Reverse Engineering

memory-forensics skill for RAM capture and dump analysis with Volatility 3. Covers install context, usage workflows, artifact extraction, and incident triage across Windows, Linux, macOS, and VM memory.

protocol-reverse-engineering helps agents capture, inspect, and document unknown network protocols using Wireshark, tshark, tcpdump, and MITM workflows. Best for debugging custom client/server traffic, analyzing PCAPs, and mapping message structure, request flow, and field meanings.

anti-reversing-techniques is a reverse-engineering skill for authorized malware analysis, CTF work, packed binary triage, and security audits. It helps you identify anti-debugging, anti-VM, packing, and obfuscation patterns, then choose a practical analysis workflow using the core skill and advanced reference.

binary-analysis-patterns is a reverse-engineering skill for interpreting x86-64 disassembly, calling conventions, stack frames, and control flow to support faster binary review and Security Audit work.

analyzing-supply-chain-malware-artifacts is a malware-analysis skill for tracing trojanized updates, poisoned dependencies, and build-pipeline tampering. Use it to compare trusted and untrusted artifacts, extract indicators, assess compromise scope, and report findings with less guesswork.

analyzing-ransomware-encryption-mechanisms skill for malware analysis, focused on identifying ransomware encryption, key handling, and decryption feasibility. Use it to inspect AES, RSA, ChaCha20, hybrid schemes, and implementation flaws that may support recovery.

extracting-memory-artifacts-with-rekall guide for analyzing Windows memory images with Rekall. Learn install and usage patterns to find hidden processes, injected code, suspicious VADs, loaded DLLs, and network activity for Digital Forensics.

detecting-process-injection-techniques helps analyze suspicious in-memory activity, validate EDR alerts, and identify process hollowing, APC injection, thread hijacking, reflective loading, and classic DLL injection for Security Audit and malware triage.

analyzing-windows-prefetch-with-python parses Windows Prefetch (.pf) files with windowsprefetch to reconstruct execution history, flag renamed or masquerading binaries, and support incident triage and malware analysis.

analyzing-uefi-bootkit-persistence helps investigate UEFI-level persistence, including SPI flash implants, ESP tampering, Secure Boot bypasses, and suspicious UEFI variable changes. It is built for firmware triage, incident response, and analyzing-uefi-bootkit-persistence for Security Audit work with practical, evidence-driven guidance.

analyzing-command-and-control-communication helps analyze malware C2 traffic to identify beaconing, decode commands, map infrastructure, and support Security Audit, threat hunting, and malware triage with PCAP-based evidence and practical workflow guidance.