EpochZero Learn
EpochZero LearnMulti-Domain Tech Learning Hub
Courses
LeaderboardAbout
Dashboard
EpochZero
EpochZero Learn
Multi-Domain Tech Learning Hub

Structured learning for Reverse Engineering, Cloud Security, Cryptography, and Web Development. Articles, videos, tests, and peer discussion.

Learn

  • Learning Path
  • All Articles
  • Video Lessons
  • Podcast
  • eBooks & PDFs
  • Question Banks
  • Cheatsheets
  • MCQ Banks

Tests & Forum

  • All Tests
  • REMA Tests
  • Cloud Tests
  • Forum
  • REMA Forum
  • Cloud Forum
  • Crypto Forum
  • Web Dev Forum

Campus

  • REMA Club
  • Full Stack Dev Club
  • Extension Activity
  • Events
  • CTF Competitions
  • Workshops
  • Industrial Visits

Platform

  • Dashboard
  • Leaderboard
  • About
  • Verify Certificate

© 2026 EpochZero Learn. Educational content for learning purposes.

Course Instructor: Ashish Revar

Podcast/EP 06
The Cloud-Malware Paradox: Bridging Forensics and Defense cover art
Cloud SecurityEP 06
12 May 2026

The Cloud-Malware Paradox: Bridging Forensics and Defense

Explore how malware impacts modern cloud infrastructures beyond cybersecurity alone. This episode examines the relationship between cloud forensics, virtualized environments, resource exhaustion, operational risk, and the growing physical footprint created by malicious workloads in cloud ecosystems.

0:00 / 0:00
EpochZero Tech Talks — The Cloud-Malware Paradox: Bridging Forensics and Defense

