Aaron C. Thomas

Professor Jacqueline Cano Diaz

ENC 1102

17 May 2025

Research Paper Draft

Introduction

        In this research project, I plan to explore how writing is utilized within the field of malware analysis and reverse engineering. This includes technical reports, malware write-ups and various GitHub repositories where professionals and analysts record their findings and the means in which they acquired said findings. I chose this specific genre because I am actively pursuing a career in information security and learning how to write and communicate complex malware breakdowns in a way that is effective to a wide range of audiences is a vital skill. Malware analysis write-ups are not just technical, but go far beyond that, they combine technical depth with a well laid out explanation and easy to read structure to make their findings explained in the exact way they mean to explain them, and this is especially difficult when it comes to more complex malware. By studying how analysts in this field put together their findings and lay it out clearly I can better improve my own skills to write in that manner. This is important because I one day would like to share my own findings and contribute to the wider information security space.

Research Questions

For this research paper I will be using these following research questions to help explore my specific genre:

1. How do professionals within this space of information security communicate their findings through different written mediums and blog posts?
2. What strategies do these professionals use to make these complex findings accessible to everyone, not just analysts in this field?

Methodology

        I believe that these questions will help explore our specific genre. Moving on to the specific methods and a plan for doing the research. To answer the many questions within this research, I will focus on very select specific articles. These texts will come from well-vetted sources like MalwareBytes Labs, and a writeup from an industry professional 0xdf. My goal in this is to observe how professionals within the industry structure their reports, technical findings, and use a variety of visuals to better explain their point to the audience.

Selection Criteria

        To make my research manageable within the given timeframe of this course, I have narrowed down my focus to the Malwarebytes Labs Blog. This blog consists of write-ups, professionally written articles about malware analysis, and information about the space itself. Each article is written by a professional within the industry, and this will be a great blend of technicality and readability. I will take code snippets, diagrams and summaries from this. I chose this source because it is extremely consistent in quality and in genre, and a focused approach to this research allows for me to go more in depth and accurate rather than broadly and spread thin.

        Figure 1. Screenshot from Malwarebytes Labs article “A Week in Security (Mar 13 – Mar 19),” illustrating the well structured presentation of various security topics.

Timeline

        The timeline of this plan will go as follows:

• May 24 - Finalize choices for sources (Choosing specific malwarebytes lab, etc)
• May 26: Collect screenshots from sources and examples
• May 27: Analyze structure, and different strategize utilized in the sources, collect data
• June 3, Draft main analysis sections and document findings
• June 15, Submission

(I'm going to completely honest in saying I was trying to be specific but I couldn't find the course calendar, will be talking with you next week so we can fix/change based upon feedback)

Annotated Bibliography

Komolafe, O., et al. “Reverse Engineering: Techniques, Applications, Challenges, Opportunities.” International Research Journal of Modernization in Engineering Technology and Science, vol. 6, no. 8, Aug. 2024, pp. 399–406. www.irjmets.com/uploadedfiles/paper/issue_8_august_2024/60817/final/fin_irjmets1723004252.pdf.

                This paper provides deep insight into reverse engineering, going over various techniques, applications, and challenges. It explores the role of reverse engineering across different domains, and its authors highlight different techniques used in reverse engineering. They also put the spotlight on its applications in different industries giving important insight in how being able to convey a concept to a wide audience is important.

        This source is credible as it is published by a peer-reviewed journal. It is extremely relevant to my research because it provides a good foundation for speaking about reverse engineering, which is important when explaining and fully understanding malware analysis. I also believe that this article could be an inspiration on the various ways a single concept can be applied and taught to a bigger audience.

Singhal, Ankit, and Saathwick Venkataramalingam. “Malware Analysis and Reverse Engineering: Unraveling the Digital Threat Landscape.” International Journal For Multidisciplinary Research, vol. 5, no. 6, Nov.–Dec. 2023, pp. 1–10. https://www.ijfmr.com/research-paper.php?id=10296.

        This research paper examines malware analysis and reverse engineering extremely in depth. Within this research paper they address different malware types and their impacts, different techniques of analysis and case studies pertaining to the subject. They highlight the importance of this research through illustrating their main findings and offering information on how to improve our current information security situation.

        This source is credible, published in a peer-reviewed journal and provides an in depth examination of malware analysis and reverse engineering. I think this is extremely relevant to my research as it offers a more technical look into the process and challenges. By reading about the different challenges faced I can better understand how professionals communicate these complex problems effectively.