Mastodawn

Abdallah Elshinbary Aug 6, 2023

Inspired by @hasherezade's pe_unmapper, I published a small python tool to unmap PE memory dumps. I also added a quick check to handle @hatching_io's Triage memdumps.
https://github.com/n1ght-w0lf/pe-unmapper

GitHub - n1ght-w0lf/pe-unmapper: A small tool to unmap PE memory dumps.

A small tool to unmap PE memory dumps. Contribute to n1ght-w0lf/pe-unmapper development by creating an account on GitHub.

GitHub

Abdallah Elshinbary Jul 15, 2023

It's been exactly 3 years since I published a malware deep dive report, now that I have some free time I decided to write a new blog about #GCleaner #Loader.

The blog covers string decryption, config extraction, C2 communications among other stuff.

https://n1ght-w0lf.github.io/malware%20analysis/gcleaner-loader/

Deep Analysis of GCleaner

GCleaner is a Pay-Per-Install (PPI) loader first discovered in early 2019, it has been used to deploy other malicious families like…

n1ghtw0lf

Abdallah Elshinbary Jun 15, 2023

Hello everyone, I just published a small blog post about writing a generic dotnet string decryptor to help in malware analysis/reverse engineering.

#malware_analysis #reverse_engineering

https://n1ght-w0lf.github.io/tutorials/dotnet-string-decryptor

Dotnet String Decryptor

Welcome back! This is a short blog about reverse engineering dotnet malware. When working with dotnet malware samples…

n1ghtw0lf

Abdallah Elshinbary Dec 17, 2022

I've published 2 quick tutorials about writing #x64dbg scripts and plugins, hope you learn something new :)

https://n1ght-w0lf.github.io/tutorials/writing-x64dbg-scripts/

https://n1ght-w0lf.github.io/tutorials/writing-x64dbg-plugins/

Writing x64dbg scripts

x64dbg is an open-source x64/x32 debugger for windows, it has dozens of features that make the life of reverse engineers and malware…

N1ght-W0lf

Blog	https://n1ght-w0lf.github.io
Twitter	https://twitter.com/_n1ghtw0lf
Github	https://github.com/N1ght-W0lf