Malware Analysis Resources and Reading List

This is a list of the main resources that I’ve been using to learn about malware and malware analysis.

Books

This book list is arranged in descending order by scope. It begins with a broad introduction to malware and malware analysis before diving deeper into specific tools and languages. I will update the list with my impressions of each book as I finish it.

• The Art of Computer Virus Research & Defense by Peter Szor
• Practical Malware Analysis by Michael Sikorski and Andrew Honig
• Rootkits and Bootkits by Alex Matrosov, Eugene Rodionov, and Sergey Bratus
• Malware Data Science by Joshua Saxe with Hillary Sanders
• Malware Analyst’s Cookbook by Michael Ligh, Steven Adair, Blake Hartstein and Matthew Richard
• The Art of Memory Forensics by Michael Hale Ligh, Andrew Case, Jamie Levy and Aaron Walters
• Practical Binary Analysis by Dennis Andriesse
• Practical Forensic Imaging by Bruce Nikkel
• The Ghidra Book by Chris Eagle and Kara Nance
• IDA Pro Book, 2nd Ed. by Chris Eagle
• Effective C by Robert C. Seacord
• C++ Crash Course by Josh Lospinoso
• The Art of Assembly Language, 2nd Ed. by Randall Hyde
• The Art of 64-bit Assembly, Vol. 1 by Randall Hyde

Videos

• MalwareAnalysisForHedgehogs: A professional malware analyst’s channel. The whiteboard style malware theory playlist is particularly good.
• Crow: A great, well produced new channel with an in-progress series on malware development.
• danooct1: Lots of demonstrations of vintage viruses.
• John Hammond Malware Analysis Playlist: It’s John Hammond, if you’re interested in security you’ve seen his videos. Good stream-of-consciousness malware analysis.
• OALabs: Livestreams of malware analysis as well as more detailed videos on analysis techniques and tools.
• 13cubed: Has some fantastic playlists on malware analysis, memory forensics and Windows forensics.
• Defcon Talks: Lots of good presentations on specific malware topics.

Courses

• TCM Security Practical Malware Analysis & Triage: great course on dynamic and static malware analysis. Walks you through setting up a lab and you get hands-on experience reversing real malware samples.
• MalDev Academy: an in-depth course on malware development for Windows. Useful for understanding the techniques used by malware authors.

Blogs

• 0xrick: Really nice series of posts on the Window’s PE file format.
• c3rb3ru5d3d53c: An experienced malware analyst and reverse engineer who has articles on a range of analysis topics.
• Lenny Zeltser: The blog of the guy who put together REMnux and teaches malware analysis at SANS. Tons of great advice.

Malware Sources

• theZoo: A git repo with lots of live binaries and source code.
• Malware Bazaar: Well designed virus share from abuse.ch.
• VX Underground: My favorite malware source. Includes tons of live samples, source code, and a large collection of malware-related scientific papers.
• Virus Share: Requires registration, but is a truly massive archive of malware.