5 Best Books to Learn Malware Development
Books are rad. I've used books in different forms for all sorts of learning, from art to penetration testing. Here is a short, quick article on 5 books that are great for someone learning malware development, or someone looking to know a bit more about how malware developers think. If you have any more recommendations, hit me up on Twitter!
Note: The links included with these books are Amazon Affiliate links. This means that if you buy any of these books using the link from this article, I'll get a small proceed of the sale. It's important to be transparent about that kind of thing, but I genuinely believe that these are good books for learning.
1) Windows Internals, 7th Edition, Part 1
This one is an absolute beast to read. Some people have read it the whole way through... I've tried three or four times now to no avail. Most people recommend it as a reference guide, though, which I tend to agree with. It's a great reference guide on the internal design and implementation of the Windows operating system and has some incredibly insightful tidbits about data structures and API functions that are critical to malware development. I got a ton of knowledge from this book for my articles on using Registry Keys for malware comms here, here and here.
It's a thick read, but it's vital to understand the environment you're targeting when you're trying to learn malware development (or exploit research, for that matter) and this is pretty much the gold standard book on the topic.
"Really Mitch, a 'for Dummies' book?"
Yes, actually, and there's a reason. There are tons of gold standard books out there for learning C/C++, Python, or any other programming language. A lot of them go super in-depth on the history of the language, its internals, compiler information, etc. There's nothing wrong with that, they're actually pretty good. But honestly, learning to code from a book can be a fairly slow way to do it. I would much rather get a "for Dummies" book that goes over the basics, that I can skim and take bits and pieces from and that will give me the foundation that I can use to get started.
C++ for Dummies is that book. It's a solid read that covers a lot of the basics, as well as some pretty good sections on Object-Oriented Programming and other subjects as well. I'd pick it up if you're wanting to get started with C++ and you want to accelerate quickly.
As I've said before, I'm learning malware development so I can understand reverse engineering better. Practical Malware Analysis is basically the gold-standard book for learning malware analysis and reverse engineering. I've gone cover-to-cover through this book and gained tons of insight into static and dynamic reverse engineering, assembly and setting up a malware analysis environment. Even if you're not super interested in reverse engineering, Practical Malware Analysis will give you the knowledge of what your malware will look like to a defender, how other popular malware operates and how you can evade defenses and analysis yourself.
Yeah yeah yeah, I'm including another "for Dummies" book. This one for similar reasons to the last one, but there are a couple of more practical reasons for picking up Networking for Dummies.
As a malware author (and as a reverse engineer, honestly) you're not going to have the luxury of working with a lot of the abstractions you get with, say, Python programming. The Python programming language has nice and pretty libraries like Requests that allow you to forget about all of the nuances and technical difficulties of network programming. As a malware author, you often will have to write your own libraries or program network sockets directly, implement network protocols by hand, etc., so you should at least have a working understanding of networking.
Maybe this isn't a book that you read cover to cover, but it's a vital book to understand (and reference) as you go through your malware development journey.
Now for a risky bet, this is one I haven't read yet.
I love offensive Python. I created a C2 server using the Python programming language and I think it's pretty rad. There's a lot of potential for writing malware using Python, especially since it compiles down to C and can be packaged into a Windows executable format using libraries like py2exe, and I've seen threat actors starting to use it as well. Most offensive security tools I've seen are written at least in part in Python.
This seems to be a really good book on writing offensive Python tools and programs. I've got it en route to my house right now and will keep you all updated on what I think, but I would definitely buy it and see for yourself.
--
That's really about it! If you enjoyed my recommendations, or want to read more about my research, I highly recommend joining my weekly newsletter, Valhalla Weekly.