- Paperback: 800 pages
- Publisher: No Starch Press; 1 edition (February 1, 2012)
- Language: English
- ISBN-10: 1593272901
- ISBN-13: 978-1593272906
- Product Dimensions: 7.1 x 1.4 x 9.3 inches
- Shipping Weight: 2.7 pounds (View shipping rates and policies)
- Average Customer Review: 88 customer reviews
- Amazon Best Sellers Rank: #23,496 in Books (See Top 100 in Books)
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
Practical Malware Analysis: A Hands-On Guide to Dissecting Malicious Software 1st Edition
Use the Amazon App to scan ISBNs and compare prices.
All Books, All the Time
Read author interviews, book reviews, editors picks, and more at the Amazon Book Review. Read it now
Frequently bought together
Customers who bought this item also bought
Praise for Practical Malware Analysis
“The book every malware analyst should keep handy.”
--Richard Bejtlich, CSO, Mandiant & Founder of TaoSecurity
“An excellent crash course in malware analysis.”
--Dino Dai Zovi, Independent Security Consultant
“. . . the most comprehensive guide to analysis of malware, offering detailed coverage of all the essential skills required to understand the specific challenges presented by modern malware.”
--Chris Eagle, Senior Lecturer of Computer Science at the Naval Postgraduate School
“A hands-on introduction to malware analysis. I'd recommend it to anyone who wants to dissect Windows malware.”
--Ilfak Guilfanov, Creator of IDA Pro
“. . . a great introduction to malware analysis. All chapters contain detailed technical explanations and hands-on lab exercises to get you immediate exposure to real malware.”
--Sebastian Porst, Google Software Engineer
“. . . brings reverse engineering to readers of all skill levels. Technically rich and accessible, the labs will lead you to a deeper understanding of the art and science of reverse engineering. I strongly recommend this book for beginners and experts alike.”
--Danny Quist, PhD, Founder of Offensive Computing
“If you only read one malware book or are looking to break into the world of malware analysis, this is the book to get.”
--Patrick Engbretson, IA Professor at Dakota State University and Author of The Basics of Hacking and Pen Testing
“. . . an excellent addition to the course materials for an advanced graduate level course on Software Security or Intrusion Detection Systems. The labs are especially useful to students in teaching the methods to reverse engineer, analyze and understand malicious software.”
--Sal Stolfo, Professor, Columbia University
"This book does exactly what it promises on the cover; it's crammed with detail and has an intensely practical approach, but it's well organised enough that you can keep it around as handy reference."
Top customer reviews
There was a problem filtering reviews right now. Please try again later.
At the very least, you must have a working understanding of Assembly language and the x86 architecture. With little exception, almost all advanced analysis occurs at the assembly level. The book does not spend time teaching assembly. It jumps right into the assembly code and takes off running. If you do not understand assembly code, don't even bother picking up this book (or attempting to be a malware analyst).
Secondly, you will need to have a solid understanding of the C programming language. Much of the assembly code you will be analyzing originated from a disassembled program originally written in C.
Your main home computer is not ideal for analyzing malware. In many cases, you have to actually run the malware to see what it does.Therefore, a virtualization environment is preferred. Unless you already have access to a virtualized lab, familiarity with VMware (or equivalent) is very helpful for setting up your own lab.
Experience with the Windows API, registry, DLLs, and basic file structure is also helpful. All of the sample malware is tailored for Windows computers. There is an entire chapter on the Windows API to get you up to speed if you only have a basic knowledge.
Basic knowledge of Linux is also helpful. There are a handful of analysis tools that are Linux based. You will need to have at least one Linux (virtual machine preferred) to perform some of the labs.
A basic understanding of TCP/IP networks is also good to have. Many of the malware files have a networking component.
Lacking any of these skill sets will make reading this book very difficult.
The best parts of this book are the labs at the end of the chapters. You will work on actual malware (slightly modified to be less dangerous) using tools and techniques learned in the corresponding chapter. The labs guide you through important parts of the malware, and there is a detailed explanation at the end of the book describing, in detail, how the malware does its thing and how you, as the analyst, can discover its secrets.
Most of the tools used in this book are widely available and free to use. A whole chapter is dedicated to the main tools so you get extra exposure to the important software you will be using as a professional analyst.