Description

This site is a place where I would put things that I have learnt along the way :D

Malware Analysis

Sample Analysis

• 25 Apr 2025 - 20250425015541 - BLG - Simple Removal of Disruptive Adware-ish APK Simple Removal of Disruptive Adware-ish APK
• 23 Feb 2025 - 20250222215149 - BLG - Analysis on Destructive MEMZ’s Master Boot Record
• 01 Mar 2025 - 20250225122153 - BLG - Taking a look into NotPetya’s MBR Corruption
• 18 Jun 2024 - 20240618221206 - BLG - Opaque Predicate Control Flow Deobfuscation- ICEDID
• 20 May 2024 - 20240520125600 - BLG - A Quick Look at BlackWood DLL Loader
• 17 Aug 2022 - 20220817123000 - BLG - My First Malware Sample Analysis

Malware Techniques

• 15 Nov 2024 - 20241114145726 - BLG - How CHM Files Are Used and Misused by Bad People
• 01 Nov 2024 - 20241101132806 - BLG- Loading and Executing .NET Binaries from Unmanaged Applications
• 05 Sep 2023 - 20230905172200 - BLG - Relocation Table and Import Address Table (IAT) in Reflectively Loaded PE File
• 13 Jun 2023 - 20230613092700 - BLG - Quick Study of Bring Your Own Vulnerable Driver (BYOVD)
• 09 Sep 2022 - 20220909000000 - BLG - Understanding 64 bits Windows 10 Shellcode (Calc.exe) - Part 2
• 08 Sep 2022 - 20220908000000 - BLG - Understanding 64 bits Windows 10 Shellcode (Calc.exe) - Part 1
• 06 Sep 2022 - 20220906042300 - BLG - DudeLocker (Flare-on 2016) - RVA and Import Descriptors

Capture The Flag

• 21 Oct 2024 - 20241021000000 - BLG - TISC 2024 Challenge 8 (Wallfacer) Writeup
• 26 Mar 2023 - 20230326024500 - BLG - Alien Saboteaur - HTB Cyber Apocalyse 2023
• 26 Sep 2022 - 20220926030800 - DUCTF2022 - EZPZ RE + Pwn
• 12 Nov 2022 - 20221112181000 - BLG - Flare-on 9 - Challenge 9 and 11

N-Day Analysis

• 06 May 2025 - 20250506012125 - BLG - HEVD Practice ARW and DoubleFetch
• 06 May 2022 - 20220506000000 - BLG - A Case Study of an Incorrect Optimization in V8
• 16 Oct 2020 - 20201016000000 - BLG - Analysis & Exploitation of a Recent TP-Link Archer A7 Vulnerability
• 07 Aug 2020 - 20200807000000 - BLG - ASUSWRT URL Processing Stack Buffer Overflow
• 12 Jul 2020 - 20200712093000 - BLG - CVE-2020-6418 - V8 Type Confusion Bug

Presentation Materials

• 06 Sep 2024 - ( ZettelKasten ) Obsidian Note Taking Tour
• xx xxx 202x - Using Partial Emulation for Malware Analysis
• 06 Apr 2022 - Case Study of Incorrect Optimization of Bitward & Operation in V8

Origami

• 17 Nov 2022 - 20221117000000 - BLG - Origami Scorpion Design from Start to Finish

Misc. Learning

• 13 Feb 2025 - 20250213050315 - BLG - Late Night Experimentation with OpenGrep Late Night Experimentation with OpenGrep
• 18 Nov 2024 - 20241118234900 - BLG - What Happens During a SYSCALL What happen When We SYSCALL?