Transcript

Conversation between Alex and Maya

Alex — leftMaya — right
Alex
You know, usually when we talk about a medical diagnosis, there's this expectation of like clinical precision.
Maya
Right.
Alex
Yeah.
Maya
It's usually a very clean binary outcome.
Alex
Exactly.
Maya
I mean, you break your arm.
Alex
The X-ray shows a jagged white line on a black background.
Maya
The doctor just points at it and says, you know, there it is.
Alex
That's the problem.
Maya
It's broken or not broken.
Alex
Right.
Maya
But then you step into the world of network security and cloud infrastructure.
Alex
And suddenly that X-ray machine is just malfunctioning.
Maya
Oh, totally.
Alex
The image is blurry.
Maya
The bones keep moving around.
Alex
And the diagnostic landscape is, well, honestly, it's just murky.
Maya
It is the absolute definition of diagnostic muddy waters.
Alex
I mean, especially when you start trying to figure out where the cloud actually lives.
Maya
Yeah, where does it live?
Alex
Right.
Maya
And more importantly, where it bleeds over into our physical devices.
Alex
Which is exactly why we are here today.
Maya
So welcome.
Alex
And I am talking directly to you, the CTA student, joining us for this custom tailored deep dive.
Maya
We've got some great stuff today.
Alex
We really do.
Maya
We have a very specific mission for you today.
Alex
We are exploring the cloud malware paradox, bridging forensics and defense.
Maya
It's such a critical intersection, too.
Alex
I mean, you really cannot investigate a compromised system if you don't understand how it was supposed to be built in the first place.
Maya
No, absolutely not.
Alex
And to give you the full picture, we have a pretty serious stack of materials on the desk today.
Maya
A lot to get through.
Alex
Yeah.
Maya
We are looking at academic frameworks covering.
Alex
Zero trust architecture, highly detailed threat actor write ups on AWS vulnerabilities, which are fascinating, by the way.
Maya
Oh, mind blowing.
Alex
Plus, deep dive forensic analyses of Dropbox and Google Drive remnants on Windows 10 and comprehensive educational units that bridge cloud security with reverse engineering.
Maya
OK, let's unpack this because the central paradox we are dealing with is just wild.
Alex
The paradox really serves as like the foundation for this entire field of study.
Maya
Right.
Alex
Because on one hand, we build the cloud to be this secure, distributed, untouchable fortress.
Maya
Supposedly untouchable.
Alex
Right.
Maya
Supposedly.
Alex
Yet human habits and just simple misconfigurations make it incredibly vulnerable.
Maya
And then perhaps most frustratingly for forensic investigators, this invisible ethereal cloud actually leaves a permanent physical footprint on local machines.
Alex
And a messy footprint at that.
Maya
Remarkably messy.
Alex
Well, before we can even begin.
Maya
To track how an attacker exploits that mess, we really have to look at the blueprint of the fortress.
Alex
Yeah.
Maya
Setting the stage.
Alex
We need to understand how cloud defense actually works today because we are, frankly, far past the era of the safe network.
Maya
Yeah, we really are.
Alex
The old standard was perimeter based security.
Maya
Think of it like like a medieval castle.
Alex
Castle.
Maya
You build a massive wall and a moat.
Alex
If someone is outside the wall, they are untrusted.
Maya
But once they lower the drawbridge and get inside the courtyard.
Alex
They essentially have the run of the place.
Maya
They're inherently trusted at that point.
Alex
Exactly.
Maya
Inherently trusted.
Alex
But then, you know, remote work exploded.
Maya
We introduced billions of IOT devices and companies just wholesale moved their servers to third party data centers.
Alex
And so the castle walls just completely dissolved.
Maya
I mean, the perimeter no longer exists, which is why the entire industry has shifted to zero trust architecture or ZTA.
Alex
The core assumption of zero trust is baked right into the name.
Maya
You know, trust nobody.
Alex
You do not inherently trust anyone or anyone.
Maya
You do not inherently trust anyone or anything, regardless of whether they are sitting in the corporate headquarters or at a coffee shop halfway across the world.
Alex
So if the traditional defense was a castle, zero trust operates more like like a high security hotel.
Maya
Oh, I like that.
Alex
Right.
Maya
You know, just walk into the lobby and get free rein.
Alex
Your key card is verified at the front desk.
Maya
Yep.
Alex
It's verified again to call the elevator.
Maya
It's scanned a third time to get onto your specific floor and then a fourth time at your room door.
Alex
That's spot on.
Maya
Your key card only opens your door.
Alex
Nobody else's.
Maya
That analogy hits on the continuous verification aspect beautifully.
Alex
I mean, to build that high security hotel, ZTA relies on five core pillars.
Maya
OK, what are they?
Alex
Identity, device, network, application and data.
Maya
So you don't just check the user's password once.
Alex
You constantly verify their identity.
Maya
Constantly.
Alex
Yes.
Maya
You evaluate the posture of their device, like is their operating system actually patched?
Alex
Right.
Maya
You monitor the network traffic.
Alex
Continuously.
Maya
You restrict application workloads and crucially, you apply granular access controls to the data itself.
Alex
All of this enforces the principle of least privilege.
Maya
OK, but implementing that level of granular control seems incredibly complex, especially when you factor in third party cloud providers.
Alex
It is complex.
Maya
I mean, if I am a business owner and I am paying top dollar to rent space in an Amazon Web Services data center, shouldn't they be handling the heavy lifting of that security?
Alex
Like, why is.
Maya
Securing the database still my headache?
Alex
And that right there is the crux of the shared responsibility model.
Maya
And honestly, it's where most major breaches originate.
Alex
Really?
Maya
Just from confusion over who does what?
Alex
Basically, yeah.
Maya
It fundamentally comes down to an abstraction layer.
Alex
So AWS or any major cloud provider handles the security of the cloud.
Maya
But you, the customer, manage security in the cloud.
Alex
So they secure the concrete and I secure the furniture.
