EpochZero Learn
EpochZero LearnMulti-Domain Tech Learning Hub
Courses
LeaderboardAbout
Dashboard
EpochZero
EpochZero Learn
Multi-Domain Tech Learning Hub

Structured learning for Reverse Engineering, Cloud Security, Cryptography, and Web Development. Articles, videos, tests, and peer discussion.

Learn

  • Learning Path
  • All Articles
  • Video Lessons
  • Podcast
  • eBooks & PDFs
  • Question Banks
  • Cheatsheets
  • MCQ Banks

Tests & Forum

  • All Tests
  • REMA Tests
  • Cloud Tests
  • Forum
  • REMA Forum
  • Cloud Forum
  • Crypto Forum
  • Web Dev Forum

Campus

  • REMA Club
  • Full Stack Dev Club
  • Extension Activity
  • Events
  • CTF Competitions
  • Workshops
  • Industrial Visits

Platform

  • Dashboard
  • Leaderboard
  • About
  • Verify Certificate

© 2026 EpochZero Learn. Educational content for learning purposes.

Course Instructor: Ashish Revar

Lab notebook

Articles & writeups

In-depth analyses of malware samples, technique deep-dives, and lab notes from the field. Long-form, technical, no fluff.

All articlesAnalyst PracticeEducationMalware Deliverycloud-securitymalware-analysisresearch-methodology

148 articles across all categories — page 11 of 17

cloud-security

Cloud Threat Landscape & Session Hijacking via SSRF

The CSA Top 10 cloud threats, the SSRF-to-IMDS credential theft chain, and the critical difference between IMDSv1 and IMDSv2 — the attack patterns that dominate modern cloud breaches.

3 July 202613 min
Read →
cloud-security

Service Hijacking, Denial of Service & Economic DoS in the Cloud

How attackers steal cloud service access through credential exposure, weaponise cloud elasticity for Economic Denial of Sustainability attacks, and how defenders shut both down.

3 July 202611 min
Read →
cloud-security

Man-in-the-Cloud Attacks & Privacy Issues in Cloud

How sync tokens from Dropbox, OneDrive, and Google Drive are hijacked without ever touching a password — and the privacy, jurisdiction, and data isolation challenges that define cloud forensics and compliance.

3 July 202613 min
Read →
cloud-security

Threat Modelling with STRIDE & MITRE ATT&CK for Cloud

How to apply the STRIDE threat model to cloud workloads, and how the MITRE ATT&CK for Cloud matrix maps attacker techniques to cloud-native detection opportunities.

3 July 202613 min
Read →
cloud-security

Cloud Computing Fundamentals & Service Models

From the NIST five essential characteristics to IaaS, PaaS, SaaS and beyond — the building blocks every cloud security practitioner must understand before touching a single control.

3 July 202612 min
Read →
Malware Delivery

HTML Smuggling

How attackers deliver malicious payloads through ordinary-looking HTML files that assemble themselves inside the browser — bypassing every network filter that never gets to see the payload.

13 May 20268 min
Read →
Analyst Practice

IOC Extraction and Pivoting

After the static and dynamic analysis is done, the analyst extracts Indicators of Compromise and pivots — using one IOC to find related samples, infrastructure, and campaign linkages. The workflow, the tools, and the confidence model that makes an IOC report defensible.

13 May 202610 min
Read →
Analyst Practice

MITRE ATT&CK Technique Mapping

Mapping observed malware behaviour to MITRE ATT&CK techniques is now a standard deliverable in malware analysis. How to do it correctly — the 14 tactics, the confidence model, and using ATT&CK Navigator to communicate findings.

13 May 202610 min
Read →
Analyst Practice

Writing the Malware Analysis Report

The analyst report is the deliverable that turns a technical investigation into actionable intelligence for defenders. The eight-section structure, the executive summary that non-technical stakeholders can act on, and the reporting failures that undermine otherwise good analysis.

13 May 202611 min
Read →
Prev1...910111213...17Next