Malware Analysis Lab

Built an isolated malware research environment as a repeatable analysis workflow, not a one-off sandbox. Each sample moved through intake, static triage, dynamic tracing, and reporting so findings could be compared across families.

System Architecture

Structured as a segmented virtual network with isolated Windows and Linux VMs. Host-level instrumentation includes Sysmon, x64dbg/IDA, and Wireshark, with snapshot-based recovery to ensure environment integrity. Internal logging is routed to an offline manager for artifact collection.

Implementation Strategy

Implementation required hardening VM environments against sandbox detection, configuring internal network proxies to safely route malicious traffic, and building decoders for specialized C2 protocols.

Technical Outcome

Established a repeatable analysis pipeline for documenting malware behavior and generating high-fidelity detection artifacts.

Key Features

Dynamic analysis environment for RATs (VenomRAT, AsyncRAT, RedLine)

Standardized triage process for persistence and C2 pattern mapping

Integrated static and dynamic workflows using IDA Pro and x64dbg

Isolated network simulation (FakeNet/InetSim) for safe traffic capture

Continue Exploration

Next Project

CTF Challenge Development