[OPERATIONAL_PROFILE]
Specialization: Malware Analyst & Reverse Engineer
Objective: Dissecting compiled binaries, identifying stealth execution vectors, and reconstructing obfuscated control flows.
Approach: Isolated lab environments, manual unpacking, and structural telemetry validation.
[TOOLING_MATRIX]
// Static Analysis
- Ghidra
- IDA Pro
- PE-bear
- CFF Explorer
- FLOSS
- DIE (Detect-It-Easy)
// Dynamic Analysis
- x64dbg / x32dbg
- Process Monitor
- Process Hacker
- Wireshark
- Fakenet-NG
- API Monitor
// Environments
- FlareVM (Windows)
- REMnux (Linux)
- ANY.RUN (sandbox)
- Isolated lab network
// Core Knowledge
- x86 / x86-64 Assembly
- PE / ELF file formats
- Windows Internals
- Native API / Syscalls
- MITRE ATT&CK mapping
- IOC extraction
// SOC / Detection
- SIEM
- Log analysis
- Alert triage (L1)
- Detection rule writing
- Threat intel correlation
// Scripting
- Python (analysis scripts)
- PowerShell (basics)
- Bash
- YARA rule writing
[LAB_ENVIRONMENT]
Isolation methodology: All malware analysis is performed on air-gapped or host-only networked VMs. Snapshots are taken pre-execution. No live internet routing from analysis machines unless explicitly proxied through Fakenet-NG or INetSim for behavioral capture.
Primary analysis stack:
- FlareVM — Windows-based static + dynamic analysis
- REMnux — Linux-side tooling, memory forensics, unpacking
- ANY.RUN — quick cloud sandbox for initial behavioral triage
- MalwareBazaar / VirusTotal — sample sourcing and hash validation