Goodreads helps you keep track of books you want to read.

Start by marking “Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software” as Want to Read:

Other editions

Enlarge cover

Rate this book

Clear rating

1 of 5 stars 2 of 5 stars 3 of 5 stars 4 of 5 stars 5 of 5 stars

Open Preview

Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software

Michael Sikorski,

Andrew Honig

4.46 · Rating details · 488 ratings · 22 reviews

Malware analysis is big business. Not only is it a lucrative, rapidly growing discipline, but attacks can cost a company dearly. As a security professional, you can't effectively respond to intrusions without being able to analyze malware. When malware breaches your defenses or a client drops a freshly minted piece of malware into your inbox, you need to act quickly to und Malware analysis is big business. Not only is it a lucrative, rapidly growing discipline, but attacks can cost a company dearly. As a security professional, you can't effectively respond to intrusions without being able to analyze malware. When malware breaches your defenses or a client drops a freshly minted piece of malware into your inbox, you need to act quickly to understand the malware thoroughly enough to cure current and future infections.For those who want to stay ahead of the latest malware, Practical Malware Analysis will teach you how to use the tools and techniques that professional malware analysts use to dissect malicious software. With this book as your guide, you'll learn how to safely analyze, debug, and disassemble malware so that you're in the driver's seat, not the malware author.You'll learn how to:Set up a safe virtual environment to analyze malware Quickly extract network signatures and host-based indicators Use key analysis tools like IDA Pro, OllyDbg, and WinDbg Overcome malware tricks like obfuscation, anti-disassembly, anti-debugging, and anti-virtual machine techniques Use your newfound knowledge of Windows internals for malware analysis Develop a methodology for unpacking malware and get practical experience with five of the most popular packers Analyze special cases of malware with shellcode, C++, and 64-bit code Hands-on labs included throughout the book challenge you to practice and synthesize your skills as you dissect real malware samples. And pages of detailed dissections offer an over-the-shoulder look at how the pros do it. You'll learn how to crack open malware to see how it really works, what damage it has done to your network, how to thoroughly clean it, and how to ensure it never comes back.Malware analysis is a cat and mouse game with rules that are constantly changing. Whether you're tasked with fighting malware on one or a thousand networks or you're making a living as a malware analyst, you'll find what you need to succeed in Practical Malware Analysis. ...more

Get A Copy

Kindle Edition, 800 pages

Published February 22nd 2012 by No Starch Press (first published July 15th 2011)

More Details... Edit Details

Friend Reviews

To see what your friends thought of this book, please sign up.

Reader Q&A

To ask other readers questions about Practical Malware Analysis, please sign up.

Be the first to ask a question about Practical Malware Analysis

Lists with This Book

This book is not yet featured on Listopia. Add this book to your favorite list »

Community Reviews

Showing 1-30

Average rating 4.46 ·

Rating details

· 488 ratings · 22 reviews

More filters

Sort order

Start your review of Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software

Oct 31, 2013 Takedown rated it it was amazing · review of another edition

Shelves: information-security

Written by Mandiant experts, this is THE BOOK to read if you interested in malware analysis and reverse engineering. Practical, concise and easy to read, it assumes no prior knowledge and will get you started even if you are a complete beginner.

flag 4 likes · Like · see review

Sep 30, 2018 Erik Moore rated it it was amazing · review of another edition

While outdated in terms of the labs and operating system, there is no better text for introducing malware analysis to the uninitiated. The authors dive in with you, carefully unfolding each layer of investigation, building on knowledge rapidly, and providing enabling outcomes that build confidence. The span of coverage from entropy analysis and disassembly analysis to Internet simulation and kernel debugging, allow the reader to develop a workable toolset. The move to RegEx and profile developme ...more

flag 1 like · Like · see review

Dec 05, 2018 Jaynie Shorb rated it really liked it

A lot of the book shows its age, but it is packed with very useful information

The attack examples were useful. A lot of information about Windows and the analysis techniques used to examine the malware.

flag 1 like · Like · see review

Jun 05, 2012 Dgg32 rated it it was amazing · review of another edition

Shelves: programming

One of the few book about the reverse engineering of malware. The scarcity alone makes the book worth reading.

flag 1 like · Like · see review

Nov 30, 2018 Dudley Grant rated it it was amazing · review of another edition

Shelves: favourites

Excellent and example-driven.

flag Like · see review

Jun 12, 2020 Raja R rated it it was amazing

very helpful ! spending some quality time reverse engineering

flag Like · see review

Aug 01, 2019 Meredith rated it it was amazing

Shelves: cybersecurity

RTFM. This is canon M.

flag Like · see review

Dec 20, 2019 Scott Holstad rated it it was amazing · review of another edition

Shelves: technology, favorites

Very solid.

flag Like · see review

Aug 25, 2018 Freddie Barr-Smith rated it it was amazing · review of another edition

Very, very good, the standard introductory text for people getting into malware analysis.

flag Like · see review

Aug 19, 2017 Tim rated it it was amazing · review of another edition

amazing

flag Like · see review

Feb 16, 2020 Trisha Ganesh rated it it was amazing · review of another edition

This book was extremely informative. I'm yearning to read more books relating to Malware Analysis. ...more

flag Like · see review

Nov 23, 2020 Sveatoslav Persianov rated it it was amazing · review of another edition

It is a must read for those who want to get into malware analysis. Some of the samples described in the book are very old, however the principles of reversing/analysis still apply.

flag Like · see review

Sep 14, 2016 Hugh Smalley rated it really liked it · review of another edition

For those who want to stay ahead of the latest malware, Practical Malware Analysis will teach you the tools and techniques used by professional analysts. With this book as your guide, you'll be able to safely analyze, debug, and disassemble any malicious software that comes your way.

