Ghidra

TryHackMe: Industrial Intrusion - auth (9005) June 27, 2025

A reverse engineering challenge involving XOR decoding and memory comparison to retrieve the flag from a remote industrial gateway.

SwampCTF: You Shall Not Passss March 31, 2025

This writeup details the solution to the “You Shall Not Passss” reverse engineering challenge from SwampCTF, involving dynamic analysis with Ghidra and gdb to decrypt the flag, and analysis of shellcode execution.

Automated String Decryption for Mirai Malware Analysis April 3, 2024

A Ghidra script that automates the tedious process of identifying and decrypting obfuscated strings in Mirai malware samples. Built to work across multiple processor architectures.

Why Use This?

Mirai malware variants obfuscate their strings using various encryption methods to evade static analysis. Manually identifying and decrypting these strings is time-consuming and error-prone. This script automates the entire process, allowing you to focus on analyzing the malware’s behavior rather than fighting with encryption routines.