As more people have been asking me for beginner-level malware analysis and reverse engineering training material, I decided to put together this short study plan with free and affordable resources to get you started on analyzing (mostly) Windows executables, with some references here and there to Linux as well.
A word of caution before digging in: DO NOT WASTE YOUR TIME ON UDEMY. I took my fair share of classes on there and everything I checked out on malware, imho, is hot garbage that only made me really frustrated. I found very little useful information (compared to other, way more solid sources) and a ton of fillers, not to mention the general low quality of the material.
Practical Malware Analysis & Triage (PMAT) by HuskyHacks (Matt Kiely)
Good for total beginners: it will walk you through every step of the malware analysis process and explain everything without making any assumptions on prior knowledge. If you are curious to learn more about malware analysis but aren’t sure whether this is your cup of tea yet, this is the right way to start: your tried and true 101 path.
Practical Malware Analysis
The Hands-On Guide to Dissecting Malicious Software, by Michael Sikorski, Andrew Honig This book with downloadable exercises is the classic go-to for malware analysis beginners and is perfect for solidifying your knowledge and digging deeper after having had a first introduction. It’s very extensive and starts from the basics to later get to intermediate/advanced topics such as unpacking, anti-debugging, and anti-disassembly techniques.
Reverse Engineering Tutorial by Kevin Thomas
When I first became interested in reverse engineering, I asked a friend who’s been in infosec way longer than me for learning resources, and this is where he pointed me (thank you, Jesse!)
If you’re close to knowing nothing about how compiled programs are made and how they run, the x86 Assembly Course is your best bet to get started. Then, you can upgrade to x64 and even ARM assembly.
As a side note, these tutorials aren’t about malicious software, but are absolutely essential to better understand the inner workings of programs and learn the basics of Assembly.
Assembly and Reverse Engineering classes on Open Security Training by Xeno Kovah
I found this amazing platform as I was looking for malware analysis and RE interview material: I stumbled upon the Life Of Binaries series, which is an (OLD BUT GOLD) in-depth explanation of the structure of Windows and Linux executables.
The classes on OST are less geared towards malware analysis and more towards general reverse engineering: there’s everything from x86-64 Assembly to debugging, to software vulnerabilities, broken down and explained in the easiest possible way. There are many videos in which Xeno explains line by line what happens on the stack and in registers as each Assembly instruction is executed. Moral of the story: if you don’t have a computer science/IT background and are truly starting from zero when it comes to low-level code, you HAVE TO check this platform out and take at least the x86-64 class.
Ultimate Malware Reverse Engineering Bundle by Zero 2 Automated
I recently purchased this training (about $250) that includes both a “beginner” part and an advanced one, so I can’t speak about the whole class yet. What I can definitely say is that it goes very in-depth and exposes you to a varied number of samples and techniques.
If you’re a real beginner like me, though, I don’t recommend starting from here: some of the “beginner” material isn’t really on a 101 level the same way some of the previous resources are. Of course, if you have already taken some of the classes I previously mentioned, there’s a chance that you’ll rapidly scroll through some of the videos in this one, such as lab setup and basic Assembly. Although, you’ll find other sections incredibly valuable and foundational, such as the overviews on how encryption and hashing algorithms implemented in malware, which I haven’t found in any of the previous training material.
I hope you’ll find this material valuable. Feel free to hit me up on LinkedIn with any questions.