<h1 class="home-title"> Gr00t's Security Research Lab</h1> Welcome to my security research lab where we explore various aspects of malware analysis, reverse engineering, and threat intelligence, with AI assisted collaboration. <div class="re-grid"> <div class="re-card"> <div class="re-card-title">🔬 Malware Analysis Lab</div> <div class="re-card-description">Learn how to build and configure a secure Azure-based malware analysis environment.</div> <div class="re-article-list"> <a href="https://grootsblog.io/09+-+Posts/Malware+Analyse+Lab+Azure/Azure+Malware+Lab+Design" class="re-article-item"> <span class="re-article-title">Lab Design & Architecture</span> </a> <a href="https://grootsblog.io/09+-+Posts/Malware+Analyse+Lab+Azure/Azure+Malware+Lab+Network+Build" class="re-article-item"> <span class="re-article-title">Network Infrastructure Setup</span> </a> <a href="https://grootsblog.io/09+-+Posts/Malware+Analyse+Lab+Azure/Azure+Malware+Lab+VM+Templates" class="re-article-item"> <span class="re-article-title">VM Templates & Configuration</span> </a> </div> </div> <div class="re-card"> <div class="re-card-title">🔍 Reverse Engineering</div> <div class="re-card-description">A structured journey through reverse engineering: from CPU basics to advanced exploitation.</div> <div class="re-article-list"> <a href="https://grootsblog.io/09+-+Posts/Reverse+Engineering/Core+Fundamentals/CPU+Architecture/CPU+Registers+Building+Blocks" class="re-article-item"> <span class="re-article-title">CPU Registers: The Building Blocks</span> </a> <a href="https://grootsblog.io/09+-+Posts/Reverse+Engineering/Core+Fundamentals/CPU+Architecture/Register+Operations+in+Assembly" class="re-article-item"> <span class="re-article-title">Register Operations in Assembly</span> </a> <a href="https://grootsblog.io/09+-+Posts/Reverse+Engineering/Core+Fundamentals/Binary+Funadmentals/PE+File+Format+Foundations" class="re-article-item"> <span class="re-article-title">Understanding PE Files</span> </a> </div> </div> <div class="re-card"> <div class="re-card-title">🎯 Coming Soon</div> <div class="re-card-description">Upcoming content and research areas we're working on.</div> <div class="re-article-list"> <span class="re-article-item re-coming-soon">Threat Intelligence</span> <span class="re-article-item re-coming-soon">Advanced Exploit Research</span> </div> </div> </div> <div class="section-divider">§</div> <div class="content-section" id="latest-content"> <h2 class="section-heading">Latest Content</h2> <div class="latest-content-grid"> <a href="https://grootsblog.io/malware-analysis/research-papers/RATs/JanelaRAT" class="latest-content-card" data-publish-date="22/03/2025"> <div class="latest-card-header"> <span class="latest-card-title">JanelaRAT Deep Dive</span> </div> <div class="latest-card-description"> Ready to meet a stealthy RAT hitting LATAM banks? JanelaRAT merges recycled BX RAT code with cunning new twists and it's on a mission to swipe crypto and banking data. Click now to see how Portuguese attackers are upping the ante. </div> </a> <a href="https://grootsblog.io/static-analysis/yara" class="latest-content-card" data-publish-date="25/01/2025"> <div class="latest-card-header"> <span class="latest-card-title">Yara</span> </div> <div class="latest-card-description"> Ever wondered how malware analysts can spot malicious code patterns across thousands of files in minutes? Or how they share their findings with the cybersecurity community? Meet YARA - the digital bloodhound of malware analysis. It's like having a team of expert analysts working at superhuman speed, and once you understand its power, you'll never look at pattern matching the same way again. Want to level up your malware analysis game? Let's dive into the world of YARA rules. </div> </a> <a href="https://grootsblog.io/09+-+Posts/Reverse+Engineering/Malware+Analysis/Static+Analysis/Static+Analysis+Methodolgy" class="latest-content-card" data-publish-date="13/01/2025"> <div