0x00S30 // SIVA GURU K

MALWARE ANALYSIS • RE • SYSTEM INTERNALS


[OPERATIONAL_PROFILE]

Specialization: Malware Analyst & Reverse Engineer

Objective: Dissecting compiled binaries, identifying stealth execution vectors, and reconstructing obfuscated control flows.

Approach: Isolated lab environments, manual unpacking, and structural telemetry validation.

[TOOLING_MATRIX]

// Static Analysis

  • Ghidra
  • IDA Pro
  • PE-bear
  • CFF Explorer
  • FLOSS
  • DIE (Detect-It-Easy)

// Dynamic Analysis

  • x64dbg / x32dbg
  • Process Monitor
  • Process Hacker
  • Wireshark
  • Fakenet-NG
  • API Monitor

// Environments

  • FlareVM (Windows)
  • REMnux (Linux)
  • ANY.RUN (sandbox)
  • Isolated lab network

// Core Knowledge

  • x86 / x86-64 Assembly
  • PE / ELF file formats
  • Windows Internals
  • Native API / Syscalls
  • MITRE ATT&CK mapping
  • IOC extraction

// SOC / Detection

  • SIEM
  • Log analysis
  • Alert triage (L1)
  • Detection rule writing
  • Threat intel correlation

// Scripting

  • Python (analysis scripts)
  • PowerShell (basics)
  • Bash
  • YARA rule writing

[LAB_ENVIRONMENT]

Isolation methodology: All malware analysis is performed on air-gapped or host-only networked VMs. Snapshots are taken pre-execution. No live internet routing from analysis machines unless explicitly proxied through Fakenet-NG or INetSim for behavioral capture.


Primary analysis stack: