What is Ring Zero Labs?

  • Ring Zero Labs provides education to the community for Malware Analysis, Reverse Engineering, Tool Development, Programming, and other Cybersecurity areas. 
  • We also contribute research and mitigation strategies to the cybersecurity community and help identify new and emerging threats.

Ring Zero Labs DOES NOT...

  • We DO NOT promote or advocate using any of the malware, techniques, or information presented in this site for harm. Each of the aforementioned topics is for the educational benefit of our readers. 
  • We DO NOT accept donations, contracts, or incentives to crack, hack, or otherwise compromise any software, hardware, or technology in which the owner does not have express ownership or rights to do so.
  • We DO NOT sell compromised victim credentials or information of any kind which is found while analyzing a malware sample. Any victim information discovered during the analysis process is immediately passed to victim notification services and our analysis VMs are wiped clean.

Where do we get our malware from?

  • The malware samples we analyze are acquired through various online sandboxes, compromised hosts, and through readers like you. Every sample is treated with the utmost care to avoid infection or propagation.  If you are interested in submitting a file for analysis, you can email your sample to us in a password protected ZIP and we would be happy to analyze it.

Where did the name Ring Zero Labs come from?

  • In computer science, there are two main protection modes for an Operating System; Ring Three and Ring Zero.
  • Ring 3 is known as the User level and it is where users perform their day-to-day tasks like surfing the internet, writing documents, etc.
  • Ring 0 is known as the Kernel level and it is heavily safeguarded by protection mechanisms within the Operating System. This is because having control at this level allows a program to execute immense control over the system.
  • Exploits and malware are often classified by the protection level they run at. The vast majority of these threats run at Ring 3 (User Level) and are capable of causing significant harm to the system. However, Ring 0 (Kernel Level) threats are considered extremely dangerous to a system because of their ability to operate outside the bounds of normal programs and interface directly with the Kernel of the OS.
  • This is where the name Ring Zero Labs came from.

How Do You Get Started As A Malware Analyst?

  • Reading and practice. There are many books along the right hand side our website (Desktop Version Not Mobile). We have listed them there because they are fantastic resources for those looking to get started in this field. Of particular note is the book titled "Practical Malware Analysis." This is the book you need to start with. It is the de-facto starting point.
  • There is a dropdown at the top of our site titled "Lab". There are 3 links that will point you to a free VM from Microsoft, an automated tool setup script from FireEye, and a video from us that explains how to set everything up. Happy hunting.

Media Inquiries

  • We've been featured in a few articles in the past and are always open for inquiries from our readers and media alike. Use the contact button on the homepage to get in touch with us.

Down The Rabbit Hole?

[*] 19.5872677,-155.4268897 FOUND

Want To Support The Site?

  • We don't have a lot of overhead to keep the site up and running. The time and energy that goes into finding malware, performing analysis, writing articles, and making videos is done in our own time. 
  • However, if you feel we've done a good job and would like to support the site it would be much appreciated. There are a couple options:
    • You can donate via the link below. 
    • Check out our recommended reading list on the right side of the website. These are Amazon Associate links and we earn a small percentage from qualifying purchases. 
  • Thank you for your support.