SANS Certified Threat Researcher with extensive experience in malware reverse engineering & development, YARA/Sigma rule creation, and technical threat reporting. Proven track record in detecting and mitigating advanced threats, supporting incident response, and performing digital forensics. Strong focus on enhancing security through research-driven detection.
Whoami
Shayan Ahmed Khan
Alias: shaddy43
Threat Researcher, DFIR, MalDev
GREM, SC-200, AZ-500, PMRP, HCIA Security
I believe in open-source work & contributions!
Buy Me A Coffee
Recent Posts
Velociraptor: The Ultimate Powerhouse for Swift and Precision Investigations
A deep dive into an open-source DFIR tool and its flexibility
Emotet Malware Analysis
A detailed technical analysis report on Emotet Malware covering 3 stages from initial vbs dropper to stage 2 emotet dll and in-memory loaded module
Memory Patch Deobfuscation
The xloader AKA formbook, hides its core malicious functionality under the guise of encrypted core malicious functions that are patched at run-time in the memory during its exectution
Lagos Island Ntdll Unhooking
This method loads Windows ntdll.dll module from disk into memory, and calls its exported functions directly, rendering user-mode hooking and API monitoring mechanisms ineffective
Ghost in the system, Malware Defense Evasion
A list of interesting Malware Defense Evasion techniques
Layers of Deception: Analyzing the Complex Stages of XLoader 4.3 Malware Evolution
Technical Analysis of xloader4.3/formbook infostealer
From Infection to Encryption: Tracing the Impact of RYUK Ransomware
Technical Analysis of dangerous multi-threading encrypter on which many of the modern ransomware are based on
Decrypting the Mystery of MedusaLocker
Technical Analysis of MedusaLocker Ransomware and its extracted TTPs
RevEnge! Reverse Engineering android apps to bypass SSL pinning for mobile app pen-testing
Bypass SSL pinning manually by patching the APK file for MITM proxy and API testing
Secrets of commercial RATs! NanoCore dissected
Technical analysis of NanoCore RAT 1.2.2.0 malware and its extracted TTPs
RevEnge! Reverse engineering android apps to bypass root detection capabilities for mobile app-pentesting
Bypassing Root Detection by reverse engineering APK and patching code
The epitome of evasion! A custom shellcode
Crafting a custom position independent code (shellcode) to evade defenses
Reverse Auth
Reversing Authenticaion. Completing famous bomb.exe, a reverse engineering exercise to reverse engineer and bypass authentication checks in one hour
Cracked Haven
Understand software cracking and its implications. This article explores the way software cracking works with a practical example of cracking Adobe Photoshop and manually adding backdoor
Analysis of a trojanized anydesk
Technical analysis of a trojanized anydesk, delivering infostealer in anydesk campaign
Projects
BrowserSnatch
This project steals important data from all chromium and gecko browsers installed in the system and gather the data in a stealer db to be exfiltrated out
MalwareAnalysisSeries
This repository contains the analysis reports, technical details or any tools created for analyzing a piece of malware sample. Additionally, the repo also contains interesting TTPs extracted and recreated from malware samples with detection rules
Position Independent Backdoor
This project contains methodology of creating position independent code which can be used to extract shellcode from the generated binary. Shellcode could be injected in any process for evading defenses
Reverse Shell Netcat
This repository contains a program that gives remote shell connection on the sockets back to the c2 server. This connection can be listened on Netcat as well
Donut Injector
An injector that tries to bypass static and dynamic analysis. The shellcodes that are injected must be encrypted with a key and decrypted at runtime to avoid detection
Pocket Encrypter
A light-weight Pocket encrypter using CBC AES 256 for encrypting files with password being passed as a parameter
AES Shellcode Encrypter
A tool that can encrypt all type of files and give the encrypted output in the form of an encrypted shellcode
SGCApp: Secure Group Communication
This repository implements SEGCOM paper to achieve secure group communication in multi-casting