This repository contains a systematic collection of detailed write-ups and forensic reports based on the Practical Malware Analysis curriculum. These documents serve as a technical record of binary analysis, moving from basic triage to advanced manual reconstruction of malicious intent.

The analysis follows a progressive methodology, focusing on the intersection of Windows internals and reverse engineering. Each report documents the transition from behavioral observations (dynamic analysis) to assembly-level verification (static analysis) to provide a complete view of a sample’s capabilities.

Methodology and Tooling: Static Analysis: Deep-dive disassembly and cross-reference analysis using IDA Pro. Dynamic Debugging: Synchronized kernel and user-mode debugging using WinDbg and x64dbg. System Forensics: Real-time event correlation via Procmon, Regshot, and network traffic analysis. Custom Tooling: Python-based automation for string decryption and payload extraction.