Research

Recipe Research
Repository

Centralized vault for every technique, signature, and behavioral pattern catalogued during Meridian's detection engineering cycles. Raw ground truth before it becomes a rule.

🔬

Technique Cards

Atomic breakdowns of loader patterns, syscall stubs, and PE manipulation primitives with annotated disassembly.

📊

Behavioral Maps

Process tree graphs, ETW event chains, and VAD snapshots showing how payloads unfold at runtime.

📦

Sample Dossiers

Per-sample folders with hashes, unpacked layers, IAT reconstructions, and OEP notes from captured binaries.

🛠

Detection Primitives

Sigma rules, YARA signatures, and ETW consumer queries derived directly from research findings.

Repository Structure

techniques/
manual-map-injection.md
direct-syscall-stub.md
peb-walk-ssn-extract.md
samples/
oreo_loader_2026_05_26/
oreo_payload_unpacked/
signatures/
syscall-stub.yar
manual-map-events.yml
Back to DocsDetection Engineering