Overview
Wait, you make how much?
This is Shellfish Security, an autist's guide to Malware Analysis and Digital Forensics.
Malware Analysis is a heavily in-demand career. If you plan to pursue this path, you’re looking at easily $100k+/yr. In the U.S., having a Top Secret (TS) security clearance can get you up to $300k/yr. The government is willing to pay millions to threat intelligence contractors (FireEye/Mandiant, Sophos, Palo Alto) to protect their systems and networks.
The catch is that it’s not easy. Reverse engineering malware is an incredibly difficult puzzle that only few cybersecurity folks can handle. This is why it pays so well. Modern malware is full of anti-reversing techniques such as obfuscators, packers, anti-VM and anti-debugger checks, you name it. You may not know these terms yet, but by reading this Substack, you will not only understand the terms, but also be able apply them in a hands-on scenario.
Digital Forensics is the less intense younger brother of Malware Analysis. Think capturing digital images during police investigations, and searching for illegal activity on captured devices. The salary is ~$60k-$80k/yr. The field is growing, however, since more and more people (and criminals) are connected digitally.
Forensic Analysts will know the ins and outs of operating systems and their respective file structures, they will understand how files are stored and the metadata properties of common file types, and they will know how to extract data from most any type of device.
The purpose of this Substack is to educate willing anons (like you) to be able to carve your path as either a Malware Analyst or a Digital Forensic Analyst.
My mantra for learning is “learn by doing”. I will provide examples and links to resources for you to learn at your own pace and in your own way.
I aim to post weekly at the minimum and alternate between free and paid posts. Free posts will discuss tools, topic introductions, and general cybersecurity information. Paid posts will more in-depth concerning detailed walkthroughs, reverse engineering methods, and niche topics/concepts.
I sincerely appreciate any and all readers at any level of understanding. If you would like to, please subscribe to support me and this Substack.