Apr 18Unpacking ASProtect malwareI came across a malware when i browsing any.run . I thought i would give it a try to reverse it , so i downloaded the sample and started reversing it . The tools that i used for this are Detect It Easy and procmon . …Malware3 min read
Apr 9Persistence using unconventional methodsIn this post I will write about achieving persistence using some unconventional methods . These methods does not use any registry key and they are more stealthy as compared to more mainstream methods . Well there is only one method but this works in a lot of software . One…Malware2 min read
Nov 18, 2021Static Analysis of Hancitor malware -Part1This will be a line by line static analysis of the hancitor malware . I will be using Ghidra and IDA . I am using Ghidra because i dont have IDA decompiler and I am using IDA because I feel like IDA does it better when it comes to assembly…4 min read
Sep 28, 2021Backdooring windows ISOI have a passion for backdooring things . So this time after backdooring linux iso files i tried to backdoor windows ISO files . Adding backdoor to linux ISO file is fairly easy as the OS is open source but when it comes to windows its hard . The backdoor…Malware3 min read
Aug 15, 2021Hacking DiscordI found this bug a while ago . This bug requires initial access . Its great for post exploitation . Discord keeps a sqlite database called installer.db . The database has sha256 hashes of every file that discord uses but it turns out that the integrity of some files are…2 min read
Jul 31, 2021How to extract shell code from memory ?Malwares will sometimes run shellcode directly in memory . The common method to do that is first use VirtualAlloc to allocate memory with the right permissions . Then the malware will use RtlMoveMemory to write the shellcode to the allocated space . …2 min read
Jul 2, 2021Every thing i did so far ..I am writing this blog with hopes that i will probably get hired by someone . I have been trying to get a job in IT but cant seem to impress . I have done enough projects which gave me enough confidence that i can make anything . I like…5 min read
Jun 1, 2021Exfiltrating data using beacon framesBeacon frame : Here is the wikipedia defination . Beacon frame is one of the management frames in IEEE 802.11 based WLANs. It contains all the information about the network. …1 min read
Mar 14, 2021Analysing the Emotet maldocI have been analysing maldocs for few days . I analysed two variants of emotet but i will write about only one variant . This will be a static analysis . First download the samples from here:https://github.com/jstrosch/malware-samples/blob/master/maldocs/emotet/2020/January/samples.zip I dumped the macros using oledump . The streams with M/m contains the…Malware Analysis3 min read
Mar 10, 2021Make a dropper in Assembly(x64)Since you are here , i am going to assume that you know basic about syscalls and how to call them as well as how to assemble and link the assembly files . You may have a question . Why assembly ? Well there are two reasons . My life…Assembly Language3 min read
