PaulDotCom mailing list archives
Want to get into malware analysis
From: pj_mcgarvey at hotmail.com (PJ McGarvey)
Date: Mon, 26 Jan 2009 10:21:17 -0500
I also recommend the SANS ISC blog postings, some of the ones on SQL Injection and Javascript are very good. A coworker has the books from the SANS Reverse Engineering class, and they are also a good starting point for doing Reverse engineering. If you come across malware at work, submit it to some of the online sandbox sites, threatexpert, cwsandbox, anubis, etc. and after analysis study what the malware does. I know CWSandbox does a chronological order report of what file, network, process activity the malware sample exhibits. I have a book on order called "Malware forensics" that sounded pretty good. I've gotten part of the way through "Hacking: Art of Exploitation 2nd Ed." it has chapters on programming, crypto and other stuff. Very heavy for my non-programmer brain, but very interesting nonetheless. -PJ
matt donovan schrieb:> > 2009/1/23 xgermx <xgermx at gmail.com>> >> >> Read through the SANS ISC blogs. They offer a lot of good starting points.> >>> >> 2009/1/23 matt donovan <kitchetech at gmail.com>> >>> >>> Since this field interests me so much. I decided to learn more about it.> >>>> >>>> >>> I am already planning to buy Applied Cryptography, 2nd Edition to learn> >>> about some Cryptography. Is there any other books that people might> >>> recommend.> >>>> >>> I m looking into buying Malware: Fighting Malicious Code as well.> >>>> >>> Should I buy a C programming book to go along as well. I already know> >>> Java(Learned it in college).> >>> >> >> > Well I already have two assembly books. So I can just pull those out if I> > have to guess I can grab some code from offensive computing to look at the> > assembly. The Crypto book is mainly to learn more about bitwise math so that> > I can look at the behavorial side a bit more if I run across some malware.> >> Moin!> > Did somebody jet mention Chris Eagle's IDA Pro book?> If not, well... ;) Furthermore Kris Kasperski has some books:> http://www.openrce.org/forums/posts/368, openly available.> > - OpenRCE is Windows focused> - it offerers a great variety of tutorials for starters and a community> > - if you're serious do some kind of training, just for the papers> - and never forget: who loves coding loves reversing. ;)> It's not the other way around.> > - Buying Malware? There're lots of archives. No one who's got a Spam> folder...> Tryout Honeytrap or Nepenthes. These are honeypots.> >- some books about Secure Coding seem to be near to the topic, too:> maybe Robert Seacord's "Secure Coding in C andC++" or C's secure coding> standards.> Maybe "Writing Secure Code" by Michael Howard and David LeBlanc. Or "The> Art Of Assembly> Language" by Randall Hyde.> > Have fun,> wishi> > > > > _______________________________________________> Pauldotcom mailing list> Pauldotcom at mail.pauldotcom.com> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom> Main Web Site: http://pauldotcom.com
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090126/b728c280/attachment.htm
Current thread:
- Want to get into malware analysis matt donovan (Jan 23)
- Want to get into malware analysis Dimitrios Kapsalis (Jan 23)
- Want to get into malware analysis xgermx (Jan 23)
- Want to get into malware analysis matt donovan (Jan 23)
- Want to get into malware analysis wishi (Jan 24)
- Want to get into malware analysis PJ McGarvey (Jan 26)
- Want to get into malware analysis matt donovan (Jan 23)
- Want to get into malware analysis Dave Hull (Jan 23)
- Want to get into malware analysis infolookup at gmail.com (Jan 23)
- Want to get into malware analysis iamnowonmai (Jan 23)