I’m going to be updating this post with information for people who are new to malware analysis and research.
Tool Lists
YouTube Channels
Blogs
Pro tip: If you want to get good fast, read lots and lots of blogs
That should be plenty enough for you. Some of the personal blogs are actually folks who work for the companies as well. If I left any good blogs out, leave them below please.
I also have some good content for newbies on my blog which hasn’t been updated in a while: https://toddcullumresearch.com
Books // Publications
- Practical Malware Analysis
- Practical Reverse Engineering
- AVIEN Malware Defense Guide for the Enterprise
- The Art of Computer Virus Research and Defense
- The IDA Pro Book
- Malware Analyst’s Cookbook
- Hacking: The Art of Exploitation
- Windows Research Kernel
- Windoiws Internals Parts 1 and 2
- Microsoft PECOFF Format Specification (For Packers and PE header obstructions)
- Gray Hat Hacking: The Ethical Hacker’s Handbook Third Edition
Other Forums
The malware analysis forum community isn’t as big as it could be but that’s why we’re here. The two most notable malware reversing forums include http://kernelmode.info and https://tuts4you.com . Both are actually operating systems and reversing forums but they have subsections for malware analysis. Another good one is https://reddit.com/r/malware if Reddit is what you like. Other than this, most other malware-related forums seem to be geared toward malware removal rather than the profession of malware analysis and research. This is why malwareanalysisforums.com was born. Those sites have a lot more users because they’re old. If you head over, please mention we sent ya! This forum aims to address malware analysis exclusively.
Notable Contributors
These are folks who have spent significant amounts of time contributing malware research works. I highly suggest googling their work with the word “malware” near their name:
- Peter Ferrie - Anti Debugging Reference and PE file format research
- Karsten Hahn master thesis - PE File format research
- Ilfak Guilfanov and Igor Skochinsky - Hex-rays developers who created IDA Pro
- pancake - creator of radare2 which can rival IDA Pro
- Lenny Zeltser - Malware Analysis instructor, curator of Remnux
- Didier Stevens - Malware Analyst, tool author, intructor
I’m looking for more folks to add here. Of course, I could add those authors of aforementioned books, but I’m looking for others too. I’m sure I’ve forgotten some as I’m quite tired at the time I wrote this.
Sample Sites
If you need files to practice analyzing (***In a SECURE and ISOLATED machine that you don’t care about)***, you can sign up for an account at One of these websites:
http://malshare.com/
http://www.malware-traffic-analysis.net/
https://virusshare.com/
http://virusign.com/
https://malwr.com (TEMPORARILY DOWN)
https://github.com/ytisf/theZoo - good for an organized search for a specific malware
https://malpedia.caad.fkie.fraunhofer.de/login
READ ME
You must understand that being good at malware analysis requires a huge range of skills and knowledge and therefore, it is not adequate to only study just malware analysis. For this reason, you may see postings here and elsewhere which seem almost completely irrelevant and unrelated. However, literally every single software concept is somehow related to malware analysis because malware analysis is ultimately software analysis since the definition of malware is simply malicious software. For this reason, you will see recommendations to read about the PE file format, ELF format, general operating systems engineering (a huge one), WScript, JavaScript, SQL, PowerShell, Batch, etc…
The reason why is because a single malware could contain every single one of those mentioned above as a component. This means that in order to properly analyze the software, an analyst needs to know enough about all of those, plus the slew of other languages and software frameworks out there. Luckily, general problem-solving skills go a long way and therefore extensive knowledge isn’t as important as general ability to problem solve these types of problems. However, I wanted to mention this so you understand why I’m telling you to go read books on x86 assembly or SIMD or C programming, for example.