Aaron C. Thomas

Professor Jacqueline Cano Diaz

ENC 1102

17 May 2025

Research Paper Draft

        In this research project, I plan to explore how writing is utilized within the field of malware analysis and reverse engineering. This includes technical reports, malware write-ups and various GitHub repositories where professionals and analysts record their findings and the means in which they acquired said findings. I chose this specific genre because I am actively pursuing a career in information security and learning how to write and communicate complex malware breakdowns in a way that is effective to a wide range of audiences is a vital skill. Malware analysis write-ups are not just technical, but go far beyond that, they combine technical depth with a well laid out explanation and easy to read structure to make their findings explained in the exact way they mean to explain them, and this is especially difficult when it comes to more complex malware. By studying how analysts in this field put together their findings and lay it out clearly I can better improve my own skills to write in that manner. This is important because I one day would like to share my own findings and contribute to the wider information security space.

For this research paper I will be using these following research questions to help explore my specific genre:

1. How do professionals within this space of information security communicate their findings through different written mediums and blog posts?
2. What strategies do these professionals use to make these complex findings accessible to everyone, not just analysts in this field?

        I believe that these questions will help explore our specific genre. Moving on to the specific methods and a plan for doing the research. To answer the many questions within this research, I will collect and go through real-world documents, GitHub write-ups, and blog posts where malware analysts break down and explain how specific malware functions and the methods used to disassemble each specimen. These texts will come from well-vetted sources like MalwareBytes Labs, Contagio, and MalwareTech. Not only that, but I will include two notable GitHub repositories that document specific malware analysis, OxPatrik and vxunderground’s repositories will be utilized. My goal in this is to observe how professionals within the industry structure their reports, technical findings, and use a variety of visuals to better explain their point to the audience.

        I will analyze and work through these various texts, blogs, and GitHub repositories that clearly and concisely lay out their findings and use visuals like code snippets and binary exploitation. I’ll focus on specific texts that are relevant and trusted. These texts will support my research on how different professionals communicate complex information effectively.