+++
title = "I want to learn malware analysis (again)"
[taxonomies]
  tags = ['malware analysis']
+++

The heading says it all: I *really* want to learn malware analysis. Ever since I finalized the [Practical Malware Analysis & Triage](https://academy.tcm-sec.com/p/practical-malware-analysis-triage) course by [TCM Security](https://academy.tcm-sec.com/), I was hooked. I 💚loved💚 the entire course, especially diving deep into binaries, (trying) reverse engineering, debugging. I went through all the material, did the labs and wrote up a report, a (very shallow) static and dynamic analysis of a WannaCry-sample. I found my niche (or so I thought...)

## Rabbit holes

One thing that bothered me throughout the course, was the lack of direction and stable ground when investigating and debugging binaries. I found myself stuck reverse engineering functions that were not user written code (C runtime for example). I got close to a particularly interesting part, stepping into and over functions, all to ultimately never reach that goal of finding a specific return value or determining a critical execution flow junction. So I thought to myself: what's the best way to learn how programs work, and flip them inside out? By building them myself! With that motivation, I dove deep back into Python 🐍, thinking, this will be a good starting ground to hop over to C 🖥️ later. But...I think I got stuck at the first step! 🛑 Over the last year, I got really hooked on programming. Some of the stuff I (partially) made: