Cyber Shelf

// What to read next

What to read after Evading EDR

Where to go after Evading EDR, picked from our catalog. The next step up from advanced level, weighted toward the topics this book covers.

OffensiveMalwareDetection

  1. 01 · 2017

    Attacking Network Protocols

    James Forshaw, Project Zero veteran, on how to capture, parse, and break protocols from the wire up to the application layer, with a strong focus on building reusable analysis tooling.

    Advanced
    5/5James Forshaw

  2. 02 · 2014

    The Art of Memory Forensics

    Ligh, Case, Levy, and Walters' canonical reference on memory analysis with Volatility — the technique, the tooling, and the operating-system internals it depends on, across Windows, Linux, and macOS.

    Advanced
    5/5Michael Hale Ligh, Andrew Case, Jamie Levy, AAron Walters

  3. 03 · 2024

    Windows Security Internals

    Forshaw takes apart the Windows security model from the SRM and access tokens up through Kerberos, with live PowerShell you can run against your own machine. The most authoritative single source on how Windows actually decides who can do what.

    Advanced
    5/5James Forshaw

  4. 04 · 2024

    Evasive Malware

    Kyle Cucci on the anti-analysis arms race: sandbox detection, anti-debug, anti-VM, packing, and the analyst-side tooling and tradecraft that get past those layers.

    Advanced
    4/5Kyle Cucci

  5. 05 · 2014

    Practical Reverse Engineering

    A working reverser's textbook from three Microsoft / Quarkslab veterans, covering the architectures and toolchain you'll actually meet on real targets, including the Windows kernel and modern obfuscation patterns.

    Advanced
    4/5Bruce Dang, Alexandre Gazet, Elias Bachaalany

  6. 06 · 2019

    Rootkits and Bootkits

    Matrosov, Rodionov and Bratus on persistent, deeply-embedded malware: kernel rootkits, MBR/UEFI bootkits, and the forensic techniques that surface them. Strongly Windows-internals oriented.

    Advanced
    4/5Alex Matrosov, Eugene Rodionov, Sergey Bratus

  7. 07 · 2022

    The Art of Mac Malware, Volume 1

    Patrick Wardle's deep dive on macOS malware analysis: persistence patterns, injection techniques, anti-analysis tricks, and the macOS-specific tooling needed to triage real samples.

    Advanced
    4/5Patrick Wardle

  8. 08 · 2007

    The Shellcoder's Handbook

    A foundational text on memory-corruption exploitation across Linux, Windows, Solaris and embedded targets. Pre-modern-mitigations in spirit but still the canonical introduction to the techniques the modern toolchain is built to defeat.

    Advanced
    4/5Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte
Back to Evading EDRAlternatives to Evading EDR