Contents

[WIP #1] May 2026

Disclaimer

This new article series, titled “WIP”, will look like a newsletter: articles read, tools discovered, and stuff I’ve learned.

Since I didn’t know a thing about information security and coding, retrained from graphic design, struggled and sometimes forget how challenging it was, I wanted to mesure the progress I’ve made.

For example, the first time I wanted to create a directory from the command line back in 2018, I thought the trailing slash was part of the directory name. So I ran the following command:

mkdir <dir_name>/

Yeah…

1. Progress

  • Still studying reverse engineering, with a focus on malware analysis. I attend classes in the evenings and on Saturdays. It’s quite exhausting, but also very stimulating. Choosing to switch from developer to CTI analyst was definitely the right decision: I’m never bored.
  • I also wrote a tutorial for my classmates on how to set up a mobile pentesting environment, including Android Studio, JADX, Frida, and configuring the Burp certificate on a phone.
  • I started to analyze malware samples and C2 infrastructures in a professional context. Also wrote my first YARA rules and used the MITRE ATT&CK framework for the first time.
  • Gave a workshop at Devoxx with a friend. 🩷
  • Unexpected bonus: I still manage to have time for martial arts and creative hobbies somehow. Started reviewing other people work and this teaches me a lot!

2. Resources

  • dumpulator: An easy-to-use library for emulating memory dumps.
  • IDAtropy: IDAtropy is a plugin for Hex-Ray’s IDA Pro designed to generate charts of entropy and histograms using the power of idapython and matplotlib.
  • objection: runtime mobile exploration.