual malware (slightly modified to be less dangerous) using tools and techniques learned in the corresponding chapter. The labs guide you through important parts of the malware, and there is a detailed explanation at the end of the book describing, in detail, how the malware does its thing and how you, as the analyst, can discover its secrets.Most of the tools used in this book are widely available and free to use. A whole chapter is dedicated to the main tools so you get extra exposure to the important software you will be using as a professional analyst.

The manuscript is outdated. Most advanced malware is repurposed State Sponsored malware which effectively targets NVMs (BIOS,CMOS,UEFI,GPU) and, once installed -- can persist after firmware and driver update, an OS reinstall, and even hard drive replacement or removal; and thus in essence cannot be removed.This book in no way shows how to build tools or formalized analysis techniques to protect our companies, our IP, or our hardware from asymmetric malware attacks.Just go and get the college degree. I doubt they'll ever publish the skills you will really need in a single one volume book.A top forensic malware analyst is still a post PHD level Electrical Engineer whom has a deep specialization in Computer Hardware along with a minor in Theoretical Mathematics, and a GS6+ state level security clearance; in this age of cyber warfare, nothing less than this level of experience and education will suffice.

某国のサイバー対処部隊で、教程として採用しようとされていた(洋書の為流れたが)本です。初心者がマルウェアの解析をするのに必要な知識が無理無く段階的に身につきます。英語も平易ですので、恐れることはありません。

様々な類似解説書・本がありますけど、これが現在最高と思います。英語なので若干とっつき難い感じがしますが、内容は実にシンプルで初心者の人でも努力すれば検体解析のスキル向上に役立てられる参考書の一つです。

結構高くて厚い洋書ですが、日本で書かれたレビューがいくつかあって、この本の出版当時は他にめぼしい解説書が無かったこととマルウェア解析というのはそれなりに需要がある分野らしいことが窺われます。それはともかくとしても、この本はかなり厚いので、｢教師あり学習｣を前提とした教科書として、ある程度の時間をかけて勉強をするのであれば構わないと思いますが、他のレビューに書かれているほど読みやすい英語でもないので(そういう人はほとんどいないと思いますが)予備知識が無い初学者にはお薦めしません。またこの本の出版時期が少し古いのでGhidraが載っていないのは仕方がないとしても、『初めてのマルウェア解析』には解説があったメモリフォレンジックについても言及がないので、今だったら無理にこの本を買わなくても、とりあえずは(こちらもGhidraは載っていませんが)『初めてのマルウェア解析』で勉強した方が良さそうです。

I'm following a Reverse Engineering course so I decided to follow this book while studying for the certification.I followed this book more than the study materials, to many new things. I'm gonna re-read it because it is very well done and lovely.This book is essential even for exploit development because teaches you malware behaviour.If you know the C programming language, how to stack and registers work you're welcome, if not "the art of exploitation" and then this book

La guía imprescindible de análisis de malware!! Es absolutamente increíble. Muchísima cantidad de ejercicios de prácticas, con sus soluciones.Montar tu lab de análisis, técnicas para evadir antivirus, el análisis en VMs, como poder realizarlo... lo que quiero decir es que trae contenido para realizar las ténicas de análisis y como pueden realizarse sus contramedidas.No puedo decir nada más de este libro, si buscas algo referente a malware, estás tardando en comprarlo, va a ser tu biblia!!