Reverse engineering a multi-stage malware suite hidden in a fake developer assessment Recently, I was targeted by a credential stealer disguised as a take-home coding assessment for a job interview. Instead of running it on my host machine, I audited the repository inside an isolated Debian VM and reverse engineered the attack chain. I wrote a detailed, step-by-step breakdown of my methodology, the OPSEC measures I used, and the exact deobfuscation techniques. You can read the full deep dive on my website: **Part 1**: [https://roynrishingha.com/blog/interview-trojan-horse/](https://roynrishingha.com/blog/interview-trojan-horse/) **Part 2**: [https://roynrishingha.com/blog/reverse-engineering-multi-stage-malware/](https://roynrishingha.com/blog/reverse-engineering-multi-stage-malware/) This was a massive learning experience for me, and I am looking to improve my analysis process. For the experienced analysts here: 1. Are there better or safer ways to handle and isolate these initial phase 1 droppers? 2.…