Learn

In this page there are all the topics that I want to detail more but it is better to expand outside a standard report.

This often include reproducible Go code that you can build on a Windows machine and test out to prove how some techniques implemented by malware authors works in details.

Process Hollowing

Explanation of the Process Hollowing technique.

Updated 9 May 2026

Introduction to Windows API

An intro to Windows API, naming/behaviour/calling conventions in C and ASM.

Updated 23 January 2026

Mutex

Learn how malware uses Mutexes.

Updated 23 January 2026

Load Resources

Learn how malware loads embedded resources.

Updated 22 January 2026

Process Enumeration

Section exploring how malware attempts to enumerate running processes on a Windows machine.

Updated 23 November 2025

Load Library

Load a library indirectly to improve evasion and anti-analysis.

Updated 22 November 2025