My Top Books to Learn Malware Analysis and Reverse Engineering

Photo by Iñaki del Olmo on Unsplash

I often get messages from people wanting to learn more about reverse engineering and malware. I always refer to the same books and I though it might be a good idea to share my best selection in this blog so that I can easily link to this page.

I mostly learn new content from books because I find it easy to learn with paper. When I’m stuck, I often switch to Youtube or other educational videos, but I like to have the book and come back to some content when I need it.

The selection below are my favorite books and will give you a solid foundation, even today I still rely on many of them when I need to check something specific or review a topic. Reverse engineering and malware are an exciting field, and it provides a deeper understanding of how a system or program works.

Before to start, two main areas of Reverse Engineering can be distinguished:

• Reverse engineering applied to vulnerability research: the main goal would be to study the structure of a program or a system, to understand if there is a vulnerability, a bug or something that leads to exploiting the system in order to execute arbitrary code or cause something not specifically designed for.
• Reverse engineering applied to malware analysis: the main goal is to study malware to understand their behavior, identify Indicator of Compromises (IOC), create detection signatures, but also track malware campaigns by identifying similar pieces of code for example. In Threat Intelligence, reverse engineering consists of documenting the tools used by attackers to identify their motivations and track them during the timeframe of their operation. It will also provide a way to detect their tactics, techniques, and procedures.

The two areas are closely related as malware can also use exploits in the attack process for specific purposes such as compromising a target or elevating privileges for example.

In this article, I will mainly provide a list of books related to malware reverse engineering, but some of these books will also provide you with an excellent basis for vulnerabilities research.

The links below are affiliate links if you want to support my work, you can consider get the books via those links. Thanks! 🤓

Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software

This is probably one of my favorite books in the selection, although now a bit outdated, most of the content is still relevant today. I also heard that a second edition is being written.

This book will teach you the basics, from configuring your malware analysis setup to learning assembly languages, static and dynamic analysis, malware techniques, rootkit analysis… It comes with several exercises that will help you hone your skills and directly apply what you learn.

• Written by: Michael Sikorski and Andrew Honig
• Release date: Feb 2012
• Price: 42 USD
• Check on Amazon: https://amzn.to/3Ki0A6C

The IDA Pro Book, 2nd Edition: The Unofficial Guide to the World’s Most Popular Disassembler

This second book is also a bit outdated but still relevant today. It teaches you how IDA pro works and how you can use it. IDA is one of the most powerful disassemblers. It comes with a free version which is enough to get started. Additionally, you may want to check Ghidra.

• Written by: Chris Eagle
• Release date: 2011
• Price: 42 USD
• Check on Amazon: https://amzn.to/3vAp8nx

Windows Kernel Programming

This book is probably one of the best references for kernel programming, it’s not directly used for reverse engineering, but it will help you understand the Windows kernel and will be very useful if you want to explore Windows internals and how it works in more depth. I recommend reading this book after getting some skills.

• Written by: Pavel Yosifovitch
• Release date: 2019
• Price: 42 USD
• Check on Amazon: https://amzn.to/3pw9yp9

Malware Data Science: Attack Detection and Attribution

This book is not related to reverse engineering, but it does provide useful information on manipulating data related to malware. It will help you understand concepts like machine learning and will be directly applied to malware. I highly recommend this book if you want to learn more about Python, data science, and machine learning.

• Written by: Joshua Saxe and Hillary Sanders
• Release date: 2018
• Price: 19 USD
• Check on Amazon: https://amzn.to/3vDoh5A

The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory

This book is more geared towards memory forensics but will teach you how to recognize data structure, how to use Volatility and more. It’s a bit outdated too but still relevant today.

• Written by: Michael Hale Ligh, Andrew , Jamie Levy, AAron Walters
• Release date: 2014
• Price: 36 USD
• Check on Amazon: https://amzn.to/3KbL7VS

Antivirus Bypass Techniques: Learn practical techniques and tactics to combat, bypass, and evade antivirus software

Having studied malware evasion techniques for several years now, I really like this book which focuses on bypassing antiviruses solution. You will learn some of the most well-known techniques used by malware as well as how an antivirus works.

• Written by: Nir Yehoshua, Uriel Kosayev
• Release date: 2021
• Price: 42 USD
• Check on Amazon: https://amzn.to/3KjeC8n

Practical Binary Analysis: Build Your Own Linux Tools for Binary Instrumentation, Analysis, and Disassembly

At some point in your learning journey, you will need to understand binary instrumentation, this book comes in handy to help you understand concept such as taint analysis and symbolic execution. I recommend this book as soon as you become more comfortable with traditional malware analysis techniques.

• Written by: Dennis Andriesse
• Release date: 2017
• Price: 40 USD
• Check on Amazon: https://amzn.to/3MpiXsf

Attacking Network Protocols: A Hacker’s Guide to Capture, Analysis, and Exploitation

This one is more oriented vulnerabilities research; however, I also recommend this book to learn how to deconstruct a network protocol which is sometimes very useful. In my case, it was especially useful for studying an undocumented industrial network protocol.

• Written by: James Forshaw
• Release date: 2017
• Price: 39 USD
• Check on Amazon: https://amzn.to/3vDpTw3

Windows Internals, Part 1: System architecture, processes, threads, memory management, and more

Finally, if you really want to understand how Windows works, the Windows Internals books are really the bible, you will find them useful in several areas, including vulnerability, malware research, but also forensics or programming. This book is the best reference although it does not focus on malware analysis, but it is certainly useful in many cases.

• Written by: Pavel Yosifovich, Mark Russinovich, David Solomon, Alex Ionescu
• Release date: 2017
• Price: 30 USD
• Check on Amazon: https://amzn.to/3IIc7fk

Windows Internals, Part 2

• Written by: Andrea Allievi, Mark Russinovich, David Solomon, Alex Ionescu
• Release date: 2021
• Price: 60 USD
• Check on Amazon: https://amzn.to/3vyKamx

There are many other interesting books for learning malware analysis and reverse engineering. But these are probably the only ones you need to cover the full technical aspect of Malware analysis and reverse engineering in Windows environment. I hope you will find them useful.

If you like this content you can follow me on Twitter @fr0gger_ or on Medium for more stuff such as this one. ❤

Consider becoming a Medium member if you appreciate my content and want to help me as a writer. It cost $5 per month and gives you unlimited access to Medium content. I’ll get a little commission if you sign up via my link and that will help supporting my community projects. Thanks!🤓

Happy Learning