Skip to main content
i if you're new here, you should start with the fundamentals.
deepmalware — offensive security research & education.
kernel exploitation · EDR evasion · malware analysis · red team tradecraft
■ featured articles
Windows Architecture
08/12/25  ( emryll )
foundationwindows
read more →
■ latest articles
Virtual Memory
01/04/26  ( emryll )
read more →
DLL Hijacking
07/01/26  ( emryll )
read more →
Threads in Windows: A deep-dive
13/12/25  ( emryll )
read more →
Windows Architecture
08/12/25  ( emryll )
read more →
Detecting analysis environments
21/10/25  ( emryll )
read more →
Resolving function addresses manually
15/10/25  ( emryll )
read more →
The anatomy of a syscall
11/10/25  ( emryll )
read more →
Intro to Process Injection
09/10/25  ( emryll )
read more →
User-mode vs Kernel-mode
02/10/25  ( emryll )
read more →
/research/
+-- malware-analysis/`-- dropper-analysis`-- shellcode-101+-- detection/`-- edr-evasion`-- process-correlation+-- threat-intel/`-- apt-ttps
/education/
+-- windows-internals/`-- virtual-memory`-- threads-deep-dive`-- windows-architecture`-- anatomy-of-syscalls`-- usermode-vs-kernelmode+-- malware-theory/`-- dll-hijacking`-- process-injection-intro+-- foundations/`-- windows-architecture+-- evasion-theory/`-- sandbox-detection`-- resolving-exports