About Cerberus
A personal malware analysis and detection engineering lab focused on evidence-first behavioural profiling, conservative ATT&CK mapping, and durable hunting logic.
The Lab Philosophy
Cerberus was built to bridge the gap between “cool reversal writeups” and actual defensive value.
Every entry is grounded in sandbox artefacts, controlled lab execution, and static analysis. Only behaviours supported by evidence are included—no speculation.
The goal is clarity: What does this sample do? Which techniques does it prove? And how do we detect or hunt for it consistently?
Infrastructure
Cerberus runs on a structured Proxmox-based lab environment named Olympus, with isolated VMs for static analysis, dynamic execution, dev tooling, and network inspection.
- Pandora — REMnux static analysis VM
- Alecto — FLARE/Alecto dynamic reversing VM
- Tartarus — malware development & EDR testing
- Hermes — pfSense routing & DMZ segmentation
- Styx — virtual switch (Open vSwitch)
- Charon — Guacamole remote access