Reverse-Engineering

Rust Tickler 3 - Huntress CTF 2025 Reverse Engineering Writeup November 3, 2025

Complete walkthrough of Rust Tickler 3, a multi-stage Rust reverse engineering challenge from Huntress CTF 2025. Covers dynamic analysis, memory extraction, custom PRNG XOR cipher, and AES-256-CBC decryption techniques.

TryHackMe: Industrial Intrusion - auth (9005) June 27, 2025

A reverse engineering challenge involving XOR decoding and memory comparison to retrieve the flag from a remote industrial gateway.

SwampCTF: You Shall Not Passss March 31, 2025

This writeup details the solution to the “You Shall Not Passss” reverse engineering challenge from SwampCTF, involving dynamic analysis with Ghidra and gdb to decrypt the flag, and analysis of shellcode execution.

Try Hack Me Hackfinity Battle CTF March 20, 2025

Try Hack Me Hackfinity Battle CTF Writeups

Huntress 2024 October 31, 2024

My notes on five challenges from Huntress CTF 2024: Whamazon, Keyboard Junkie, MOVEable, Strange Calc and OceanLocust. The challenges were solved as part of the Dombusters team.

Automated String Decryption for Mirai Malware Analysis April 3, 2024

A Ghidra script that automates the tedious process of identifying and decrypting obfuscated strings in Mirai malware samples. Built to work across multiple processor architectures.

Why Use This?

Mirai malware variants obfuscate their strings using various encryption methods to evade static analysis. Manually identifying and decrypting these strings is time-consuming and error-prone. This script automates the entire process, allowing you to focus on analyzing the malware’s behavior rather than fighting with encryption routines.