Ciph3rExfiltrating data from restricted networksA few days back I asked myself a question . How can I exfiltrate data from super restricted networks . Networks which allow only a certain…Nov 23, 2022Nov 23, 2022
Ciph3rUnpacking a ASProtect malwareI came across a malware when i browsing any.run . I thought i would give it a try to reverse it , so i downloaded the sample and started…Apr 18, 2022Apr 18, 2022
Ciph3rPersistence using unconventional methodsIn this post I will write about achieving persistence using some unconventional methods . These methods does not use any registry key and…Apr 9, 2022Apr 9, 2022
Ciph3rStatic Analysis of Hancitor malware -Part1This will be a line by line static analysis of the hancitor malware . I will be using Ghidra and IDA . I am using Ghidra because i dont…Nov 18, 2021Nov 18, 2021
Ciph3rBackdooring windows ISOI have a passion for backdooring things . So this time after backdooring linux iso files i tried to backdoor windows ISO files . Adding…Sep 28, 2021Sep 28, 2021
Ciph3rHacking Discord to get code executionI found this bug a while ago . This bug requires initial access . Its great for post exploitation . Discord keeps a sqlite database called…Aug 15, 2021Aug 15, 2021
Ciph3rHow to extract shell code from memory ?Malwares will sometimes run shellcode directly in memory . The common method to do that is first use VirtualAlloc to allocate memory with…Jul 31, 2021Jul 31, 2021
Ciph3rExfiltrating data using beacon framesBeacon frame : Here is the wikipedia defination . Beacon frame is one of the management frames in IEEE 802.11 based WLANs. It contains all…Jun 1, 2021Jun 1, 2021
Ciph3rAnalysing the Emotet maldocI have been analysing maldocs for few days . I analysed two variants of emotet but i will write about only one variant . This will be a…Mar 14, 2021Mar 14, 2021