How to Start Reverse Engineering Malware

Everyone always asks me what are the best courses, classes, tutorials, materials, etc. out there for Reverse Engineering.

Here is a list of sources that will help you get started.


If Currently in College

Be sure to take your assembly language courses as well c/c++. Take extra courses like cryptology, forensics, or anything that makes you take things apart. You need to have the basics down before you can do the advanced fun.


Lena’s Tutorials

As a newb, I personally started out with these tutorials and they are easy to follow. There are about 40 tutorials that go over basic concepts and patching.
Go There!

Open Security Training

This site includes many other security training topics such as Exploits, Assembly Architecture, and Reverse Engineering. Courses offer both an introduction into RE as well as REing malware.
Go There!

IOS & Mac OS X

This site has some nice resources for Apple based binaries.
Go There!

Great Books

Practical Malware Analysis: The Hands‑On Guide to Dissecting Malicious Software
by Andrew Honig and Michael Sikorski
– This book provides great examples to tackle the harder questions specifically for malware.

Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation 1st Edition
by Bruce Dang
– This is more of a reference book in my opinion. Has some great exercises to give you a greater understanding of assembly.

Malware Analyst’s Cookbook and DVD
Book by Blake Hartstein, Matthew Richard, Michael Hale Ligh, and Steven Adair
– This book is a great starter for understanding malware from the RE perspective and creating tools to help you RE.

Reverse Engineering Challenge

The Flare Team hosts the “Flare-on” challenge annually. It’s basically broken down into multiple levels, usually ranging from 1-10 that gradually increase in complexity.
The first 4-5 levels are great practice rounds for newbie RE’s and keeping your skills up to date without burning the midnight oil.

I Need Malware!

There are many open sources out there for you to get some malware samples to download. Here are some of my favorites:
malwr.com
contagiodump.blogspot.com
virusshare.com
malware.lu
malshare.com
kernelmode.info

Best Choice is just get a VirusTotal Intelligence Account 🙂

I plan on giving a Reverse Engineering 101 workshop soon. So stay tuned!