EpochZero Learn
EpochZero LearnMulti-Domain Tech Learning Hub
Courses
LeaderboardAbout
Dashboard
EpochZero
EpochZero Learn
Multi-Domain Tech Learning Hub

Structured learning for Reverse Engineering, Cloud Security, Cryptography, and Web Development. Articles, videos, tests, and peer discussion.

Learn

  • Learning Path
  • All Articles
  • Video Lessons
  • Podcast
  • eBooks & PDFs
  • Question Banks
  • Cheatsheets
  • MCQ Banks

Tests & Forum

  • All Tests
  • REMA Tests
  • Cloud Tests
  • Forum
  • REMA Forum
  • Cloud Forum
  • Crypto Forum
  • Web Dev Forum

Campus

  • REMA Club
  • Full Stack Dev Club
  • Extension Activity
  • Events
  • CTF Competitions
  • Workshops
  • Industrial Visits

Platform

  • Dashboard
  • Leaderboard
  • About
  • Verify Certificate

© 2026 EpochZero Learn. Educational content for learning purposes.

Course Instructor: Ashish Revar

Lab notebook

Articles & writeups

In-depth analyses of malware samples, technique deep-dives, and lab notes from the field. Long-form, technical, no fluff.

All articlesAnalyst PracticeEducationMalware Deliverycloud-securitymalware-analysisresearch-methodology

46 articles in "Education" — page 3 of 6

Education

Extending to x64 Analysis

The key differences between x86 and x64 that matter for reverse engineering — sixteen registers, the Microsoft x64 ABI calling convention, shadow space, RIP-relative addressing, and reading API calls in x64dbg.

12 May 202616 min
Read →
Education

Living off the Land (LotL)

How attackers abuse legitimate signed Windows binaries to download payloads, execute code, and bypass security controls — with command examples for nine LOLBins and detection strategies using Sysmon.

12 May 202616 min
Read →
Education

API Hooking

How malware intercepts Windows API calls using inline trampoline hooks and IAT hooks — the mechanics of each, what trampolines are, rootkit hiding via NtQueryDirectoryFile, and detection tools.

12 May 202616 min
Read →
Education

Code Injection Techniques

The four primary code injection techniques — classic DLL injection, reflective DLL injection, process hollowing, and APC injection — with API sequences, detection indicators, and analyst countermeasures.

12 May 202618 min
Read →
Education

DLL Analysis

How malicious DLLs differ from executables, why DllMain is the primary attack vector, and how to analyse DLL exports using rundll32 — including ordinal-only exports and service-mode DLLs.

12 May 202616 min
Read →
Education

Windows API Patterns in Malware

The four core Windows API call sequences every analyst must recognise — registry persistence, keylogging, HTTP C2 communication, and dropper/downloader behaviour — with assembly-level examples.

12 May 202618 min
Read →
Education

Control Flow Analysis

Basic blocks, control flow graphs, CFG construction in IDA Pro and Ghidra, and the obfuscation techniques malware uses to corrupt disassembler output — with practical bypass approaches for each.

12 May 202615 min
Read →
Education

Assembly Logic Structures in the Disassembler

How if/else, for, while, and switch statements compile to x86 — recognising these patterns in IDA Pro and Ghidra to reconstruct program logic from raw disassembly.

12 May 202616 min
Read →
Education

Behavioural Analysis of Windows Executables

Running malware safely in an isolated VM and monitoring the three dimensions of behaviour — process activity, file and registry changes, and network traffic — to build a complete runtime profile.

12 May 202618 min
Read →
Prev123456Next