Lab notebook
In-depth analyses of malware samples, technique deep-dives, and lab notes from the field. Long-form, technical, no fluff.
3 articles in "Analyst Practice"
After the static and dynamic analysis is done, the analyst extracts Indicators of Compromise and pivots — using one IOC to find related samples, infrastructure, and campaign linkages. The workflow, the tools, and the confidence model that makes an IOC report defensible.
Mapping observed malware behaviour to MITRE ATT&CK techniques is now a standard deliverable in malware analysis. How to do it correctly — the 14 tactics, the confidence model, and using ATT&CK Navigator to communicate findings.
The analyst report is the deliverable that turns a technical investigation into actionable intelligence for defenders. The eight-section structure, the executive summary that non-technical stakeholders can act on, and the reporting failures that undermine otherwise good analysis.