Lab notebook
In-depth analyses of malware samples, technique deep-dives, and lab notes from the field. Long-form, technical, no fluff.
41 articles in "research-methodology" — page 5 of 5
Fundamental or applied? Qualitative or quantitative? Experimental or merely observational? Most studies sit on all three scales at once -- and confusing observational data with an experiment is one of the most common mistakes in security research.
A study with no stated boundary is one whose claims cannot be checked by anybody -- including the person who ran it. Scope and limitations are how research states, honestly, what it does and does not prove.
"IoT security" is a topic. It is not a research problem. The Mirai botnet shows what reframing a question actually looks like -- and how splitting a big question into two or three sub-problems turns a news story into something you can actually answer.
Seven stages, four standing criteria, and why the WannaCry attribution to North Korea was not accepted the day the first report came out -- it took several independent labs reaching the same conclusion before anyone called it settled.
Three approaches dominate this field -- empirical, theoretical, and applied engineering. Marcus Hutchins' discovery of the WannaCry kill switch shows what applied research looks like when it happens in real time, with the world watching.