Reverse Engineering

Our efforts in Reverse engineering aids in identifying vulnerabilities, understanding threats, and formulating robust defense mechanisms, making it integral to maintaining a secure and resilient digital environment.

Malware Research

Our focus in malware research involves dissecting and understanding the operation of malicious software. By documenting their behavior and impact, we provide crucial insights that aid in devising effective defensive strategies, contributing to a better understanding and stronger defense against emerging cyber threats.

Penetration Testing

We offer penetration testing services, identifying vulnerabilities by simulating real-world attacks on your digital infrastructure. Our process uncovers potential threats, providing actionable insights for improved security measures, ensuring robust defense and resilience for your business operations.

Open-Source

Our involvement in open-source focuses on offensive security techniques and tools. We utilize and contribute to community-driven projects. This collaborative approach promotes innovative solutions, ultimately strengthening defense against evolving cyber threats.

I’m currently overwhelmed with commitments and unable to dedicate time to my public research and tools. Unfortunately, I can't predict when I’ll be more available. However, I’m still addressing bug fixes and urgent requests. I appreciate your understanding and continued support!

Introducing "The Malware Gallery" - Your interactive, living museum showcasing the most notorious trojans and malware from past decades. Now in its beta phase, this ever-evolving collection is set to expand, so stay tuned for updates!

There are two primary motivations behind the project: First, it serves as a homage to the ingenious, albeit malicious, software creations that inspired many of us, myself included, to pursue a career in cybersecurity. These "pieces of art" so to speak, have played a pivotal role in shaping the trajectory of my professional life.

Second, it's an educational resource for newcomers to the field. Understanding the history of malware is essential for comprehending the complexities of today's cybersecurity landscape. For those who didn't grow up exposed to these early examples, The Malware Gallery offers a rare glimpse into the origins of cyber threats, enriching your knowledge.

Additionally, this project complements my recent article series, "Malware Retrospective" adding a layer of depth and reciprocity to the topics covered.

5 months, 3 weeks ago

This lightweight C# application serves as a demonstration of how simple it is to interactively access a remote system's shell via named pipes using the SMB protocol. It includes an optional encryption layer leveraging AES GCM, utilizing a shared passphrase between both the server and the client.

6 months, 1 week ago

SharpFtpC2 is a small, experimental project aimed at exploring the possibility of using FTP(S) for relaying commands and responses between two remote computers. It employs the FTP protocol as a makeshift tunnel through which the computers, both acting as clients connected to an FTP server, can communicate. A simple session management scheme is used to keep track of the exchange of requests and responses.

8 months, 2 weeks ago

DLest is a Microsoft Windows application that helps developers and malware analysts analyze and manipulate exported functions in Portable Executable (PE) files, especially DLLs. It allows you to enumerate exported functions using various methods and supports the analysis of memory-loaded modules in real time. It also has the ability to dump a reconstructed version of any module for further analysis. DLest is fully multithreaded and efficient for processing large numbers of PE files. It is useful for developers and malware analysts and streamlines their tasks.

1 year, 2 months ago

PsyloDbg is a versatile, user-friendly, and open-source debugger for the Windows platform. It is entirely written in Delphi, and its purpose is to assist malware analysts in their work by providing them with a fast and effective tool. As a result, analysts can save time and improve their response to malware threats.

1 year, 4 months ago

The purpose of this tool is to allow users to run applications with system-level privileges in the context of their current active Windows session, using only the Microsoft Windows Task Scheduler.

Unlike other common tools, this technique does not require any external software or services, and can be easily configured to launch the system terminal and run the desired application within the current session. This allows users to access system-level functionality and interact with the application in real time.

2 years ago

PowerRunAsAttached is a ported version of RunAsAttached in pure PowerShell.

2 years, 1 month ago

PowerBruteLogon is a ported version of WinBruteLogon in pure PowerShell.

2 years, 1 month ago

Power Remote Desktop is a powerful and easy-to-use remote desktop application that is written entirely in PowerShell. Unlike other remote desktop solutions, it does not rely on any external software or protocols to function, making it quick and easy to install and use. Its primary advantage is its use of PowerShell, which allows for seamless integration with other scripts and tools, as well as its user-friendly interface. Power Remote Desktop is a versatile and reliable solution for anyone needing to access and control remote computers.

2 years, 1 month ago

The tool is a PowerShell module that allows you to load and execute .NET assemblies from memory, transferred over a network connection such as HTTP. It consists in retrieving the .NET assembly located at an URL. It then loads the assembly into memory and executes with given parameters.

This tool is useful for anyone who needs to load and execute .NET assemblies over a network connection, such as during a penetration testing engagement or when working with remote systems. It allows you to easily load and execute assemblies from memory, without the need to save them to disk first.

2 years, 4 months ago

This proof of concept (PoC) project emphasizes the potential risks associated with InnoSetup installers. Such installers should always be regarded with caution. They can not only harbor malware but it's also possible to construct a fully functional piece of malware utilizing their embedded scripting engines.

In this PoC, we delve into the InnoSetup scripting engine (derived from Pascal) to execute a shellcode generated with msfvenom.

2 years, 7 months ago

YASE (Yet Another Sub Encoder) Encoder is python project created during my OSCE (Offensive Security Certified Expert) preparation to better understand and simplify the process of sub encoding shellcode in order to escape bad character restriction.

3 years, 3 months ago

The application is a tool that allows you to run commands as another Microsoft Windows user without spawning a new console. This means that the commands are executed within the current terminal, rather than in a separate window.

To use the application, you need to specify the name and password of the user that you want to run the command as, as well as the command itself. The application will then execute the command as the specified user, attached to the current terminal.

This can be useful in a variety of situations where you need to run a command with different permissions or privileges than your own user account. For example, you might use the application to run a command as an administrator when you don't have administrative permissions, or to run a command as a different user in order to test or troubleshoot something.

3 years, 9 months ago

The application is a command-line tool that allows you to execute commands as a different user without the need to log out and log back in. This can be useful in a variety of situations where you need to run a command with different permissions or privileges than your own user account, such as when you need to run a command as an administrator or when you need to test or troubleshoot something.

To use the application, you need to specify the name and password of the user that you want to run the command as, as well as the command itself. The application will then execute the command as the specified user within the current console window.

3 years, 9 months ago

The application is a tool that allows you to run commands as another Microsoft Windows user without spawning a new console. This means that the commands are executed within the current terminal, rather than in a separate window.

To use the application, you need to specify the name and password of the user that you want to run the command as, as well as the command itself. The application will then execute the command as the specified user, attached to the current terminal.

This can be useful in a variety of situations where you need to run a command with different permissions or privileges than your own user account. For example, you might use the application to run a command as an administrator when you don't have administrative permissions, or to run a command as a different user in order to test or troubleshoot something.

3 years, 9 months ago

Win Brute Logon is designed to simulate a brute-force attack on a Microsoft account by guessing large numbers of password combinations in a short amount of time. This allows pentesters to test the security posture of their systems and assess their defenses against brute-force attacks. The tool exploits the lack of an account lockout mechanism, which is a common weakness in many systems (before account lockout becomes enabled by default on Windows 11). By attempting to guess the password of an account, the tool can help pentesters identify and address vulnerabilities in their security measures. It should be used responsibly and within the bounds of the law.

3 years, 9 months ago