Lab notebook
In-depth analyses of malware samples, technique deep-dives, and lab notes from the field. Long-form, technical, no fluff.
148 articles across all categories — page 16 of 17
How to build a safe, isolated malware analysis environment — VM configuration, pre-built distributions, and the complete tool stack organised by category.
Controlled execution in a debugger — stepping, the three breakpoint types, exception handling, and execution modification techniques that analysts use to bypass anti-debugging and expose hidden malware behaviour.
The legal framework for reverse engineering malware in India, the United States, and the European Union — and the core distinction every analyst must understand before starting lab work.
The two core reversing tools — IDA Pro vs Ghidra for static analysis, x64dbg vs OllyDbg for dynamic — with practical selection guidance and the typical workflow for each.
The twenty most common x86 instructions, operand types, the function prologue and epilogue, and the stack frame layout that every malware analyst reads daily in a debugger.
The Intel x86 architecture from an analyst perspective — Von Neumann model, CISC design, the fetch-decode-execute cycle, general-purpose registers, EFLAGS, and why understanding these fundamentals enables code injection analysis.
What reverse engineering is, why it matters for malware analysis, how compiled binaries relate to assembly and source code, and the compilation pipeline an analyst works backwards through.
The three approaches analysts use to study malware — basic static, basic dynamic, and automated sandbox — each answering a progressively deeper question at a different depth.
Three landmark incidents — Stuxnet, Colonial Pipeline, and REvil/Kaseya — that changed how the industry thinks about defence. Each illustrates a different class of failure and a different lesson.