Buy new:
-28% $43.12$43.12
Delivery Tuesday, October 1
Ships from: Amazon.com Sold by: Amazon.com
Save with Used - Very Good
$34.50$34.50
Delivery October 10 - 14
Ships from: Amazon Sold by: Best Quality Book's
Download the free Kindle app and start reading Kindle books instantly on your smartphone, tablet, or computer - no Kindle device required.
Read instantly on your browser with Kindle for Web.
Using your mobile phone camera - scan the code below and download the Kindle app.
Follow the authors
OK
Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software 1st Edition
Purchase options and add-ons
For those who want to stay ahead of the latest malware, Practical Malware Analysis will teach you the tools and techniques used by professional analysts. With this book as your guide, you'll be able to safely analyze, debug, and disassemble any malicious software that comes your way.
You'll learn how to:
–Set up a safe virtual environment to analyze malware
–Quickly extract network signatures and host-based indicators
–Use key analysis tools like IDA Pro, OllyDbg, and WinDbg
–Overcome malware tricks like obfuscation, anti-disassembly, anti-debugging, and anti-virtual machine techniques
–Use your newfound knowledge of Windows internals for malware analysis
–Develop a methodology for unpacking malware and get practical experience with five of the most popular packers
–Analyze special cases of malware with shellcode, C++, and 64-bit code
Hands-on labs throughout the book challenge you to practice and synthesize your skills as you dissect real malware samples, and pages of detailed dissections offer an over-the-shoulder look at how the pros do it. You'll learn how to crack open malware to see how it really works, determine what damage it has done, thoroughly clean your network, and ensure that the malware never comes back.
Malware analysis is a cat-and-mouse game with rules that are constantly changing, so make sure you have the fundamentals. Whether you're tasked with securing one network or a thousand networks, or you're making a living as a malware analyst, you'll find what you need to succeed in Practical Malware Analysis.
- ISBN-101593272901
- ISBN-13978-1593272906
- Edition1st
- PublisherNo Starch Press
- Publication dateFebruary 1, 2012
- LanguageEnglish
- Dimensions7.13 x 1.56 x 9.25 inches
- Print length800 pages
Frequently bought together

Customers who bought this item also bought
Practical Binary Analysis: Build Your Own Linux Tools for Binary Instrumentation, Analysis, and DisassemblyPaperback$7.30 shippingGet it as soon as Thursday, Oct 3Only 1 left in stock - order soon.
Customer reviews
Customer Reviews, including Product Star Ratings help customers to learn more about the product and decide whether it is the right product for them.
To calculate the overall star rating and percentage breakdown by star, we don’t use a simple average. Instead, our system considers things like how recent a review is and if the reviewer bought the item on Amazon. It also analyzed reviews to verify trustworthiness.
Learn more how customers reviews work on AmazonCustomers say
Customers find the book very informative and a valuable reference for completing assignments. They say it explains everything, covers theory and hands-on application, and is a good read to get their feet wet.
AI-generated from the text of customer reviews
Customers find the book very informative and well-written. They say it provides knowledge of tools for analysis and helps them better understand malware. Readers also mention the book covers theory and hands-on application, and is extremely practically oriented.
"This book is surprisingly easy to read and very informative - if you have an IT background. It is not, however, a book for beginners...." Read more
"...PMA begins simply, starting with basic static and dynamic analysis. This also includes a discussion on setting up a virtual malware analysis lab...." Read more
"...First things first, this book has a great deal of excellent information. It's well written and thorough...." Read more
"...The value of the book is so great due to its thoroughness...." Read more
Customers find the book great and informative. They say it keeps their interest in reading and is a good read to get their feet wet. Readers also mention the exercises are well-written.
"Awesome book. Great explanations and labs that get you analyzing malware right from the start...." Read more
"...I can say I look forward to the exercises and it definately keeps my interest in reading so I know I will learn as much as I want to...." Read more
"...Just started reading it and got pulled into it. Received the book in perfect condition." Read more
"Awesome content and super well delivered, must have! It has been my best friend for my reverse engineering class." Read more
Customers find the book a great introduction to reverse engineering. They say it provides a great breakdown of the assembly.
