// Comparison

Evasive Malware vs The Hardware Hacking Handbook: Which Should You Read?

Two cybersecurity books on Reverse Engineering, compared honestly: who each is for, what each does best, and which to read first.

Advanced

4/52024

Evasive Malware

A Field Guide to Detecting, Analyzing, and Defeating Advanced Threats

Kyle Cucci

Kyle Cucci on the anti-analysis arms race: sandbox detection, anti-debug, anti-VM, packing, and the analyst-side tooling and tradecraft that get past those layers.

Advanced

5/52021

The Hardware Hacking Handbook

Breaking Embedded Security with Hardware Attacks

Jasper van Woudenberg, Colin O'Flynn

Jasper van Woudenberg and Colin O'Flynn (NewAE / ChipWhisperer) on real hardware attacks: bus sniffing, fault injection, side-channel power analysis, and the lab work that turns a black box into a known target.

Read this if

Malware analysts who finished Practical Malware Analysis and keep getting beaten by samples that detect their sandbox. The current reference on anti-analysis tradecraft, by a respected sandbox-and-detection practitioner.

Embedded and IoT security researchers ready to move past firmware-only work and pick up the soldering iron. Also the right book for offensive practitioners auditing devices where the chip is the threat model: hardware wallets, automotive ECUs, smart locks, set-top boxes.

Skip this if

Beginners. Cucci assumes you already know how to set up a sandbox, run static and dynamic analysis, and read assembly; the book picks up where PMA leaves off.

Readers who only want to read about hardware hacking. The book assumes you will buy a logic analyzer, a ChipWhisperer or similar, and break a few dev boards; without lab time, the middle chapters become abstract.

Key takeaways

Anti-VM and anti-sandbox checks now run as the first instructions of most samples; the book catalogues the dominant patterns and how to neutralise them.
Modern packers are conceptually simple but operationally demanding; Cucci's framing of unpacking-as-staged-emulation is the cleanest in print.
Control-flow obfuscation (opaque predicates, virtualization-based protections) is the analyst's hardest current problem; the chapters on it justify the book on their own.

Side-channel and fault-injection attacks are no longer exotic: with sub-$300 tooling, an attacker can pull keys from MCUs that ship in shipping products today.
Bus interception (UART, JTAG, SWD, SPI flash dumps) is the unglamorous workhorse of hardware research and pays for itself across nearly every target.
Threat modeling for hardware is fundamentally different from software: physical access changes the cost curve of every attack, and the chapters on adversary models reflect that.

How they compare

We rate The Hardware Hacking Handbook higher (5/5 against 4/5 for Evasive Malware). For most readers, that means The Hardware Hacking Handbook is the primary pick and Evasive Malware is a useful follow-up.

Both books target advanced-level readers, so the choice is about topic, not difficulty.

Evasive Malware and The Hardware Hacking Handbook both cover Reverse Engineering, so reading them in sequence reinforces the same material from different angles.

Keep reading