Malware analysis is big business, and attacks can cost a company dearly. When malware breaches your defenses, you need to act quickly to cure current infections and prevent future ones from occurring.

For those who w

For those who want to stay ahead of the latest malware, *Practical Malware Analysis* will teach you the tools and techniques used by professional analysts. With this book as your guide, you'll be able to safely analyze, debug, and disassemble any malicious software that comes your way.

You'll learn how to:

Set up a safe virtual environment to analyze malware Quickly extract network signatures and host-based indicators Use key analysis tools like IDA Pro, OllyDbg, and WinDbg Overcome malware tricks like obfuscation, anti-disassembly, anti-debugging, and anti-virtual machine techniques Use your newfound knowledge of Windows internals for malware analysis Develop a methodology for unpacking malware and get practical experience with five of the most popular packers Analyze special cases of malware with shellcode, C++, and 64-bit code Hands-on labs throughout the book challenge you to practice and synthesize your skills as you dissect real malware samples, and pages of detailed dissections offer an over-the-shoulder look at how the pros do it. You'll learn how to crack open malware to see how it really works, determine what damage it has done, thoroughly clean your network, and ensure that the malware never comes back.

Malware analysis is a cat-and-mouse game with rules that are constantly changing, so make sure you have the fundamentals. Whether you're tasked with securing one network or a thousand networks, or you're making a living as a malware analyst, you'll find what you need to succeed in *Practical Malware Analysis*.

...more

flag Like · see review

Dec 31, 2016 Sasha rated it it was amazing · review of another edition

Shelves: reviewed

Took Michael Sikorski's class on malware analysis. This book perfectly complements the course (surprise!). It lays out the material in a very logical and clear way, with a heavy emphasis on practice rather than theory. That's not to say it skimps on explanations of the inner workings of the malware, it just approaches everything from a very practical standpoint. (Again, big shocker, given the title.)

The book is sectioned in order of how one would actually go about performing malware analysis:
- Took Michael Sikorski's class on malware analysis. This book perfectly complements the course (surprise!). It lays out the material in a very logical and clear way, with a heavy emphasis on practice rather than theory. That's not to say it skimps on explanations of the inner workings of the malware, it just approaches everything from a very practical standpoint. (Again, big shocker, given the title.)

The book is sectioned in order of how one would actually go about performing malware analysis:
- Basic Static Analysis (using various tools on the malware to gather info about it without actually examining its internals or running it)
- Basic Dynamic Analysis (running the malware, using tools to gather info)
- Advanced Static (examining internals in a disassembler, i.e. using IDA Pro (a.k.a the Greatest Piece of Software On Earth))
- Advanced Dynamic (running the malware in a debugger, i.e. using OllyDbg (a.k.a. the Second Greatest Piece of Software On Earth))
- Malware Functionality (general overview of malware behavior, various types of injection, encryption/obfuscation, network signatures, etc)
- Anti-reversing (discussion of what the malware writer can do to prevent the malware from being analyzed, including anti-disassembly, anti-debugging, anti-VM, anti-All The Things, packing, etc)
- Special Topics (shellcode, c++, etc)

Great class, great book, learned a ton, got a crappy grade because I turned in all the assignments late. (Don't start the assignments the night before they're due. Big mistake.)

P.S. The only downside is that this book is only for Windows XP. Considering I'm a Mac person all the way, I wish there'd been some discussion of the malware written for Macs and how it differs from the Windows XP malware, but alas, it's still a fantastic intro to malware analysis in general. The theory is probably that once you know how to do it, you'll have the tools to extrapolate to other operating systems.
P.P.S. Sort of loving the cover, with the malware as the cute alien about to get skewered. ...more

flag Like · see review

Feb 17, 2016 Jon rated it really liked it · review of another edition

Shelves: programming

I used this book for a malware analysis class and I really enjoyed it. The content is presented in a clear manner and is kept interesting throughout. It even managed to teach me the basics of assembly language.

The "secret sauce" of this book, however, is the lab projects. You can download from their website files that you then analyze following the guidance in lab section present in most chapters. At the end of the book there are quick answers as well as a longer and more detailed explanation f ...more

flag 1 like · Like · see review

Apr 16, 2014 sine rated it it was amazing · review of another edition

Shelves: 2014, dev-security

Actually, this book does not only teach you how to stick with malware, but also a lot of reverse engineering stuffs and tricks, required in any RCE projects. Very clear explanation, after reading the book and finishing all the exams, it was quite easy to dissect real malware with a broad complexity, for example FinFisher.

flag Like · see review