I don't have a single learning resource to recommend for VM security overall. But I would say that if you're going to test infected ISO files, and doing this with a completely separate physical system that's disconnected from any network isn't on the table for you, then a VM with the riskier integration features disabled (as you said, VMware Tools in this case) is the next best thing. I do know that there have been exploits where a guest VM can affect something on the host and/or on another guest VM running on that host, such as reading or even changing values in the memory space of the host or other guest. Just off the top of my head, I'm not sure I've heard of any exploits where actual malware running in the guest has managed to transfer itself to the host without any integration features enabled, but that doesn't necessarily mean there hasn't been such a case. All that said, these exploits are quite rare, as evidenced by the fact that the bug bounties offered by VMware and Microsoft for these type of "hypervisor escape" exploits are quite high (and also by the fact that if these were commonplace, it wouldn't really be practical for public cloud VM hosting like Amazon EC2 and Microsoft Azure to exist in the first place). Additionally, the cases I'm recalling off the top of my head were purpose-built code meant as a proof of concept, not malicious outbreaks that occurred in the wild.