Reverse Engineering

HTB-RAuth

January 22, 2026

Reverse Engineering Linux ELF IDA Rust Rust-Gdb Salsa20

HTB-Hubbub

January 21, 2026

Reverse Engineering Linux ELF Ghidra Avr

PoshC2: Sharp_v4_x64.dll

November 25, 2025

Malware Analysis Reverse Engineering Shellcode Analysis PE DLL .NET Windows Dnspy IDA

A .NET DLL decodes architecture-specific shellcode from an embedded base64 string, allocates executable memory, and spawns a thread to execute it. The shellcode performs NTDLL unhooking, AMSI and ETW patching before executing an embedded PE payload identified as a PoshC2 dropper.

PoshC2: Dropper-cs.exe

November 23, 2025

Malware Analysis Reverse Engineering Windows PE .NET PoshC2 Dnspy

C2 .NET implant. AES-encrypted config, HTTPS beacon to 192.168.248.128, fileless in-memory execution, anti-debug via divide-by-zero.

↑