EpochZero Learn
EpochZero LearnMulti-Domain Tech Learning Hub
Courses
LeaderboardAbout
Dashboard
EpochZero
EpochZero Learn
Multi-Domain Tech Learning Hub

Structured learning for Reverse Engineering, Cloud Security, Cryptography, and Web Development. Articles, videos, tests, and peer discussion.

Learn

  • Learning Path
  • All Articles
  • Video Lessons
  • Podcast
  • eBooks & PDFs
  • Question Banks
  • Cheatsheets
  • MCQ Banks

Tests & Forum

  • All Tests
  • REMA Tests
  • Cloud Tests
  • Forum
  • REMA Forum
  • Cloud Forum
  • Crypto Forum
  • Web Dev Forum

Campus

  • REMA Club
  • Full Stack Dev Club
  • Extension Activity
  • Events
  • CTF Competitions
  • Workshops
  • Industrial Visits

Platform

  • Dashboard
  • Leaderboard
  • About
  • Verify Certificate

© 2026 EpochZero Learn. Educational content for learning purposes.

Course Instructor: Ashish Revar

Lab notebook

Articles & writeups

In-depth analyses of malware samples, technique deep-dives, and lab notes from the field. Long-form, technical, no fluff.

All articlesAnalyst PracticeEducationMalware Deliverycloud-securitymalware-analysisresearch-methodology

148 articles across all categories — page 12 of 17

Malware Delivery

ISO and IMG Container Abuse

Container files like ISO and IMG strip the Mark-of-the-Web from everything inside them when mounted as a drive. How BumbleBee and Emotet exploited this, what Microsoft changed, and how analysts triage containers today.

13 May 20269 min
Read →
Malware Delivery

LNK and Shortcut File Abuse

When Microsoft blocked internet-marked macros in 2022, attackers pivoted to LNK files. The binary structure, embedded command abuse, and the QakBot delivery chain that made LNK the dominant initial access vector of 2023.

13 May 20269 min
Read →
Education

Advanced Unpacking Defences

Stolen bytes, nanomites, PE header erasure, guard page anti-dumping, and the anticipatory unpacking methodology — how to reconstruct a fully functional PE when the packer fights every step of the process.

12 May 202618 min
Read →
Education

Code Misdirection Techniques

How malware corrupts disassembler output and misleads analysts — opaque predicates, SEH-based hidden control flow, overlapping instructions, indirect jumps, and TLS callbacks — with the exact bypass for each.

12 May 202618 min
Read →
Education

Protecting Embedded Data

How malware encrypts its configuration, C2 addresses, and string constants — multi-key XOR, encrypted config blocks in Cobalt Strike and Emotet, per-string encryption with zeroing, and FLOSS for runtime string recovery.

12 May 202616 min
Read →
Education

VM and Sandbox Detection

How malware fingerprints VMware, VirtualBox, and automated sandboxes through artefact checks, hardware queries, and behavioural tests — and how to build a convincing lived-in analysis VM that passes all checks.

12 May 202618 min
Read →
Education

Debugger Detection Techniques

Every major debugger detection technique — API-based, PEB-based, timing, hardware breakpoint scanning, TLS callbacks, trap flag, and interrupt-based — with the exact bypass for each.

12 May 202620 min
Read →
Education

Overview of Anti-Analysis Defences

The four layers of self-defence in sophisticated malware — debugger detection, VM detection, data protection, and code misdirection — with the analyst countermeasures for each layer.

12 May 202612 min
Read →
Education

Network Signatures and YARA Rules

Writing YARA rules for endpoint detection and Snort/Suricata rules for network detection — rule structure, string modifiers, condition logic, and how to test and validate both rule types against real samples.

12 May 202616 min
Read →
Prev1...1011121314...17Next