Examines Windows executables using static and dynamic methods. Inspects headers, metadata, and behavior in sandboxed environments. Tools: PEStudio, IDA Pro.

Detects malicious macros, OLE objects, and embedded scripts in Word, Excel, or PowerPoint files. Tools: olevba, ViperMonkey.

Uncovers hidden JavaScript, malicious links, or exploit code in PDFs. Tools: pdfid, pdf-parser, sandbox detonation.

Analyzes Linux binaries for backdoors, rootkits, or miners. Inspects headers, symbols, and runtime behavior. Tools: readelf, objdump.

Reviews PowerShell, Python, Bash, or JS scripts for obfuscated commands and lateral movement techniques. Tools: Script Block Logging, deobfuscators.

Scans ZIP, RAR, 7z for nested malware, password-protected payloads, or obfuscated content. Tools: binwalk, 7z, custom extractors.