Maya
Essentially, yes.
Alex
They secure the physical data centers, the hardware.
Maya
The hypervisors running the virtual machines and all the core networking infrastructure.
Alex
Right.
Maya
They make sure nobody steals the actual hard drives.
Alex
Exactly.
Maya
They guarantee nobody's going to walk into a server farm with a crowbar.
Alex
But if you spin up an e-commerce platform, you have to patch the operating system on that virtual machine.
Maya
That's on me.
Alex
Right.
Maya
You have to encrypt the financial data and you have to configure the identity and access management to the IAM roles.
Alex
I see.
Maya
If you configure a database to be publicly.
Alex
Readable because, you know, it was just easier for your developers, AWS will not stop you.
Maya
They provide the locks, but you have to remember to turn the key.
Alex
Wow.
Maya
Which transitions us perfectly into how attackers operate.
Alex
It really does.
Maya
Because when a user fails their end of that shared responsibility, the attackers don't even need to burn like zero day exploits to get in.
Alex
They just walk through an open door.
Maya
Yeah, they just turn the handle.
Alex
And the threat actor write ups we reviewed highlight a tactic that is frankly.
Maya
Terrifying in its simplicity.
Alex
It really is.
Maya
I mean, they often use information that the platform itself doesn't even classify as sensitive.
Alex
The AWS account ID.
Maya
Yes.
Alex
This part of the research completely shifted how I view cloud reconnaissance.
Maya
I mean, it's just a 12 digit number, right?
Alex
Like one, one, one, two, two, three, three, three, four, four, four or whatever.
Maya
Correct.
Alex
It uniquely identifies an AWS account and it's used to construct Amazon resource names.
Maya
Okay.
Alex
And AWS officially states that account IDs are not secret.
Maya
I mean.
Alex
Developers post them in public GitHub repositories and support forums literally every single day.
Maya
But an attacker views it differently.
Alex
Oh, absolutely.
Maya
A sophisticated threat actor views that 12 digit number as the primary vector for an attack.
Alex
So having an AWS account ID is basically like knowing a bank's routing number.
Maya
Exactly.
Alex
It doesn't give you the money in the vault, but it tells you exactly which bank safe deposit boxes you should start rattling to see if a teller forgot to lock one.
Maya
Yes, that's a perfect way to put it.
Alex
And what's fascinating here is how they actually.
Maya
They actually extract that ID.
Alex
Let's trace the exact methodology from the threat actor source material because the mechanics are just brilliant.
Maya
Walk us through it.
Alex
So an attacker starts by scanning a target company's website.
Maya
They look at the source code and notice the website's images are being pulled from a public Amazon S3 bucket.
Alex
Let's say it's named Marketing Images Public.
Maya
Which is completely normal, right?
Alex
I mean, S3 buckets are designed to host public web assets.
Maya
Totally normal.
Alex
But the attacker wants to know the 12 digit account ID of the specific company that owns it.
Maya
That bucket.
Alex
Okay.
Maya
To do this, they run a Python tool.
Alex
The sources mentioned one called S3 account search.
Maya
The attacker uses their own AWS account and writes an IAM policy script that utilizes a specific condition key.
Alex
A condition key.
Maya
Yeah.
Alex
Called S3 dot resource account.
Maya
This key asks AWS's authorization engine to basically check if a specific S3 bucket belongs to a specific 12 digit account ID.
Alex
Wait, how does that work in practice?
Maya
Are they just blind?
Alex
They're blindly guessing a 12 digit number because a 12 digit number has a trillion possible combinations.
Maya
It's a literal trillion.
Alex
Yes.
Maya
That would trigger rate limits immediately or just take a lifetime to brute force.
Alex
And that's the genius of it.
Maya
They don't guess all 12 digits at once.
Alex
Oh.
Maya
They exploit how the AWS IAM evaluation engine processes wildcards.
Alex
Oh, wow.
Maya
Right?
Alex
The script sends a request asking, hey, does this bucket belong to an account starting with the number one followed by a wildcard?
Maya
Sneaky.
Alex
Very.
Maya
AWS processes that request.
Alex
If it throws a specific access denied error instead of a resource not found error, the attacker's script registers a Boolean logic leak.
Maya
It confirms the first digit is a one.
Alex
Oh, man.
Maya
So they just move to the next digit.
Alex
Like, does it start with one, two wildcard?
Maya
Yes, exactly.
Alex
By using string matching and wildcards, they reduce a trillion combinations down to a maximum of 120 guesses.
Maya
That is insane.
Alex
120 guesses.
Maya
Yep.
Alex
The script can spit out the exact 12 digit.
Maya
AWS account ID of the target company in a matter of seconds.
Alex
So now they have the routing number.
Maya
What do they do with it?
Alex
How do they rattle the safe deposit boxes?
Maya
Well, the attacker takes that 12 digit ID, logs into their own AWS management console, and navigates to the Elastic Block Store or EBS dashboard.
Alex
Okay, EBS.
Maya
Right.
Alex
EBS handles the virtual hard drives for cloud servers.
Maya
The attacker goes to the snapshots menu, which are essentially block level backups of those hard drives.
Alex
They filter their search by public snapshots and simply paste the victim's 12 digit account ID into the owner field.
Maya
And if a developer at that company was, I don't know, troubleshooting a server, created a backup snapshot, and accidentally clicked make public instead of keeping it private.
Alex
It instantly populates on the attacker's screen.
Maya
Oh, no.
Alex
Yes.
Maya
The attacker can then mount that hard drive backup to their own server and extract proprietary source code, hard coded passwords, customer databases, API keys, you name it.
Alex
They literally turn convenience into a vulnerability.
Maya
Exactly.
Alex
They leverage the cloud's inherent design for seamless interconnectedness and turn it into a devastating exploit.
Maya
All stemming from a minor misconfiguration on the user's end of the shared responsibility model.
Alex
Precisely.
Maya
So once the attacker steals that snapshot, extracts an API key, and breaches the actual environment to deploy a payload, a crime has been committed.
