View on GitHub GitHub Profile

Usman Sikander (a.k.a Offensive-Panda)

Welcome to my professional portfolio, a centralized hub where you can access a comprehensive collection of my cybersecurity series and projects, expertly organized for your exploration and insight.

portfolio

Profile views


Cybersecurity series

Series Details
Advanced Evasion Techniques This comprehensive and central repository is designed for cybersecurity enthusiasts, researchers, and professionals seeking to stay ahead in the field. It provides a valuable resource for those dedicated to improving their skills in malware development, malware research, offensive security, security defenses, and measures.
Malware Analysis This central repository is crafted for cybersecurity enthusiasts, researchers, and professionals aiming to advance their skills. It offers valuable resources for those focused on analyzing and understanding different types of malware.
Process Injection Techniques This comprehensive process injection series is crafted for cybersecurity enthusiasts, researchers, and professionals who aim to stay at the forefront of the field. It serves as a central repository of knowledge, offering in-depth exploration of various process injection techniques used by adversaries.

Pinned projects

Public
RWX MEMORY HUNT AND INJECTION DV
Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region. This technique is finding RWX region in already running processes in this case OneDrive.exe and Write shellcode into that region and execute it without calling VirtualProtect, VirtualAllocEx, VirtualAlloc.
šŸ”“ C++
Public
Dirty Vanity New (DV_NEW)
This is the combination of multiple evasion techniques. It is using direct syscalls to bypass user-mode EDR hooking and also to avoid static detection of syscalls instruction in stub I am using egg hunt technique. Egg hunt will place random bytes using DB instruction in syscall stub in the place of syscalls instructions and on run time it patch again those bytes with syscall instruction to transit into kernel.
šŸ”“ C++ šŸŸ¢ C šŸŸ” Assembly
Public
Lsass Memory Dumping (D3MPSEC)
"D3MPSEC" is a memory dumping tool designed to extract memory dump from Lsass process using various techniques, including direct system calls, randomized procedures, and prototype name obfuscation. Its primary purpose is to bypass both static and dynamic analysis techniques commonly employed by security measures.
šŸ”“ C++ šŸŸ¢ C šŸŸ” Assembly
Public
DLL Hijacking and Mock directories (C2_Elevated_Shell_DLL_Hijcking)
DLL Hijacking and Mock directories technique to bypass Windows UAC security feature and getting high-level privileged reverse shell. Security researchers identified this technique which uses a simplified process of DLL hijacking and mock folders to bypass UAC control.
šŸŸ£ Batch šŸ”“ C++
Public
Defense Evasion Techniques
This comprehensive and central repository is designed for cybersecurity enthusiasts, researchers, and professionals seeking to stay ahead in the field. It provides a valuable resource for those dedicated to improving their skills in malware development, offensive security, and security defenses.
šŸ”“ C++ šŸŸ¢ C šŸŸ” Assembly šŸŸ£ Batch šŸŸ  C#
Public
Process Injection Techniques
This comprehensive process injection series is crafted for cybersecurity enthusiasts, researchers, and professionals who aim to stay at the forefront of the field. It serves as a central repository of knowledge, offering in-depth exploration of various process injection techniques used by adversaries.
šŸ”“ C++ šŸŸ¢ C šŸŸ” Assembly šŸŸ£ Batch šŸŸ  C#
Public
NT-AUTHORITY-SYSTEM-CONTEXT-RTCORE
This exploit rebuilds and exploit the CVE-2019-16098 which is in driver Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys and RTCore32.sys) allows any authenticated user to read and write to arbitrary memory, I/O ports, and MSRs. Instead of hardcoded base address of Ntoskrnl.exe, I calculated it dynamically and recalculated all offsets for new version of windows.
šŸ”“ C++
Public
WPM-MAJIC-ENTRY-POINT-INJECTION
This exploit is utilising AddressOfEntryPoint of process which is RX and using WriteProcessMemory internal magic to change the permission and write the shellcode. Exploit also using direct syscalls to bypass user-mode hooking of AV/EDRs. This technique is avoiding the usage of VirtualAlloc, VirtualProtect APIs directly inside the code. The working of VirtualProtect will be covered by WPM magic.
šŸ”“ C++ šŸŸ¢ C šŸŸ” Assembly
Public
.NET_PROFILER_DLL_LOADING
.NET profiler DLL loading can be abused to make a legit .NET application load a malicious DLL using environment variables. This exploit is loading a malicious DLL using Task Scheduler (MMC) to bypass UAC and getting admin privileges.
šŸ”“ C++ šŸŸ¢ C
Public
PEB_WALK_AND_API_OBFUSCATION_INJECTION
This exploit use PEB walk technique to resolve API calls dynamically and obfuscate all API calls to perform process injection. These technqies will help to bypass static analysis of AV/EDR solutions.
šŸ”“ C++
Public
Collect_Threat_Intel_AND_Malware_Using_Honeypots
This code run as a service and monitoring all sysmon event logs and take action based on events generated by attacker's activities. Upload all dropped and created malwares, files on server for further analysis. This captures all commands executed by attacker on a system. This can be deployed in production as well in high-interaction honeypot systems to monitor attack activities.
šŸŸ  C#
Public
Malware Analysis
This central repository is crafted for cybersecurity enthusiasts, researchers, and professionals aiming to advance their skills. It offers valuable resources for those focused on analyzing and understanding different types of malware.
šŸ”“ C++ šŸŸ¢ C šŸŸ” Assembly šŸŸ£ Batch šŸŸ  C#

Work setup

MYSETUP

Connect with me

TwitterTwitter LinkedInLinkedIn MediumMedium

Languages and tools

C C++ C# CSS3 HTML5 Python

GitHub stats

Top Languages GitHub Stats