<code_samples />
process-injection.cC
// Process Injection Example
HANDLE hProcess = OpenProcess(
PROCESS_ALL_ACCESS,
FALSE,
targetPID
);
LPVOID pRemoteCode = VirtualAllocEx(
hProcess,
NULL,
dwSize,
MEM_COMMIT,
PAGE_EXECUTE_READWRITE
);memory-scanner.rsRust
// Memory Scanning in Rust
fn scan_memory(pattern: &[u8]) -> Option<usize> {
unsafe {
let base = 0x400000 as *const u8;
let size = 0x100000;
for i in 0..size {
if check_pattern(base.add(i), pattern) {
return Some(i);
}
}
}
None
}pe-analyzer.pyPython
# Binary Analysis Script
import pefile
def analyze_pe(filepath):
pe = pefile.PE(filepath)
print(f"[*] Entry Point: {hex(pe.OPTIONAL_HEADER.AddressOfEntryPoint)}")
print(f"[*] Sections: {pe.FILE_HEADER.NumberOfSections}")
for section in pe.sections:
print(f" {section.Name.decode().strip()}: {hex(section.VirtualAddress)}")api-hook.cppC++
// API Hook Implementation
typedef NTSTATUS (WINAPI* NtCreateFile_t)(
PHANDLE FileHandle,
ACCESS_MASK DesiredAccess,
/* ... */
);
NtCreateFile_t pOriginal = nullptr;
NTSTATUS WINAPI HookedNtCreateFile(/* ... */) {
// Intercept file operations
LogFileAccess(ObjectAttributes);
return pOriginal(/* ... */);
}// expertise
{ }
Languages
- ›C
- ›C++
- ›Rust
- ›Python
</>
Malware Development
- ›Process Injection
- ›API Hooking
- ›Shellcode
- ›Evasion Techniques
⟲
Reverse Engineering
- ›Static Analysis
- ›Dynamic Analysis
- ›Unpacking
- ›Decompilation
⚠
Security Research
- ›Vulnerability Research
- ›Exploit Development
- ›Binary Analysis
- ›Threat Hunting
/* toolchain */
Development
▸
Visual Studio Code
Primary code editor for development
Development
▸
Microsoft Visual Studio
C/C++ development and debugging
Development
▸
Android Studio
Mobile security research and analysis
Reverse Engineering
▸
IDA Pro
Advanced disassembler and debugger
Reverse Engineering
▸
Ghidra
Open-source reverse engineering suite