Alex
A massive one.
Maya
Right.
Alex
And we have to investigate.
Maya
But tracking an attacker through a cloud environment seems nearly impossible.
Alex
Everything is ephemeral.
Maya
I mean, virtual machines are spun up to handle traffic and destroyed an hour later.
Alex
The volatility is a huge challenge for incident response.
Maya
If a compromised server is terminated by an auto scaling group, the memory and the local disk state are just gone forever.
Alex
Right.
Maya
Reconstructing events purely from cloud trail logs is often, well, insufficient.
Alex
But the forensic research we have here reveals a major blind spot for attackers.
Maya
That paradox we mentioned earlier.
Alex
Ah, yes.
Maya
The physical footprint.
Alex
Right.
Maya
To use the cloud effectively, it actually relies heavily on the physical local machines sitting on our desks.
Alex
The research zeroed in on cloud storage applications, specifically Google Drive and Dropbox installations on Windows 10 endpoints.
Maya
And the forensic remnants they leave behind are an absolute goldmine.
Alex
I have to admit, I struggled with the underlying logic of this at first.
Maya
How so?
Alex
Well, if I am using Google Drive, the whole point is that my files are on Google's servers.
Maya
I assume the local application is just acting like a web browser, just rendering the information for me.
Alex
Why would it leave a permanent, messy footprint deep inside my solid state drive?
Maya
It really comes down to performance and operating system integration.
Alex
Okay.
Maya
If a cloud client just streamed data like a web browser, every time you open a Word document, there would be significant latency.
Alex
Ah, that makes sense.
Maya
To make the cloud feel native, to make a remote file open as fast as a local one, the cloud application has to tightly hook into the Windows OS kernel and the Explorer process.
Alex
Right, it has to cache it.
Maya
Exactly.
Alex
It caches data, it tracks synchronization states, and to do all of that, it has to build complex local databases.
Maya
And those databases don't just vanish if you delete the application.
Alex
Rarely.
Maya
Even if an insider threat steals proprietary data, deletes the files, and completely uninstalls the Dropbox application to cover their tracks, the Windows app data folder retains the hidden infrastructure.
Alex
That is wild.
Maya
For Dropbox, investigators locate SQLite databases like config.dbx, which stores the host ID, the user's account email, and the local path where the sync folder was mapped.
Alex
And the research detailed similar SQLite databases for Google Drive, right?
Maya
Yes.
Alex
Google Drive relies on a database called snapshot.db.
Maya
It contains intricate tables like locale entry and cloud entry.
Alex
What do those track?
Maya
These tables log the exact local file paths, the file types, and even the cryptographic checksums of everything that was synced.
Alex
So an investigator can pull that SQLite database, query the cloud entry table, and definitively prove that a highly sensitive financial spreadsheet existed on that specific laptop.
Maya
Yes.
Alex
They'd know exactly how many bytes it was and know the exact second it was uploaded to the cloud, even if the file itself has been totally overwritten.
Maya
Precisely.
Alex
The system basically acts as a compulsive note-taker, but the artifacts extend far beyond just the application's own databases.
Maya
What else is there?
Alex
The operating system itself logs the interactive data.
Maya
Exactly.
Alex
It's an interactive interaction.
Maya
Windows creates prefetch files to optimize how applications load into memory.
Alex
Analyzing those reveals the exact execution times of the cloud's sync binaries.
Maya
Wow.
Alex
The local Windows thumb cache might also retain thumbnail images of synced photos long after the high-resolution originals are wiped.
Maya
The artifact that fascinated me the most was how this ties into the Windows registry, the Shellycon overlay identifiers.
Alex
Yes.
Maya
This is a perfect example of how UI integration leaves a forensic track.
Alex
Think about your daily workflow.
Maya
When you drop a file into a synced cloud folder, you see a little blue-skinning arrow icon overlay, right?
Alex
Yeah.
Maya
And when it finishes, it turns into a solid green checkmark.
Alex
Exactly.
Maya
It gives you visual confirmation that it backed up.
Alex
But to render those specific graphical overlays on top of the standard file icon, the CLAR application must modify the Windows registry.
Maya
Ah, so it leaves a mark.
Alex
It injects keys under Shellycon overlay identifiers.
Maya
Therefore, an investigator analyzing a suspect's registry can identify the key.
Alex
Yes.
Maya
That's right.
Alex
And that key can be used to identify the key.
Maya
But the fact that the key is in the registry can definitively prove that Google Drive was installed, running, and actively monitoring file states, regardless of what the user claims.
Alex
You can't hide it.
Maya
Right.
Alex
Reconstructing this behavior dynamically is absolutely critical.
Maya
But finding a snapshot.db database, or a registry key, is really only the first step.
Alex
Finding the container doesn't mean you can read the contents.
Maya
Very true.
Alex
Because modern cloud environments employ heavy data protection mechanisms, which forces investigators to read data that actually contains the key.
Maya
This requires a major shift in how we approach analysis, and it brings us to the concepts covered in Unit 4 of our materials.
Alex
Right.
Maya
Data obfuscation and reverse engineering.
Alex
Yep.
Maya
Because data obfuscation is basically the process of intentionally scrambling code, or data, to make it incomprehensible to automated analysis tools, or human eyes.
Alex
And it's used constantly by legitimate defenders.
Maya
It is fundamental to modern security.
Alex
Password managers use obfuscation to protect stored credentials and memory.
Maya
Secure cloud platforms use packing algorithms to protect their proprietary software from being reverse engineered by competitors.
Alex
It ensures data integrity.
Maya
Here's where it gets really interesting.
Alex
It's like a spy writing a sensitive letter in invisible ink.
