Lab notebook
In-depth analyses of malware samples, technique deep-dives, and lab notes from the field. Long-form, technical, no fluff.
46 articles in "Education" — page 5 of 6
The legal framework for reverse engineering malware in India, the United States, and the European Union — and the core distinction every analyst must understand before starting lab work.
The two core reversing tools — IDA Pro vs Ghidra for static analysis, x64dbg vs OllyDbg for dynamic — with practical selection guidance and the typical workflow for each.
The twenty most common x86 instructions, operand types, the function prologue and epilogue, and the stack frame layout that every malware analyst reads daily in a debugger.
The Intel x86 architecture from an analyst perspective — Von Neumann model, CISC design, the fetch-decode-execute cycle, general-purpose registers, EFLAGS, and why understanding these fundamentals enables code injection analysis.
What reverse engineering is, why it matters for malware analysis, how compiled binaries relate to assembly and source code, and the compilation pipeline an analyst works backwards through.
The three approaches analysts use to study malware — basic static, basic dynamic, and automated sandbox — each answering a progressively deeper question at a different depth.
Three landmark incidents — Stuxnet, Colonial Pipeline, and REvil/Kaseya — that changed how the industry thinks about defence. Each illustrates a different class of failure and a different lesson.
How malware rewrites itself to break signature-based detection — from simple stub rotation to full binary rewriting — and what detection strategies work against each technique.
A systematic reference covering all eighteen malware categories — from viruses and worms to fileless threats and logic bombs — with real-world examples, detection methods, and the three-question triage framework.