Over 170,000 people are part of the Sophos community on Facebook. Why not join us on Facebook to find out about the latest security threats.
Hi fellow Twitter user! Follow our team of security experts on Twitter for the latest news about internet security threats.
Already using Google+? Find us on Google+ for the latest security news.
Earlier this year, no starch press, sent SophosLabs an unrequested copy of the book Practical Malware Analysis: The hands-On Guide to Dissecting Malicious Software with a letter saying "If you do enjoy the book, I hope that you will consider posting a review ...". Well I enjoyed the book and so here is the review :)
Both authors, Michael Sikorsji and Andrew Honig, have impressive resumes (NSA, MIT and DoD) and list of reviewers looks impressive including: Sal Solfo (Columbia University) and Ilfak Guilfanov (IDA).
The book is well written and, like an academic textbook, each chapter ends with a series of questions and lab exercises. What is more, unlike text books, the teacher's answer copy is in the Appendix - it accounts for nearly *half* the book.
The book consists of 6 parts plus the Appendices:
Part 1: Basic AnalysisPart 2: Advanced Static AnalysisPart 3: Advanced Dynamic AnalysisPart 4: Malware FunctionalityPart 5: Anti-reverse-engineeringPart 6: Special TopicsAppendix A: Important Windows FunctionalityAppendix B: Tools for malware analysisAppendix C: Solutions to LabsThe book is a great primer on malware analysis, but there are more topics it could have covered (non-Windows and ARM analysis). Also, some of the topics that are covered could benefit from a bit more detail. As an example of this, Chapter 2: Malware Analysis in a Virtual Machine focuses on VMWare. It's certainly well written and edited, but it didn't touch VirtualBox or discuss how to use virtual machines to automate analysis. Which is a shame.
With the rise of eReaders and tablets, this could be one of the last books of this type. Monolithic book likes these means that you need to buy the next edition of the book to get any updates. Electronic books allow for small and incremental updates to the content at little or no cost to the user and to the publishers.
Once you have read Practical Malware Analysis, you will be able to top up your knowledge quite easily using the powers of the internet.
Would I buy this book if I saw it sitting in a shop window? Probably not. But go back 15 years when I was just starting out in the field, this would have been a goldmine of information.
So, if you're starting out in malware analysis (like our SophosLabs' intern Julian), or if you are are coming to analysis from another discipline, I'd recommend having a nose.
Follow @nakedsecurity
Follow @SophosLabs