Maya
I love that analogy.
Alex
The legitimate recipient has the specific chemical wash needed to make the text visible.
Maya
Oh.
Alex
But if a forensic investigator raids an office and finds the physical piece of paper, say they pull snapshot.db off a hard drive, the paper itself is useless.
Maya
They need to figure out what chemical wash to apply.
Alex
Exactly.
Maya
And that requires the reverse engineering and malware analysis, or REMA, mindset.
Alex
The REMA mindset, right.
Maya
Because the challenge for cloud investigators is that threat actors are highly aware of our forensic techniques.
Alex
They use the exact same packing and obfuscation algorithms that legitimate cloud providers use, but they use them to hide malicious payloads.
Maya
So they turn our own cryptographic tools against us.
Alex
Exactly.
Maya
Let's say a threat actor breaches that AWS environment.
Alex
Using the stolen snapshot we talked about.
Maya
Okay.
Alex
They want to deploy a backdoor implant on an EC2 instance to maintain persistence.
Maya
If they drop a standard compiled piece of malware onto the server, the cloud provider's endpoint detection and response tools will immediately flag the known signature and just kill the process.
Alex
So how do they bypass that?
Maya
They pack it.
Alex
They wrap the malicious code in layers of encryption and obfuscation.
Maya
Okay.
Alex
When the antivirus scans the file on the hard drive, all it sees is high entropy.
Maya
Random noise.
Alex
It looks like a benign encrypted database or a proprietary application component.
Maya
Wait, but if it's just random noise, how does the malware actually execute and do its job?
Alex
It unpacks itself dynamically.
Maya
Oh, wow.
Alex
When the file is executed, a small stub of code decrypts the actual malicious payload directly into the system's volatile memory, the RAM.
Maya
It never touches the hard drive in its plain text recognizable state.
Alex
Oh, I see.
Maya
So if a forensic investigator just powers down the virtual machine and takes a static copy of the hard drive.
Alex
They will never find the malware.
Maya
They'll just find the encrypted wrapper.
Alex
They will find nothing but noise.
Maya
This is why a cloud investigator must possess a deep understanding of malware analysis.
Alex
You have to catch it in the act.
Maya
Yes.
Alex
You have to capture the state of the machine while it is running.
Maya
You take a live memory dump of the compromised cloud instance.
Alex
You analyze that volatile memory, locate the specific process where the malware is running, and extract the unencrypted payload before the machine shuts down and the RAM is cleared.
Maya
You literally have to reverse engineer the obfuscation wrapper to understand what the code is doing.
Alex
You have to unpack the truth.
Maya
Whether you are analyzing a heavily nested squalite database left by a sync client or dissecting a memory dump to extract a packed payload, the methodology is exactly the same.
Alex
You cannot rely on surface level logs.
Maya
No.
Alex
You have to deconstruct the architecture.
Maya
This is incredibly dense.
Alex
So let's just take a breath and map out the entire journey we just took.
Maya
Good idea.
Alex
Because for you, the CETAEUS student listening to this, mastering both sides of this equation, the architectural defense and the microscopic forensic aftermath is essential.
Maya
You cannot defend what you don't understand, and you cannot investigate what you don't know how to build.
Alex
The entire ecosystem is just a continuous loop of measure and countermeasure.
Maya
We started by looking at the death of the perimeter and the rise of zero-trust architecture, treating every single access request, don't trust request.
Alex
And then we looked at the size of the network packet with continuous suspicion.
Maya
Right.
Alex
We examined the massive vulnerability hidden within the shared responsibility model where users failing to secure their data allows threat actors to weaponize simple IAM wildcard scripts.
Maya
Which lets them brute force AWS account IDs and hunt down exposed infrastructure.
Alex
Exactly.
Maya
We then followed the attacker's footprint back to the physical world.
Alex
We saw how the cloud's need for seamless OS integration forces applications to leave highly detailed local remnants.
Maya
We also looked at the use of satellite databases, prefetch files, and UI registry keys.
Alex
Which all serve as a historical ledger of data movement.
Maya
And finally, we looked at how data obfuscation bridges the gap between defense and malware analysis.
Alex
Finding the footprint is only step one.
Maya
You must possess the reverse engineering capabilities to unpack volatile memory and read the invisible ink.
Alex
And, you know, the complexity of these environments is only going to scale upwards from here.
Maya
Which leaves us at a really fascinating crossroad.
Alex
The zero trust defense, the attack vectors, the local artifacts, and the malware analysis.
Maya
I mean, what is the logical conclusion of this paradox?
Alex
Where does cloud forensics go from here?
Maya
Well, think about the implications of everything we just discussed.
Alex
As zero trust architectures mature, they will become near flawless at securing the network perimeter.
Maya
True.
Alex
And as cloud platforms implement quantum resistant encryption, data obfuscation will become essentially unbreakable for third party observers.
Maya
Okay.
Alex
So the question I want you to consider is this.
Maya
Will the future of cyber investigations eventually stop relying on network logs entirely?
Alex
If the cloud network becomes a perfect, unreadable, impenetrable black box, will digital forensics be forced to depend 100% on human misconfigurations and the physical, messy, localized footprints left behind on our laptops?
Maya
Because no matter how ethereal or mathematically perfect the cloud becomes, a human still has to physically touch a keyboard to interact with it.
Alex
And that is the one vulnerability that can never be patched out.
Maya
The x-ray machine might be broken, and the network logs might be pure static, but the muddy footprints on the local hard drive will always tell you who walked through the room.
Alex
Keep unpacking those footprints.

