Getting Started With Malware Analysis

If you’re interested in getting into malware analysis, take a look at my recent blog posting on the SANS Forensics Blog: How to Get Started With Malware Analysis. It outlines the articles and webcasts I published on this topic and recommends a few good books and web forums.

In addition to the resources I listed in that blog posting, here are a few x86 assembly language tutorials and books available for free on-line:

Knowing assembly will help you reverse-engineer malicious code. However, most of the books on assembly are designed to teach you how to write in assembly. That’s a good skill to have, but analyze malware it’s sufficient to know how to read assembly. So don’t let assembly overwhelm you—you can get started by knowing just a few key assembly constructs.

Why am I talking about malware analysis? I’ve been teaching security professionals to analyze malware since 2002. My reverse-engineering malware course acts as a springboard for individuals looking to excel in this discipline, but not everyone has a training budget.

Updated

About the Author

Lenny Zeltser is a seasoned business and technology leader with extensive information security experience. He builds innovative endpoint defense solutions as VP of Products at Minerva. He also trains incident response and digital forensics professionals at SANS Institute. Lenny frequently speaks at industry events, writes articles and has co-authored books. He has earned the prestigious GIAC Security Expert designation, has an MBA from MIT Sloan and a Computer Science degree from the University of Pennsylvania.

Learn more