If you’re interested in getting into malware analysis, take a look at my recent blog posting on the SANS Forensics Blog: How to Get Started With Malware Analysis. It outlines the articles and webcasts I published on this topic and recommends a few good books and web forums.
In addition to the resources I listed in that blog posting, here are a few x86 assembly language tutorials and books available for free on-line:
- Assembly Language Tutorial by Haran
- PC Assembly Language by Paul A. Carter
- The Art of Assembly Language Programming by Randy Hyde
Knowing assembly will help you reverse-engineer malicious code. However, most of the books on assembly are designed to teach you how to write in assembly. That’s a good skill to have, but analyze malware it’s sufficient to know how to read assembly. So don’t let assembly overwhelm you—you can get started by knowing just a few key assembly constructs.
Why am I talking about malware analysis? I’ve been teaching security professionals to analyze malware since 2002. My reverse-engineering malware course acts as a springboard for individuals looking to excel in this discipline, but not everyone has a training budget.