Show Notes

Key topics covered: - Malware in Virtualized Clouds: Understanding how threats exploit cloud-native and VM-based infrastructures. - Resource Exhaustion Attacks: CPU, memory, disk, and network abuse caused by malicious workloads. - Cloud Forensics Challenges: Investigating incidents across distributed and ephemeral environments. - Security vs Sustainability: The hidden energy and infrastructure cost of persistent malware activity. - Defensive Strategies: Monitoring, isolation, behavioural analytics, and cloud incident response workflows.
Previous episode
EP 05 · Malware Blueprints in Portable Executable Headers
Next episode
EP 07 · The Hypervisor Is Your True Security Perimeter
More Episodes
The Binary Physics of Memory Corruption
EP 01REMA

The Binary Physics of Memory Corruption

The Art of Deception: Unmasking Anti-Analysis & Evasion Techniques
EP 02REMA

The Art of Deception: Unmasking Anti-Analysis & Evasion Techniques

The Malicious Process Lifecycle: From Execution to Evasion
EP 03REMA

The Malicious Process Lifecycle: From Execution to Evasion

Spotting Forensic Gold in Malware Strings
EP 04REMA

Spotting Forensic Gold in Malware Strings

Malware Blueprints in Portable Executable Headers
EP 05REMA

Malware Blueprints in Portable Executable Headers

The Hypervisor Is Your True Security Perimeter
EP 07Cloud Security

The Hypervisor Is Your True Security Perimeter

View all episodes →