// Comparison

Practical Malware Analysis vs Rootkits and Bootkits: Which Should You Read?

Two cybersecurity books on Malware, compared honestly: who each is for, what each does best, and which to read first.

Intermediate

5/52012

Practical Malware Analysis

The Hands-On Guide to Dissecting Malicious Software

Michael Sikorski, Andrew Honig

Still the gold standard textbook for static and dynamic malware analysis on Windows.

Advanced

4/52019

Rootkits and Bootkits

Reversing Modern Malware and Next Generation Threats

Alex Matrosov, Eugene Rodionov, Sergey Bratus

Matrosov, Rodionov and Bratus on persistent, deeply-embedded malware: kernel rootkits, MBR/UEFI bootkits, and the forensic techniques that surface them. Strongly Windows-internals oriented.

Read this if

Aspiring threat researchers, blue-teamers who want to read samples instead of forwarding them to a vendor, anyone preparing for GREM.

Malware analysts who need to handle below-the-OS persistence: kernel rootkits, MBR/UEFI bootkits, hypervisor-based threats. The deep specialist text in this corner of the field.

Skip this if

Mac/Linux malware, mobile, or modern packed loaders that defeat IDA's autoanalysis. The book is x86 Windows in spirit.

Generalist malware analysts, or anyone whose work doesn't touch firmware-level threats. The book is dense and assumes Windows internals fluency; readers without that background will struggle.

Key takeaways

Static and dynamic analysis are two halves of one workflow, not alternatives.
The labs are the book, the chapters are scaffolding to make the labs solvable.
Anti-analysis techniques deserve more time than newcomers usually give them.

Bootkits and UEFI rootkits are not theoretical; the book documents real samples (LoJax, MoonBounce, BlackLotus-class) and the techniques that make them detectable.
Secure Boot is necessary but not sufficient; the chapters on UEFI variables and SMM trust are required reading for anyone designing platform security.
Forensic detection of below-the-OS threats requires platform-specific tooling; the book's coverage of memory-acquisition pitfalls and integrity verification is the practical core.

How they compare

We rate Practical Malware Analysis higher (5/5 against 4/5 for Rootkits and Bootkits). For most readers, that means Practical Malware Analysis is the primary pick and Rootkits and Bootkits is a useful follow-up.

Practical Malware Analysis is pitched at intermediate level. Rootkits and Bootkits is pitched at advanced level. Read the easier one first if you're not yet comfortable with the topic.

Practical Malware Analysis and Rootkits and Bootkits both cover Malware, Reverse Engineering, so reading them in sequence reinforces the same material from different angles.

Keep reading