I am interested in learning RE also. After some search on the internet I found that most people recommend Practical Malware Analysis book. I started reading it, it's seems pretty interesting. I didn't get to the RE part yet but from looking at it seems to be pretty good for beginner.

'Practical Malware Analysis' was required reading for all RE candidates at my previous job.

It's very windows focused but teaches skills that are (somewhat) easily transferable.

Apart from the resources already mentioned, the book by Yurichev [1] was very helpful. Also, Practical Malware Analysis by Sikorski and Honig [2].

[1] https://beginners.re/

[2] https://www.amazon.com/Practical-Malware-Analysis-Hands-Diss...

Others will likely have more informed opinions, but here's some stuff:

Book: Web Application Hacker Handbook
http://www.wiley.com/WileyCDA/WileyTitle/productCd-111802647...

I've seen it highly recommended and if you're not familiar with the field it's a good overview of exploit types for web apps.

Online training for free or cheap:
Cybrary - mostly okay, but free.

PluralSight - https://www.pluralsight.com/browse/it-ops/security

Coursera has a Cybersecurity Fundamentals specializationd that's pretty good - https://www.coursera.org/specializations/cyber-security

Other books, if you wanted to go down the reverse engineering route:

Assembly Language Step-by-Step: Programming with Linux

The IDA Pro Book (for the strangely hard to buy IDA Pro, but the free version is pretty good)

Practical Malware Analysis

Random's tutorials are very good, though at the moment I'm making more headway with Lena's (linked above on tuts4you). This is probably because I'm still new to assembly language and Olly/idb.

The canonical intro book I recommend is Practical Malware Analysis (No Starch), with their debugging and IDA books as supplements :) http://www.nostarch.com/malware

Seconding Practical Malware Analysis and adding a write-in for The Rootkit Arsenal, which is a very practical guide and walkthrough for building functional rootkits.

I picked up the IDA Pro book on a sweet deal before getting an IDA Pro license and it just makes me sad, since I don't exactly want to shell out for the license yet.

The lecture slides are released. If you're looking for more detail, I highly recommend the Practical Malware Analysis book! There are also additional books recommended in the readme for the class.

We've talked a little about doing something *nix, but I don't think we will have the time until maybe the Summer, as all of us 3 authors are full-time students.

As someone else said. Practical Malware Analysis is great. The ghidra book by Eagle is also decent as well.

The best thing for RE learning though is to use Visual Studio to write a few programs. From the debugger view you can use the assembly, and see what your program ends up in.

You also want to think about it as the programmer. You have a MASSIVE program. You want to see where it creates files. You know that on windows, it HAS to go through CreateFile, or at least NTcreatefile function or system call. So you can watch for these, or look where they are called in Ghidra. Now you can mark all the functions in the chain using xrefs (What references this) and then get all the functions that use createfile out of the way!

And lastly, as a programmer, you know the apis. So think of what cases someone would use printf for example. There's not many. You know by the use of printf, there's some sort of logging at that location. If they use openfile. You have a good idea that all the code surrounding that call is going to be about the file being opened.

TL;DR. Start from api calls, and work backwards. Use your knowledge as a dev for what these api calls are used for. And walk that call chain and mark. Eventually every function is mapped.

Practical Malware Analysis - book by Michael Sikorski and Andrew Honig

Back when I took an interest in malware analysis I got the book Practical Malware Analysis and must say it really was brilliant. Analyzing malware requires knowledge of a range of different technical areas, and the book introduced them well. The best thing though are the malware samples supplied for analysis after each chapter so you can test your new skills, and then the detailed walk-throughs of how each should have been analysed in the appendix.

You might need some additional help with assembly. Personally I looked at the "megaprimers" on securitytube.net and then the Intermediate Intel x86 series of video lectures on opensecuritytraining.info.

Proper study of the material takes time and I never got through it all. Perhaps I'll get to return to it.

My answer relates to experiences getting started in malware analysis rather than microcontroller assembler, but it might be useful to you :)

I took an interest in malware analysis last autumn and cant recommend the book Practical Malware Analysis enough. It introduces the subject to a beginner including the wide variety of skills required and tools used. One of the best things about the book is the malware samples supplied for analysis at the end of each chapter and then the detailed walk-throughs of how it should have been done.

The book focusses on windows malware and thus discusses x86 assembly, both an introduction to and identifying the constructs of higher level languages on dissassembly.

I immediately looked to supplement the information on assembly however. First with the Linux Assembly and Windows assembly "megaprimers" on securitytube.net, then with the Intermediate Intel x86 series of video lectures on opensecuritytraining.info. The quality of the latter was very good, so much so that I may go back and watch the introductory x86 lectures as well. I'm not usually a fan of video tutorials, but I thought the format suited the topic quite well.

I've stopped looking into malware analysis for now due to work, part time college and side projects that will hopefully lead to better work in the short term. I do look forward to picking it up again in the future though, its really quite fascinating.