class="latest-card-header"> <span class="latest-card-title">Static Analysis Methodology</span> </div> <div class="latest-card-description"> Dive into static malware analysis - where we uncover malware's secrets without ever running it. Learn how to peel back the layers of suspicious files, understand their potential behaviours, and spot the tell-tale signs of malicious code. Whether you're new to malware analysis or looking to refine your skills, mastering static analysis is your first step into understanding how malware really works. </div> </a> </div></div> <div class="section-divider">§</div> <div class="content-section" id="all-articles"> <h2 class="section-heading">All Articles</h2> <div class="all-articles-section"> <!-- Malware Analysis Lab Section --> <div class="re-category" data-section="malware-lab"> <button class="re-category-toggle"> <span class="re-category-icon"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"> <path d="M15 14l-2 2m-8.5-8.5l3 3M9 9l3 3m-3-3l-2 2m5 0l-2 2"/> <path d="M20.2 8.5a6.4 6.4 0 0 0-1.8-4.1A6.9 6.9 0 0 0 14 2.5M8.5 2.5a6.9 6.9 0 0 0-4.4 1.9A6.4 6.4 0 0 0 2.3 8.5"/> <circle cx="12" cy="12" r="2"/> <path d="M20.2 15.5a6.4 6.4 0 0 1-1.8 4.1A6.9 6.9 0 0 1 14 21.5M8.5 21.5a6.9 6.9 0 0 1-4.4-1.9A6.4 6.4 0 0 1 2.3 15.5"/> </svg> </span> <span class="re-category-name">Malware Analysis Lab</span> <span class="re-category-count">(8)</span> <svg class="re-category-arrow" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <polyline points="6 9 12 15 18 9"></polyline> </svg> </button> <div class="re-category-content"> <div class="re-subcategory">Lab Setup</div> <a href="https://grootsblog.io/09+-+Posts/Malware+Analyse+Lab+Azure/Azure+Malware+Lab+Design" class="re-category-link"> <span class="re-article-title">Lab Design & Architecture</span> <span class="re-article-date">12d</span> </a> <a href="https://grootsblog.io/09+-+Posts/Malware+Analyse+Lab+Azure/Azure+Malware+Lab+Network+Build" class="re-category-link"> <span class="re-article-title">Network Infrastructure Setup</span> <span class="re-article-date">20d</span> </a> <div class="re-subcategory">VM Configuration</div> <a href="https://grootsblog.io/09+-+Posts/Malware+Analyse+Lab+Azure/Azure+Malware+Lab+VM+Templates" class="re-category-link"> <span class="re-article-title">VM Templates & Configuration</span> <span class="re-article-date">12d</span> </a> <a href="https://grootsblog.io/09+-+Posts/Malware+Analyse+Lab+Azure/Azure+Malware+Lab+Flare" class="re-category-link"> <span class="re-article-title">Flare Template Setup</span> <span class="re-article-date">11d</span> </a> <a href="https://grootsblog.io/09+-+Posts/Malware+Analyse+Lab+Azure/Azure+Malware+Lab+REMnux" class="re-category-link"> <span class="re-article-title">REMnux Template Setup</span> <span class="re-article-date">11d</span> </a> <div class="re-subcategory">Deployment</div> <a href="https://grootsblog.io/09+-+Posts/Malware+Analyse+Lab+Azure/Azure+Malware+Lab+Preparation" class="re-category-link"> <span class="re-article-title">Lab Preparation</span> <span class="re-article-date">10d</span> </a> <a href="https://grootsblog.io/09+-+Posts/Malware+Analyse+Lab+Azure/Azure+Malware+Lab+Cloudron" class="re-category-link"> <span class="re-article-title">Cloudron Setup</span> <span class="re-article-date">10d</span> </a> <a href="https://grootsblog.io/09+-+Posts/Malware+Analyse+Lab+Azure/Azure+Malware+Lab+Deployment" class="re-category-link"> <span class="re-article-title">Lab Deployment</span> <span class="re-article-date">8d</span> </a> </div> </div> <!