GhouLSec – Medium

GhouLSec

[Mal Series #27] NSIS Packed Electron App

Malware analysis on NSIS packed electron application.

Feb 5

[Mal Series #27] NSIS Packed Electron App

Feb 5

[Misc Series #6] Windbg Remote Debugging

How to debug user-mode code with Windbg using remote debugging.

Sep 15, 2024

[Misc Series #6] Windbg Remote Debugging

Sep 15, 2024

[Misc Series #5] How Windows CMD and PowerShell Execute a File?

This blog will note down some mechanism that Windows implemented to select an application to open a file.

May 22, 2024

[Misc Series #5] How Windows CMD and PowerShell Execute a File?

May 22, 2024

[Misc Series #4] Forensics on EDRSilencer Events

Here are some of the indicators that we can go for if the EDR telemetry data flow has been “blocked” due to any security events.

Jan 4, 2024

[Misc Series #4] Forensics on EDRSilencer Events

Jan 4, 2024

[Mal Series #26] Quick Analysis on Maldoc in PDF

Quick analysis on maldoc in PDF from JPCert blog. Some interesting artifcats were found in this case also.

Sep 1, 2023

[Mal Series #26] Quick Analysis on Maldoc in PDF

Sep 1, 2023

[Mal Series #25] The spawn of conhost.exe

Personal findings on conhost.exe 0xffffffff -ForceV1

May 30, 2023

May 30, 2023

[Misc Series #3] Vuln ProcExp 16.32

Analysis on how does the vulnerable version of ProcExp driver terminate a process.

May 11, 2023

[Misc Series #3] Vuln ProcExp 16.32

May 11, 2023

[Mal Series #24] Qakbot BB12 DLL Analysis 2023

Qakbot BB12 analysis

Mar 5, 2023

[Mal Series #24] Qakbot BB12 DLL Analysis 2023

Mar 5, 2023

[Misc Series #2] Debug trick with Image File Execution Options (IFEO)

Debug file once it launched with Image File Execution Options (IFEO)

Jan 13, 2023

[Misc Series #2] Debug trick with Image File Execution Options (IFEO)

Jan 13, 2023

[RedDev #5] Rundll32 COM Hijack executor in C++

Simple explanation on how does the COM executed via rundll32 with switch -sta / -localserver

Dec 20, 2022

[RedDev #5] Rundll32 COM Hijack executor in C++

Dec 20, 2022

[Vuln Series #1] CLFS Vulnerability Analysis

The sample most probably related to CVE-2022-24521 which is related to CLFS parsing bug.

Nov 10, 2022

[Vuln Series #1] CLFS Vulnerability Analysis

Nov 10, 2022

[Mal Series #23] Malware Loader — Bumblebee

Some of the function for the analyzed sample is similar with the one mentioned in SentinelOne blog. The difference might be additional…

Jun 4, 2022

[Mal Series #23] Malware Loader — Bumblebee

Jun 4, 2022

[CTF Series #12] Mini Linux Forensics — MUS22

Digital forensic challenge by cyberdefenders.org

May 16, 2022

[CTF Series #12] Mini Linux Forensics — MUS22

May 16, 2022

[Mal Series #22] Weird Embedded PDF file

PDF file embedded with a “VelvetSweatshop” encrypted excel file which contains contains payload that using CVE-20170199 to download its…

Mar 24, 2022

[Mal Series #22] Weird Embedded PDF file

Mar 24, 2022

[RedDev Series #4] Experimenting SysWhisper2 with LLVM Obfuscator

Some notes on setting up both LLVM obfuscator and SysWhisper2 in Visual Studio 2019.

Feb 5, 2022

[RedDev Series #4] Experimenting SysWhisper2 with LLVM Obfuscator

Feb 5, 2022

[Mal Series #21] BazarLoader

Here is the bazarloader DLL sample extracted from a MFC parent file.

Dec 4, 2021

[Mal Series #21] BazarLoader

Dec 4, 2021

[CTF Series #11] C# P/Invoke + Reflective load

This CTF challenge is inspired by some red teaming C# scripts and malware (e.g. Agent Tesla)

Nov 6, 2021

[CTF Series #11] C# P/Invoke + Reflective load

Nov 6, 2021

[Mal Series #20] Android libarm_protect packer

Just came across with some android malware that packed with libarm_protect packer.

Nov 2, 2021

[Mal Series #20] Android libarm_protect packer

Nov 2, 2021

[RedDev Series #3] Spawn Process From WMI In C++

COM object provides another options to create a new process besides using common Windows APIs such as CreateProcess or ShellExecute.

Oct 16, 2021

[RedDev Series #3] Spawn Process From WMI In C++

Oct 16, 2021

[Mal Series#19] Trickbot shellcode analysis

Trickbot shellcode v1106, 2021 analysis.

Aug 10, 2021

[Mal Series#19] Trickbot shellcode analysis

Aug 10, 2021

GhouLSec

GhouLSec

Typical memes addict🐒from Malaysia. GitHub: https://github.com/ghoulgy 🍕Support my work: https://www.buymeacoffee.com/GhoulSec

Following

Help
Status
About
Careers
Press
Blog
Privacy
Rules
Terms
Text to speech