My solutions and full reverse-engineering writeups for the malware analysis challenges on malops.io — a platform with hands-on RE challenges built around real malware techniques.
Each writeup walks through the analysis question by question: where to look, what the disassembly/decompilation shows, and how the answer is derived. Tools used are mostly IDA Pro, Binary Ninja, and x64dbg.
| # | Challenge | Platform | Category | Difficulty | Description | Writeup |
|---|---|---|---|---|---|---|
| 1 | Singularity | 🐧 Linux | Rootkit | Easy | Linux kernel rootkit that hides PIDs/ports and ships an ICMP-triggered reverse shell | 📄 Read |
| 2 | Kernel Shield | 🪟 Windows | Kernel Driver / EDR Killer | Easy | Driver that strips handle rights and force-kills EDR before ransomware runs | 📄 Read |
| 3 | RokRat Loader | 🪟 Windows | Shellcode Loader (Lazarus / APT) | Medium | XOR loader using PEB-walk API hashing to deploy the RokRat RAT | 📄 Read |
| 4 | EquationDrug | 🪟 Windows | Kernel-Mode Implant | Hard | Memory-only driver doing kernel APC injection into system processes | 📄 Read |
| 5 | Katz Stealer | 🪟 Windows | Infostealer | Medium | Broad stealer grabbing browsers, wallets, and apps, exfil over raw TCP | 📄 Read |