-- Core Fundamentals Section --> <div class="re-category" data-section="core-fundamentals"> <button class="re-category-toggle"> <span class="re-category-icon"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"> <path d="M4 7h16M4 12h16M4 17h16"/> <rect x="9" y="4" width="6" height="16" rx="2"/> <rect x="4" y="4" width="16" height="16" rx="2"/> </svg> </span> <span class="re-category-name">Core Fundamentals</span> <span class="re-category-count">(7)</span> <svg class="re-category-arrow" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <polyline points="6 9 12 15 18 9"></polyline> </svg> </button> <div class="re-category-content"> <div class="re-subcategory">CPU Architecture</div><a href="https://grootsblog.io/09+-+Posts/Reverse+Engineering/Core+Fundamentals/CPU+Architecture/Memory+Layout+Essentials" class="re-category-link" data-publish-date="10/01/2025"> <span class="re-article-title">Memory Layout Essentials</span> <span class="re-article-date">0d</span> </a><a href="https://grootsblog.io/09+-+Posts/Reverse+Engineering/Core+Fundamentals/CPU+Architecture/Register+Operations+in+Assembly" class="re-category-link" data-publish-date="06/01/2025"> <span class="re-article-title">Register Operations in Assembly</span> <span class="re-article-date">1d</span> </a><a href="https://grootsblog.io/09+-+Posts/Reverse+Engineering/Core+Fundamentals/CPU+Architecture/CPU+Registers+Building+Blocks" class="re-category-link" data-publish-date="06/01/2025"> <span class="re-article-title">CPU Registers: The Building Blocks</span> <span class="re-article-date">1d</span> </a> <div class="re-subcategory">Binary Fundamentals</div><a href="https://grootsblog.io/09+-+Posts/Reverse+Engineering/Core+Fundamentals/Binary+Funadmentals/Understanding+Import+%26+Export+Tables#How%20Malware%20Messes%20With%20It" class="re-category-link" data-publish-date="08/01/2025"> <span class="re-article-title">Understanding the Import Table</span> <span class="re-article-date">0d</span> </a> <a href="https://grootsblog.io/09+-+Posts/Reverse+Engineering/Core+Fundamentals/Binary+Funadmentals/PE+File+Format+Foundations" class="re-category-link" data-publish-date="02/01/2025"> <span class="re-article-title">PE Files: Foundations</span> <span class="re-article-date">4d</span> </a> <a href="https://grootsblog.io/09+-+Posts/Reverse+Engineering/Core+Fundamentals/Binary+Funadmentals/PE+Files+Going+Deep" class="re-category-link" data-publish-date="02/01/2025"> <span class="re-article-title">PE Files: Deep Dive</span> <span class="re-article-date">4d</span> </a> <div class="re-subcategory">Assembly Essentials</div><a href="https://grootsblog.io/09+-+Posts/Reverse+Engineering/Core+Fundamentals/Assembly+Essentials/Assembly+Language+Patterns" class="re-category-link" data-publish-date="08/01/2025"> <span class="re-article-title">Assembly Language Patterns</span> <span class="re-article-date">0d</span> </a> </div> </div> <!-- Malware Analysis Section --> <div class="re-category" data-section="malware-analysis"> <button class="re-category-toggle"> <span class="re-category-icon"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"> <circle cx="12" cy="12" r="3"/> <path d="M21 12c0 4.97-4.03 9-9 9s-9-4.03-9-9 4.03-9 9-9"/> <path d="M12 3v2"/> <path d="M3 12h2"/> <path d="M12 19v2"/> <path d="M19 12h2"/> <path d="M18.364 5.636l-1.414 1.414"/> <path d="M7.05 16.95l-1.414 1.414"/> </svg> </span> <span class="re-category-name">Malware Analysis</span> <span class="re-category-count">(4)</span> <svg class="re-category-arrow" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <polyline points="6 9 12 15 18 9"></polyline> </svg> </button> <div class="re-category-content"> <div class="re-subcategory">Research Papers</div> <a href="https://grootsblog.io/malware-analysis/research-papers/RATs/JanelaRAT" class="re-category-link" data-publish-date="22/03/2025"> <span class="re-article-title">JanelaRAT Deep Dive</span> <span class="re-article-date">0d</span> </a> <div class="re-subcategory">Static Analysis</div> <a href="https://grootsblog.io/static-analysis/yara" class="re-category-link" data-publish-date="25/01/2025"> <span class="re-article-title">Yara</span> <span class="re-article-date">0d</span> </a> <a href="https://grootsblog.io/09+-+Posts/Reverse+Engineering/Malware+Analysis/Static+Analysis/Static+Analysis+Methodolgy" class="re-category-link" data-publish-date="13/01/2025"> <span class="re-article-title">Static Analysis Methodology</span> <span class="re-article-date">0d</span> </a> <div class="re-subcategory">Dynamic Analysis</div> <div class="re-subcategory">Basic Tools & Techniques</div> <div class="re-category-link re-coming-soon"> <span class="re-article-title">Coming Soon...