Reverse Engineering
Our efforts in Reverse engineering aids in identifying vulnerabilities, understanding threats, and formulating robust defense mechanisms, making it integral to maintaining a secure and resilient digital environment.
Our efforts in Reverse engineering aids in identifying vulnerabilities, understanding threats, and formulating robust defense mechanisms, making it integral to maintaining a secure and resilient digital environment.
Our focus in malware research involves dissecting and understanding the operation of malicious software. By documenting their behavior and impact, we provide crucial insights that aid in devising effective defensive strategies, contributing to a better understanding and stronger defense against emerging cyber threats.
We offer penetration testing services, identifying vulnerabilities by simulating real-world attacks on your digital infrastructure. Our process uncovers potential threats, providing actionable insights for improved security measures, ensuring robust defense and resilience for your business operations.
Our involvement in open-source focuses on offensive security techniques and tools. We utilize and contribute to community-driven projects. This collaborative approach promotes innovative solutions, ultimately strengthening defense against evolving cyber threats.
Medium Account Showcasing Our High-Quality Articles focusing on Malware Research, General Information Security and Programming.
MoreComprehensive C# Project to Understand the Concept of Malware Command and Control (C2) Using FTP as a Communication Channel.
MoreSecure remote desktop application for Microsoft Windows entirely written in PowerShell for the server and a cross-platform client.
MoreComplete and Optimized Remote Desktop Application Entirely Coded in PowerShell (Multi-Screen, Keyboard Sync, Mouse Sync, Clipboard Sync, and More)
MoreOpen-Source Application for Comprehensive Search and Exploration of Windows DLL Exported Functions for Malware Research and Analysis.
MoreComprehensive Search Engine for Malware Evasion Techniques (Documentation, Code Snippets, YARA Rules, and More)
MoreMalware Museum: Showcasing the Most Impactful Malware from the 1990s to the Early 2000s. Get Ready to Journey Back to the Golden Age of Malware.
MoreGitHub Profile Showcasing Our Open-Source Projects, Proof of Concept (POCs) and Snippets related to Malware and Offensive Security.
MoreSecureString
to handle password.2 years, 10 months ago
2 years, 10 months ago
2 years, 10 months ago
2 years, 10 months ago
Power Remote Desktop is a powerful and easy-to-use remote desktop application that is written entirely in PowerShell. Unlike other remote desktop solutions, it does not rely on any external software or protocols to function, making it quick and easy to install and use. Its primary advantage is its use of PowerShell, which allows for seamless integration with other scripts and tools, as well as its user-friendly interface. Power Remote Desktop is a versatile and reliable solution for anyone needing to access and control remote computers.
2 years, 10 months ago
The tool is a PowerShell module that allows you to load and execute .NET assemblies from memory, transferred over a network connection such as HTTP. It consists in retrieving the .NET assembly located at an URL. It then loads the assembly into memory and executes with given parameters.
This tool is useful for anyone who needs to load and execute .NET assemblies over a network connection, such as during a penetration testing engagement or when working with remote systems. It allows you to easily load and execute assemblies from memory, without the need to save them to disk first.
3 years ago
This proof of concept (PoC) project emphasizes the potential risks associated with InnoSetup installers. Such installers should always be regarded with caution. They can not only harbor malware but it's also possible to construct a fully functional piece of malware utilizing their embedded scripting engines.
In this PoC, we delve into the InnoSetup scripting engine (derived from Pascal) to execute a shellcode generated with msfvenom.
3 years, 3 months ago
New code snippet that demonstrate how Malware authors create self-deleting application. This technique rely on code injection to a remote process that is tasked to inspect for malware sample process end.
3 years, 9 months ago
YASE (Yet Another Sub Encoder) Encoder is python project created during my OSCE (Offensive Security Certified Expert) preparation to better understand and simplify the process of sub encoding shellcode in order to escape bad character restriction.
3 years, 11 months ago
New code snippet that demonstrate how to automatically detect code caves in Microsoft Windows PE Files.
It is then possible to inject a shellcode in located code-cave (optionally encrypted) and redirect PE file entrypoint to shellcode.
This was a common technique used by old school viruses to inject other applications and self-replicate.
Available commands:
-f
/ --file
: Valid PE File location (Ex: /path/to/calc.exe).-p
/ --payload
: Shellcode Payload (Example: "\x01\x02\x03…\x0a").-x
/ --encrypt
: Encrypt main section (entry point section).-k
/ --encryption-key
: Define custom encryption key (1 Byte only).-c
/ --cave-opcodes
: Define code opcode list to search for.-s
/ --cave-min-size
: Minimum size of region to be considered as code cave.-e
/ --egg
: Define a custom egg name (ESP Restore Mechanism).4 years ago
New snippet that demonstrate the use of Windows API OutputDebugStringA and OutputDebugStringW to detect the presence of debuggers.
4 years, 2 months ago
New code snippet that demonstrate the usage of SuspendThread to detect the presence of debuggers.
4 years, 2 months ago
New code snippet that demonstrate how Malware authors detects the presence of debuggers using both Microsoft Windows API's: FindWindowA and FindWindowW API's.
4 years, 2 months ago
New code snippet that demonstrate how Malware authors detects the presence of debuggers using both Microsoft Windows API's: FindWindowA and FindWindowW API's.
4 years, 2 months ago
New code snippet that demonstrate how malware control the Debug
flag from a running process PEB (Process Environment Block) in order to detect the presence of a debugger.
4 years, 3 months ago
The application is a tool that allows you to run commands as another Microsoft Windows user without spawning a new console. This means that the commands are executed within the current terminal, rather than in a separate window.
To use the application, you need to specify the name and password of the user that you want to run the command as, as well as the command itself. The application will then execute the command as the specified user, attached to the current terminal.
This can be useful in a variety of situations where you need to run a command with different permissions or privileges than your own user account. For example, you might use the application to run a command as an administrator when you don't have administrative permissions, or to run a command as a different user in order to test or troubleshoot something.
4 years, 6 months ago
The application is a command-line tool that allows you to execute commands as a different user without the need to log out and log back in. This can be useful in a variety of situations where you need to run a command with different permissions or privileges than your own user account, such as when you need to run a command as an administrator or when you need to test or troubleshoot something.
To use the application, you need to specify the name and password of the user that you want to run the command as, as well as the command itself. The application will then execute the command as the specified user within the current console window.
4 years, 6 months ago
The application is a tool that allows you to run commands as another Microsoft Windows user without spawning a new console. This means that the commands are executed within the current terminal, rather than in a separate window.
To use the application, you need to specify the name and password of the user that you want to run the command as, as well as the command itself. The application will then execute the command as the specified user, attached to the current terminal.
This can be useful in a variety of situations where you need to run a command with different permissions or privileges than your own user account. For example, you might use the application to run a command as an administrator when you don't have administrative permissions, or to run a command as a different user in order to test or troubleshoot something.
4 years, 6 months ago
Win Brute Logon is designed to simulate a brute-force attack on a Microsoft account by guessing large numbers of password combinations in a short amount of time. This allows pentesters to test the security posture of their systems and assess their defenses against brute-force attacks. The tool exploits the lack of an account lockout mechanism, which is a common weakness in many systems (before account lockout becomes enabled by default on Windows 11). By attempting to guess the password of an account, the tool can help pentesters identify and address vulnerabilities in their security measures. It should be used responsibly and within the bounds of the law.
4 years, 6 months ago