Add malware patterns & recognition exam cheat sheet
Covers: technique identification by API sequence (process hollowing,
code injection, DLL injection, .NET reflective loading, hook-based
injection, resource droppers), packer recognition (UPX, entropy,
section names, tail jump, breakpoint strategies), anti-analysis
patterns (IsDebuggerPresent, PEB, SEH, TLS, RDTSC, tool detection),
shellcode indicators (NOP sled, GetEIP, PEB walk), document malware
indicators (PDF keywords, VBA triggers, RTF exploits), and two
quick-reference tables mapping APIs→techniques and assembly→behavior.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
tobias
0a00835493