"Great intro to reversing (not only malware) with a great breakdown of assembly. Definitely now one of my go to reference books." Read more
"Great book for Reverse Engineering..." Read more
"Great intro..." Read more
-
Top reviews
Top reviews from the United States
There was a problem filtering reviews right now. Please try again later.
At the very least, you must have a working understanding of Assembly language and the x86 architecture. With little exception, almost all advanced analysis occurs at the assembly level. The book does not spend time teaching assembly. It jumps right into the assembly code and takes off running. If you do not understand assembly code, don't even bother picking up this book (or attempting to be a malware analyst).
Secondly, you will need to have a solid understanding of the C programming language. Much of the assembly code you will be analyzing originated from a disassembled program originally written in C.
Your main home computer is not ideal for analyzing malware. In many cases, you have to actually run the malware to see what it does.Therefore, a virtualization environment is preferred. Unless you already have access to a virtualized lab, familiarity with VMware (or equivalent) is very helpful for setting up your own lab.
Experience with the Windows API, registry, DLLs, and basic file structure is also helpful. All of the sample malware is tailored for Windows computers. There is an entire chapter on the Windows API to get you up to speed if you only have a basic knowledge.
Basic knowledge of Linux is also helpful. There are a handful of analysis tools that are Linux based. You will need to have at least one Linux (virtual machine preferred) to perform some of the labs.
A basic understanding of TCP/IP networks is also good to have. Many of the malware files have a networking component.
Lacking any of these skill sets will make reading this book very difficult.
The best parts of this book are the labs at the end of the chapters. You will work on actual malware (slightly modified to be less dangerous) using tools and techniques learned in the corresponding chapter. The labs guide you through important parts of the malware, and there is a detailed explanation at the end of the book describing, in detail, how the malware does its thing and how you, as the analyst, can discover its secrets.
Most of the tools used in this book are widely available and free to use. A whole chapter is dedicated to the main tools so you get extra exposure to the important software you will be using as a professional analyst.
With that said, Practical Malware Analysis is one of my absolute favorite information security books. The topic of dissecting malware can be very daunting, as it requires a broad array of knowledge to be done effectively. You have to be able to interpret code, have a knowledge of internal system workings, and be able to read between the lines using an analysts intuition. I think this book does an excellent job relaying these concepts.
PMA begins simply, starting with basic static and dynamic analysis. This also includes a discussion on setting up a virtual malware analysis lab. This is often enough to determine if a file malicious on its own. After this, the book quickly jumps to more advanced static and dynamic analysis concepts. PMA covers a wide away of topics, and touches on most every aspect of dissecting modern malware. If you are a beginner, then you will get plenty to sink your teeth into without feeling completely overwhelmed. If you are more experienced, you will find plenty of coverage of advanced topics, such as dealing with malware that has built in anti-debugging features.
My favorite portion of PMA are the labs included with almost every chapter. The authors have taken the time to write custom "malware" and find existing malware samples that accompany each topic. These allow the reader to try out the skills they've just learned and then compare them against a set of answers in the back of the book. I wish more books did this.
I work from home, and at my house I have a big bookshelf in my closet and a smaller bookshelf next to my desk. The books I've read that I don't use often are in the closet bookshelf. The books I've read that I use really often stay on the smaller shelf next to the desk. Not only does Practical Malware Analysis sit on the smaller bookshelf, it sits on the top of it along side such greats as "TCP/IP Illustrated." I think that is the best praise I can give a technical book.
Simply put, If you want to learn how to analyze malware at a casual or advanced level, then PMA is THE book to purchase. Kudos to Sikorski and Honig on a job amazingly well done.
I had some experience with assembly and C/C++ already but nothing at a professional level. My primary lack of background was in networking but the author explained enough to at least tell me what to Google for when I needed more information.
There's a few typos but nothing I wasn't able to figure out on my own. Luckily, the publisher is tracking these and lists them here for you: http://www.nostarch.com/malware#updates.
Personally, I recommend running VMs. Set up an image with all the labs downloaded and saved somewhere. You'll want to revert to that snapshot before moving through the labs to ensure you're not mixing up potential system changes between labs. Sometimes, I like to go back to previous labs so I either saved snapshots after doing the lab or saved my altered binaries to a USB drive so I could reference them after reverting to the original snapshot.
Top reviews from other countries
Reviewed in Spain on December 15, 2022







