Malware Analysis | Reverse Engineering | Security Practices

Featured
"Are You at Risk? OneNote Attachments in Phishing Emails" - Understanding a New Threat Vector
"Are You at Risk? OneNote Attachments in Phishing Emails" - Understanding a New Threat Vector

This blog post explores a new threat vector in phishing emails that use OneNote attachments to deliver malware. The post provides a detailed analysis of a sample email, attachment, and associated files, as well as identifying patterns and themes identified in the wild. The post also explains how the attack chain works and provides additional subject themes observed.

Read More →
What’s Your Analysis Process Pt. 2
What’s Your Analysis Process Pt. 2

In my last post, I introduced a list of considerations to keep in mind when trying to dial in a workflow for malware analysis. Now it's my turn to start breaking down how I approach these considerations. Read on to learn more about creating a malware analysis workflow.

Read More →
What’s Your Analysis Process Pt. 1
What’s Your Analysis Process Pt. 1

New Analysts Often Find It Challenging to Establish Consistent Workflows or Processes for Their Analysis

I'm certain that beginning from any foundation, no matter how developed, will give you an advantage when facing future challenges. This is especially beneficial for new analysts looking to establish consistent workflows for their analysis.

Read More →

“A little learning is a dangerous thing”

~ A. Pope

A proponent for knowledge sharing communities and learning as you go…

Hi, and welcome to OneReverseLook!

From one person's perspective, this platform aims to share my ongoing journey to become proficient at Reverse Engineering (RE) and Malware Analysis (MA).

After graduating from college, I chose cybersecurity, which has been my primary focus for many years. However, my desire to incorporate a more specialized skillset grew exponentially as the discipline became more saturated. When I initially started pursuing RE and MA (about 2016), I tried several approaches, from stitching together YouTube videos, reading online guided tutorials, purchasing courses, etc...with some noticeable improvements in my analysis and report composition. While that was great, I was missing the perspective and concept breakdown from someone who didn't take the standard RE learning track.

To capture that perspective, I wanted to start sharing all the things that worked and those that failed miserably. Hopefully, this viewpoint will help the next person!

That being said, this will all be from my learning perspective, and I may not get things 100% accurate on the first go; please point it out and send me a note, but that's what makes this a process.

For all of the RE vets, thank you in advance for the constructive criticism; I'll take it!

Areas of Exploration

  • RE is a very important part of Malware Analysis that involves the dissection of a given piece of software to determine it’s overall functionality. The challenging part can often be determining where to start and how far to go…

  • Understanding a malware sample and its functionality often begins with some static and runtime analysis. Allowing the sample expose clues and using those behaviors to determine next steps has been recommend by career professionals…

  • Identifying and sharing key differentiators, based on my experience that make a good analyst. Starting with the basics…

    Do you need to improve reporting?

    Do you lack concise processes for repeatable tasks?

Get in Touch

Let me know what you think and feel free to leave a note before you go!