avatarMitch Edwards

Summary

The article provides a curated list of five essential books for individuals interested in learning about malware development, emphasizing the importance of understanding Windows internals, programming foundations, malware analysis, networking, and offensive Python programming.

Abstract

The author of the article, a malware development and web scraping enthusiast, shares their top book recommendations for those looking to delve into the world of malware development or to gain insight into the mindset of malware developers. The list includes "Windows Internals, 7th Edition, Part 1" as a comprehensive reference for the Windows operating system's inner workings, which is crucial for targeting environments effectively. "C++ for Dummies" is suggested for a quick foundation in C++ programming, essential for malware creation. "Practical Malware Analysis" is highlighted as a must-read for understanding reverse engineering and how malware appears to defenders. "Networking for Dummies" is recommended for its practical networking knowledge, a necessity for malware authors who often have to implement protocols manually. Lastly, "Violent Python" is anticipated to be a valuable resource for writing offensive security tools and malware in Python, a language increasingly used by threat actors.

Opinions

  • "Windows Internals, 7th Edition, Part 1" is acknowledged as a challenging read but an invaluable reference for understanding the Windows OS, particularly for malware development and exploit research.
  • The author values the "for Dummies" series for their ability to provide quick, foundational knowledge in programming languages like C++, which is beneficial for accelerating the learning process.
  • "Practical Malware Analysis" is considered the gold standard for learning malware analysis and reverse engineering, offering insights into both static and dynamic analysis techniques.
  • A solid grasp of networking is deemed essential for malware authors due to the necessity of writing network protocols and sockets directly, without the abstractions provided by higher-level programming languages.
  • "Violent Python" is seen as a promising resource for learning to write offensive Python tools, reflecting the author's interest in Python for malware development and the increasing use of Python by threat actors.
  • The author encourages readers to engage with them on Twitter for further recommendations and to join their weekly newsletter, "Valhalla Weekly," for updates on their research.

The 5 Best Books for Malware Development

This article was originally posted here on my research blog. If you want to get an update every week about all the cool stuff I’m working on, from malware development to web scraping, you can join my weekly newsletter, Valhalla Weekly.

Books are rad. I’ve used books in different forms for all sorts of learning, from art to penetration testing. Here is a short, quick article on 5 books that are great for someone learning malware development, or someone looking to know a bit more about how malware developers think. If you have any more recommendations, hit me up on Twitter!

Note: The links included with these books are Amazon Affiliate links. This means that if you buy any of these books using the link from this article, I’ll get a small proceed of the sale. It’s important to be transparent about that kind of thing, but I genuinely believe that these are good books for learning.

1) Windows Internals, 7th Edition, Part 1

This one is an absolute beast to read. Some people have read it the whole way through… I’ve tried three or four times now to no avail. Most people recommend it as a reference guide, though, which I tend to agree with. It’s a great reference guide on the internal design and implementation of the Windows operating system and has some incredibly insightful tidbits about data structures and API functions that are critical to malware development. I got a ton of knowledge from this book for my articles on using Registry Keys for malware comms here, here and here.

It’s a thick read, but it’s vital to understand the environment you’re targeting when you’re trying to learn malware development (or exploit research, for that matter) and this is pretty much the gold standard book on the topic.

2) C++ for Dummies

“Really Mitch, a ‘for Dummies’ book?”

Yes, actually, and there’s a reason. There are tons of gold standard books out there for learning C/C++, Python, or any other programming language. A lot of them go super in-depth on the history of the language, its internals, compiler information, etc. There’s nothing wrong with that, they’re actually pretty good. But honestly, learning to code from a book can be a fairly slow way to do it. I would much rather get a “for Dummies” book that goes over the basics, that I can skim and take bits and pieces from and that will give me the foundation that I can use to get started.

C++ for Dummies is that book. It’s a solid read that covers a lot of the basics, as well as some pretty good sections on Object-Oriented Programming and other subjects as well. I’d pick it up if you’re wanting to get started with C++ and you want to accelerate quickly.

3) Practical Malware Analysis

As I’ve said before, I’m learning malware development so I can understand reverse engineering better. Practical Malware Analysis is basically the gold-standard book for learning malware analysis and reverse engineering. I’ve gone cover-to-cover through this book and gained tons of insight into static and dynamic reverse engineering, assembly and setting up a malware analysis environment. Even if you’re not super interested in reverse engineering, Practical Malware Analysis will give you the knowledge of what your malware will look like to a defender, how other popular malware operates and how you can evade defenses and analysis yourself.

4) Networking for Dummies

Yeah yeah yeah, I’m including another “for Dummies” book. This one for similar reasons to the last one, but there are a couple of more practical reasons for picking up Networking for Dummies.

As a malware author (and as a reverse engineer, honestly) you’re not going to have the luxury of working with a lot of the abstractions you get with, say, Python programming. The Python programming language has nice and pretty libraries like Requests that allow you to forget about all of the nuances and technical difficulties of network programming. As a malware author, you often will have to write your own libraries or program network sockets directly, implement network protocols by hand, etc., so you should at least have a working understanding of networking.

Maybe this isn’t a book that you read cover to cover, but it’s a vital book to understand (and reference) as you go through your malware development journey.

5) Violent Python

Now for a risky bet, this is one I haven’t read yet.

I love offensive Python. I created a C2 server using the Python programming language and I think it’s pretty rad. There’s a lot of potential for writing malware using Python, especially since it compiles down to C and can be packaged into a Windows executable format using libraries like py2exe, and I’ve seen threat actors starting to use it as well. Most offensive security tools I’ve seen are written at least in part in Python.

This seems to be a really good book on writing offensive Python tools and programs. I’ve got it en route to my house right now and will keep you all updated on what I think, but I would definitely buy it and see for yourself.

That’s really about it! If you enjoyed my recommendations, or want to read more about my research, I highly recommend joining my weekly newsletter, Valhalla Weekly.

Malware
Infosec
Cybersecurity
Reverse Engineering
C Programming
Recommended from ReadMedium