Book 1 is an introduction to malware analysis. It covers basic dynamic analysis, static code analysis, and has a large lab setup section. Looking at the cheat sheets I can see there are a lot of tools that are new to me that I will be using.
I am a bit suprised at this point that basic static analysis was barely mentioned. I'm not sure how relevant it still is, but no memtion of hashing and submitting the sample online for scanning (or doing it locally)
So far i've made it through the first two sections listed above, still need to setup the lab per the instuctions. I will also need to go back and do the lab from book1 when I get setup.
The code analysis section is decent. Once I re-read it this morning it was easier to understand and so far, easier to understand than the PMA book.
NOTE: it appears the book is going backwards to cover static analysis. It's very strange and I don't know why the book is setup this way. This is not in the teaching section, it's in the "lab setup and validation" portion, but it looks like there is going to be more instruction. Just flipping through they will be covering additional techniques and tools. I'll be coming back to edit this post when I get through the book tonight hopefully.
ook 1 is a good introduction like I said before. The lecture material does serve to reinforce the material and to answer any questions, though it seems that my group must be pretty knowledgeable, few questions are asked.
Book 2 starts getting into code analysis. Specifically assembly and understanding code conversions. (usually so far, seeing how C|C++ instuctions appear in assembly when looking at jumps and loops.
What I like about the book and lecture material for this book is that while it doesn't baby you, it is clear and flows logically. I know a little about assembly, but even without it, I think I could pick it up by reading and listening to the instructor (and seeing him do it). Seeing the instructor open a file in IDA Pro or Olly D, is really helpful. It is a different learning style than the one presented in something like PMA. The advice I would give you though, use the additional materials with book 2, don't think you can read your way through if you aren't comfortable ith ASM, listen to the MP3 or lecture, go through it on your own time (There isn't really enough time during the breaks to do it) I would actually suggest this: Read the book prior to the class. Either a day before, or something. Listen to the lecture during your class time, and do all the labs at the end of the class or while he is working them. You can actually do them during your reading, and you can ask questions you had during the lecture while he is doing them, but you'll likely get it while he is doing them.
I don't know how I like doing this class through vLive, as time management is an issue. Class is held at night. If you are working the day after your class, getting sleep can be an issue. Having to juggle work, transportation, sleep, ect can be... annoying. During book2 part 1 I was half asleep for a portion of the class and had to head off to bed during the last part (about an hr), so in addition to my "review" I had to try to watch the missing hr. well the next night, SWTOR came out with an update, no sleep that night, certainly no studying... Next night was class book2 part 2... so now i'm going to have to catch up on 2 nights this weekend. It can easily snowball.