Cyber Shelf

// What to read next

What to read after Rootkits and Bootkits

Where to go after Rootkits and Bootkits, picked from our catalog. The next step up from advanced level, weighted toward the topics this book covers.

MalwareReverse EngineeringWindows Internals

  1. 01 · 2014

    Practical Reverse Engineering

    A working reverser's textbook from three Microsoft / Quarkslab veterans, covering the architectures and toolchain you'll actually meet on real targets, including the Windows kernel and modern obfuscation patterns.

    Advanced
    4/5Bruce Dang, Alexandre Gazet, Elias Bachaalany

  2. 02 · 2009

    Les virus informatiques : théorie, pratique et applications

    Éric Filiol's reference French-language treatment of computer virology. Formal theory, infection mechanisms, offensive and defensive applications, with academic rigor rare on the topic.

    Advanced
    5/5Éric Filiol

  3. 03 · 2024

    Evasive Malware

    Kyle Cucci on the anti-analysis arms race: sandbox detection, anti-debug, anti-VM, packing, and the analyst-side tooling and tradecraft that get past those layers.

    Advanced
    4/5Kyle Cucci

  4. 04 · 2007

    Techniques virales avancées

    Specialized follow-up to Filiol's Les virus informatiques. Dives into advanced malicious-code attack techniques and their defensive analysis.

    Advanced
    4/5Éric Filiol

  5. 05 · 2022

    The Art of Mac Malware, Volume 1

    Patrick Wardle's deep dive on macOS malware analysis: persistence patterns, injection techniques, anti-analysis tricks, and the macOS-specific tooling needed to triage real samples.

    Advanced
    4/5Patrick Wardle

  6. 06 · 2017

    Windows Internals, Part 1

    The canonical Microsoft Press reference on Windows internals: how processes, threads, memory and system services are actually implemented in the modern Windows kernel. User-mode focus in this volume.

    Advanced
    5/5Pavel Yosifovich, Alex Ionescu, Mark Russinovich, David Solomon

  7. 07 · 2018

    Practical Binary Analysis

    Dennis Andriesse on the binary toolchain you can actually script: ELF internals, dynamic taint analysis, symbolic execution and instrumentation with concrete code-along examples.

    Advanced
    5/5Dennis Andriesse

  8. 08 · 2014

    The Art of Memory Forensics

    Ligh, Case, Levy, and Walters' canonical reference on memory analysis with Volatility — the technique, the tooling, and the operating-system internals it depends on, across Windows, Linux, and macOS.

    Advanced
    5/5Michael Hale Ligh, Andrew Case, Jamie Levy, AAron Walters
Back to Rootkits and BootkitsAlternatives to Rootkits and Bootkits