My journey has taken me from Malware Development and Reverse Engineering to SOC Operations, Enterprise DFIR (Digital Forensics & Incident Response) and Operational Technology Threat Hunting. I enjoy understanding threats from both sides, how they are built, how they operate, and how to detect and defend against them.
#Whoami
Shayan Ahmed Khan
@shaddy43
Threat Researcher · Detection & Response · Malware Developer
Turning coffee into commits
Find me on
Recent Posts
BrowserSnatch: Detection & Threat Intelligence Wiki
A community detection knowledge base for BrowserSnatch, an open-source browser data extraction tool
Velociraptor: The Ultimate Powerhouse for Swift and Precision Investigations
A deep dive into an open-source DFIR tool and its flexibility
Emotet Malware Analysis
A detailed technical analysis report on Emotet Malware covering 3 stages from initial vbs dropper to stage 2 emotet dll and in-memory loaded module
Memory Patch Deobfuscation
The xloader AKA formbook, hides its core malicious functionality under the guise of encrypted core malicious functions that are patched at run-time in the memory during its exectution
Lagos Island Ntdll Unhooking
This method loads Windows ntdll.dll module from disk into memory, and calls its exported functions directly, rendering user-mode hooking and API monitoring mechanisms ineffective
Ghost in the system, Malware Defense Evasion
A list of interesting Malware Defense Evasion techniques
Layers of Deception: Analyzing the Complex Stages of XLoader 4.3 Malware Evolution
Technical Analysis of xloader4.3/formbook infostealer
From Infection to Encryption: Tracing the Impact of RYUK Ransomware
Technical Analysis of dangerous multi-threading encrypter on which many of the modern ransomware are based on
Decrypting the Mystery of MedusaLocker
Technical Analysis of MedusaLocker Ransomware and its extracted TTPs
RevEnge! Reverse Engineering android apps to bypass SSL pinning for mobile app pen-testing
Bypass SSL pinning manually by patching the APK file for MITM proxy and API testing
Secrets of commercial RATs! NanoCore dissected
Technical analysis of NanoCore RAT 1.2.2.0 malware and its extracted TTPs
RevEnge! Reverse engineering android apps to bypass root detection capabilities for mobile app-pentesting
Bypassing Root Detection by reverse engineering APK and patching code
The epitome of evasion! A custom shellcode
Crafting a custom position independent code (shellcode) to evade defenses
Reverse Auth
Reversing Authenticaion. Completing famous bomb.exe, a reverse engineering exercise to reverse engineer and bypass authentication checks in one hour
Cracked Haven
Understand software cracking and its implications. This article explores the way software cracking works with a practical example of cracking Adobe Photoshop and manually adding backdoor
Analysis of a trojanized anydesk
Technical analysis of a trojanized anydesk, delivering infostealer in anydesk campaign
Projects
BrowserSnatch is an offensive-security research tool that extracts and decrypts sensitive data from web browsers
Deep technical malware analysis reports, RE tools, unpacked stages, and recreated TTPs with detections for infamous malware families
Complete methodology of creating custom shellcodes for injection and evasion
Simple PoC that gives remote shell connection on the sockets back to the c2 server (custom or netcat)
Injector that evades defenses with encrypted shellcode
Personal encryptor used to encrypt individual or recursive files based on prompted passphrase.
A tool to read and encrypt shellcode (.bin) and display encrypted bytes as output to be copied in Injectors for evasion
This repository implements SEGCOM paper to achieve secure group communication in multi-casting