So You Want To Learn Reverse Malware Engineering?
As I have explored offensive security, I have been exposed to a variety of career paths. Reverse malware engineering is something that I find very fascinating and extremly challenging. I am in no way an expert in this field; I consider myself to be a beginner. Reverse malware engineering is working with different components to understand how adversaries are able to hack multi-billion dollar companies and not be detected for 7 months like in the SolarWinds hack.
Apart from the material I mention in this article, I have taken a malware course at Carnegie Mellon University called Malicious Code Analysis, which I have taken during my graduate studies there. I think that this is a field that you can learn something new every single day and requires life- long learning. If you want to work in InfoSec, this is a necessary skill and desire to have.
The focus of this article is to provide insight from a novel reverse malware engineer and what has helped me learn and gain new skills. There are several helpful online resources, but this is where I decided to start. Let’s start with the book.
Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
There a variety of great books out there to learn reverse malware engineering. I was recommended this book by several experts in the field. The book provides the fundamentals and is a great resource for beginners. There are labs and great content through a GitHub repository containing work alongside the book. I have enjoyed using this book and supplementing it with Google when I have additional questions.
The next resource that I would recommend is a video tutorial. The first 5 hours can be found on YouTube, but the rest of the content can be purchased for $30 dollars. I had no problem purchasing this because I thought it was such a great course. I recommend checking out the course overview found here.
Course: HuskyHacks YouTube channel — PMAT
I cannot speaking highly enough about this course! Matt Kiely is the instructor, and he does an amazing job to say the least. Matt has a variety of experience and really makes the topics approachable and practical. Malware analysis is a highly technical field of work and requires strong fundamentals. If you are new to virtual machines, linux command line, and networking then it may require you to find additinoal resoures. The course leverages the use of virtual machines to create a safe environment for analysis using Windows and Linux. The main toolset is a Windows box with Flare tools installed and Linux ReMnux for simulated network for network traffic capture and analysis. The course content is uploaded to the HuskyHacks GitHub page.
The full course is offered on TCM security for purchase. If you are interested in learning reverse malware engineering, give Matt some support buy buying the course! Here are some of my favorite topics covered in the course:
- Scripting Malware — Python and PowerShell
- Advanced Static and Dynamic Analysis Using the Flare Toolkit
- Automate Malware Triage Through Python and Jupyter Notebook
- Mobile Malware — Android
- Reversing the WannaCry Ransomware
- Reversing Reverse Shells and Persistence
As I said earlier, I am not an expert, but I hope that the resources above can help you in your learning journey. The understanding of how malware works will pay dividends in any job you work in InfoSec. My plan going forward is to leverage the skills that I have learned in this course and continue my learning through practicing on more malware samples found on sites like theZoo. If you have any further suggestions or resources that you have used, please leave a comment below.
This article contains affiliate links. If you find my content helpful, I would appreciate your support!
Cheers,
Tanner
