~/posts

10 posts

Reconstructing the Puzzle: Automating Malware String and IAT Recovery
April 19, 2026 ·6 min read
Restored malware readability by automating string recovery through emulation and reconstructing a full IAT from dynamic API hashes.
#malware-analysis#reverse-engineering#deobfuscation#ida#flare-emu
Lại Thêm Một Vụ Mất Tiền Do Lừa Đảo Tải App Dịch Vụ Công
February 1, 2026 ·6 min read
APK giả mạo dịch vụ công được pack bằng dpt-shell. Bài viết phân tích cơ chế pack, cách unpack để lấy DEX gốc, và các hành vi độc hại của malware.
#malware-analysis#reverse-engineering#android#phishing
Analyzing a Cobalt Strike Payload: DLL Hijacking, Alcatraz Obfuscation, and Reflective Loading
December 20, 2025 ·10 min read
This analysis covers a phishing attack that tricks users into executing malware by mimicking a legitimate PDF. We detail the DLL hijacking of a Logitech executable, deobfuscate the Control Flow Flattening in DJCU.dll, and extract the final Cobalt Strike beacon configuration.
#malware-analysis#reverse-engineering#deobfuscation#dll-hijacking#ida
ACS 2025: A Busan Victory with KMA.LightBlue
November 25, 2025 ·26 min read
KMA.LightBlue won 1st place at ACS 2025 in Busan, securing the $20,000 grand prize. This post details our challenge solutions from Qualifier and Finals.
#ctf#writeup#reverse-engineering#acs
Devirtualizing Tigress Challenge 0 with Triton
July 28, 2025 ·10 min read
We devirtualize Tigress Challenge 0 with Triton by combining concrete control flow and symbolic data execution to extract the original 64-bit computation.
#reverse-engineering#deobfuscation#symbolic-execution#tutorial#triton#python