← Back to Blogs Blog Series

Malware Analysis

Malware abuses the systems it runs on. So before I can take apart a malicious binary and understand what it's doing, I need to deeply understand the architecture beneath it. This series documents that learning process — written in my own words as I work through it on TryHackMe.

1 chapter live 3+ chapters planned Updated as I learn

// Chapters

CH 01

Live

x86 Architecture Overview

Von Neumann architecture, CPU registers (EAX to R15), status flags, memory layout, and how the stack works — the foundation everything else builds on.

CPU Architecture Registers Memory Layout Stack EFLAGS

→

CH 02

Coming Soon

Assembly Language Basics

Reading x86 assembly instructions, understanding MOV, PUSH, POP, CALL, RET — and how they map to what we saw in the architecture overview.

x86 ASM Instructions Disassembly

CH 03

Coming Soon

Static Analysis Fundamentals

Analysing malware without executing it — PE file structure, strings, imports, exports, and what to look for before you ever open a debugger.

PE Format Static Analysis Strings

// About this series

These posts are written as I work through TryHackMe's malware analysis learning path. Everything is written in my own words — not just notes, but explained as if I'm teaching it. That's how I make sure I actually understand it. If something's unclear or wrong, feel free to reach out.