Books on cybersecurity: 5+ recommendations from our experts

We recently approached our experts and asked which books they would recommend for would-be malware analysts. Here is their list.

Recently we approached our security experts from the Global Research and Analysis Team and asked them which books they would recommend to other security experts (or those who would like to become experts). They named five (well, actually ten) books focused on computer security in general and malware analysis in particular.

A small disclaimer first: Below is a handful of links to Amazon, and not just because our experts prefer buying there. Actually, it is from there we have acquired the preliminary list of popular books on the topic that we showed to our experts. They have marked the most interesting ones and recommended some others. In total we received feedback from our colleagues in 10 different countries, and that is why we provide links to a store accessible worldwide. Fortunately, all of the books listed below are available in both paper and electronic form.

Let’s go!

1Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation

Bruce Dang; 2014

If you think, after reading the first chapter, that the presentation is somewhat inane you are wrong. Reading this book, I was at first just happy with its easy language, comprehensible even for a non-specialist, but then I had to pay the price. Just after the introduction there goes an avalanche of extremely detailed information about reverse engineering, Windows kernel specifics and processor architectures, without much regard for your qualification level. It’s more a textbook than a reference for an experienced specialist. Security researchers’ work usually starts with malware code analysis, and this book is just fine to get yourself familiarized with this task.

2The Practice of Network Security Monitoring: Understanding Incident Detection and Response

Richard Bejtlich; 2013

This book offers a quality review of the tools for monitoring network security. What is specifically important, the description of tools is supplemented with practical examples of using them. It’s unclear, however, why there are so many memory dumps showcased – this is especially eye-catching in a paper variant. But, according to our experts, if you are just getting acquainted with network security, this is one of the best textbooks around.

3Threat Modeling: Designing for Security

Adam Shostack; 2014

Although each of us models the threats intuitively, few do it on the expert level. Adam Shostack is one of such rare professional. At Microsoft he’s working on Security Development Lifecycle Threat Modeling, whatever that means, and the experience he had accumulated, is recounted in a 600-page thick book, suitable for both the beginners and the experienced specialists.

Starting from the basic things such as four-way combination – “What do we build”, “What may go wrong with the built thing”, “What can we do with something that has gone wrong” and “How good is our analysis”, Shostack goes in-depth with every aspect of threat modelling, offering techniques, software tools and petty tricks he has developed and refined over the course of his own work, those help building an efficient threat model for anything. By the way, the author emphasize the aspects more suitable for the applications developers, IT systems architects and security experts, which is useful too.

The book is greatly prettified by a gentle trolling that the author uses regularly – as he describes a typical cliché surfacing during the threats modeling process or during the meetings with the project participants (for instance, such absolutely “humane”, non-computer problem as “who is responsible for checking this SQL request?”).


You can follow our security experts from the GReaT team in Twitter. The easiest way to do this is to subscribe to this list:

Android Hacker’s Handbook4

Joshua J. Drake; 2014

Unlike PC ecosystem, where scientific and practical analysis is conducted for years due to the numbers and “age” of threats, Android is a pursuing new-comer. So in our list there is only one book on Android security and it is dedicated rather to the entire range of mobile threats – from OS vulnerabilities to secure application development, and not just to specific malware analysis.

Annotation says that it’s “the first publication for IT professionals, responsible for smartphone security”. The 500 pages tome is not enough to describe all aspects of mobile threats, but most of the problems in this book are specified at least. One of the authors of the book is a former Kaspersky Lab expert, by the way.

5The Art of Computer Virus Research and Defense
Peter Szor; 2005

The only book of the five listed, released as long as 9 years ago. Before Android and iOS arrived, before tablets and BYOD, ahead of cyber weaponry and other elements of contemporary computer and networks reality. Nevertheless, the age isn’t a problem for this book, due to one simple reason: cybersecurity industry development is shown in retrospection. And it is very important to understand what comes from where, no matter what field you are working in. For instance, mobile threats are developing along the same lines as PC threats (although at much higher velocity).

And bonus tracks:

6Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software

Michael Sikorski; 2012

An alternative or an addition to Bruce Dang’s work.

Reversing: Secrets of Reverse Engineering
Eldad Eilam; 2005

Examples in this book, also 9 years old, can look obsolete. However, the (relative) simplicity of the presentment may be more valuable for some, than actuality of the platforms and instruments.

The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities (Mark Dowd; 2006; Link).

The IDA Pro Book: The Unofficial Guide to the World’s Most Popular Disassembler (Chris Eagle; 2011; Link).

The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory (Michael Hale Ligh; 2014; Link).