Getting Started With Malware Analysis

If you’re interested in getting into malware analysis, take a look at my recent blog posting on the SANS Forensics Blog: How to Get Started With Malware Analysis. It outlines the articles and webcasts I published on this topic and recommends a few good books and web forums.

In addition to the resources I listed in that blog posting, here are a few x86 assembly language tutorials and books available for free on-line:

Knowing assembly will help you reverse-engineer malicious code. However, most of the books on assembly are designed to teach you how to write in assembly. That’s a good skill to have, but analyze malware it’s sufficient to know how to read assembly. So don’t let assembly overwhelm you—you can get started by knowing just a few key assembly constructs.

Why am I talking about malware analysis? I’ve been teaching security professionals to analyze malware since 2002. My reverse-engineering malware course acts as a springboard for individuals looking to excel in this discipline, but not everyone has a training budget.

Updated

About the Author

Lenny Zeltser develops teams, products, and programs that use information security to achieve business results. Over the past two decades, Lenny has been leading efforts to establish resilient security practices and solve hard security problems. As a respected author and speaker, he has been advancing cybersecurity tradecraft and contributing to the community. His insights build upon 20 years of real-world experiences, a Computer Science degree from the University of Pennsylvania, and an MBA degree from MIT Sloan.

Learn more