Getting Started With Malware Analysis

If you’re interested in getting into malware analysis, take a look at my recent blog posting on the SANS Forensics Blog: How to Get Started With Malware Analysis. It outlines the articles and webcasts I published on this topic and recommends a few good books and web forums.

In addition to the resources I listed in that blog posting, here are a few x86 assembly language tutorials and books available for free on-line:

Knowing assembly will help you reverse-engineer malicious code. However, most of the books on assembly are designed to teach you how to write in assembly. That’s a good skill to have, but analyze malware it’s sufficient to know how to read assembly. So don’t let assembly overwhelm you—you can get started by knowing just a few key assembly constructs.

Why am I talking about malware analysis? I’ve been teaching security professionals to analyze malware since 2002. My reverse-engineering malware course acts as a springboard for individuals looking to excel in this discipline, but not everyone has a training budget.


About the Author

Lenny Zeltser is a seasoned business and tech leader with extensive cybersecurity experience. He builds innovative endpoint defense solutions as VP of Products at Minerva Labs. Beforehand, he was responsible for security product management at NCR Corp. Lenny also trains incident response and digital forensics professionals at SANS Institute. An engaging presenter, he speaks at industry events, writes articles and has co-authored books. Lenny has earned the prestigious GIAC Security Expert designation, has an MBA from MIT Sloan and a Computer Science degree from the University of Pennsylvania.

Learn more