</span> </div> <div class="re-subcategory">Advanced Analysis</div> <a href="https://grootsblog.io/09+-+Posts/Reverse+Engineering/Malware+Analysis/Dynamic+Analysis/Advanced+Analysis/Advanced+Register+Techniques" class="re-category-link" data-publish-date="06/01/2025"> <span class="re-article-title">Advanced Register Techniques in Malware Analysis</span> <span class="re-article-date">1d</span> </a> <div class="re-category-link re-coming-soon"> <span class="re-article-title">Coming Soon...</span> </div> </div> </div> <!-- Windows Internals Section --> <div class="re-category" data-section="windows-internals"> <button class="re-category-toggle"> <span class="re-category-icon"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"> <path d="M21 16V8a2 2 0 0 0-1-1.73l-7-4a2 2 0 0 0-2 0l-7 4A2 2 0 0 0 3 8v8a2 2 0 0 0 1 1.73l7 4a2 2 0 0 0 2 0l7-4A2 2 0 0 0 21 16z"/> <path d="M3.3 7L12 12l8.7-5"/> <path d="M12 22V12"/> <path d="M12 12L3.3 7"/> <path d="M12 12l8.7-5"/> </svg> </span> <span class="re-category-name">Windows Internals</span> <span class="re-category-count">(4)</span> <svg class="re-category-arrow" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <polyline points="6 9 12 15 18 9"></polyline> </svg> </button> <div class="re-category-content"> <div class="re-subcategory">System Programming</div><a href="https://grootsblog.io/09+-+Posts/Reverse+Engineering/Windows+Internals/System+Programming/The+Heap" class="re-category-link" data-publish-date="10/01/2025"> <span class="re-article-title">The Heap</span> <span class="re-article-date">0d</span> </a><a href="https://grootsblog.io/09+-+Posts/Reverse+Engineering/Windows+Internals/System+Programming/The+Stack" class="re-category-link" data-publish-date="09/01/2025"> <span class="re-article-title">The Stack</span> <span class="re-article-date">0d</span> </a> <a href="https://grootsblog.io/09+-+Posts/Reverse+Engineering/Windows+Internals/Windows+API+Basics" class="re-category-link" data-publish-date="03/01/2025"> <span class="re-article-title">Windows API Basics</span> <span class="re-article-date">3d</span> </a> <a href="https://grootsblog.io/09+-+Posts/Reverse+Engineering/Windows+Internals/Windows+API+Malware+Patterns" class="re-category-link" data-publish-date="03/01/2025"> <span class="re-article-title">Windows API Malware Patterns</span> <span class="re-article-date">3d</span> </a> </div> </div> <!-- Exploit Research Section --> <div class="re-category" data-section="exploit-research"> <button class="re-category-toggle"> <span class="re-category-icon"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"> <path d="M12 22s8-4 8-10V5l-8-3-8 3v7c0 6 8 10 8 10z"/> <path d="M12 8l2 2-2 2-2-2 2-2z"/> <path d="M12 12l2 2-2 2-2-2 2-2z"/> </svg> </span> <span class="re-category-name">Exploit Research</span> <span class="re-category-count">(Coming Soon)</span> <svg class="re-category-arrow" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <polyline points="6 9 12 15 18 9"></polyline> </svg> </button> <div class="re-category-content"> <div class="re-subcategory">Fundamentals</div> <div class="re-category-link re-coming-soon"> <span class="re-article-title">Coming Soon...</span> </div> <div class="re-subcategory">Advanced Topics</div> <div class="re-category-link re-coming-soon"> <span class="re-article-title">Coming Soon...</span> </div> </div> </div> </div> </div> <div class="section-divider">§</div> <div class="footer-quote" style="text-align: center;"> <em>From roots to branches, securing every layer.</em> </div>