Offensive Security Researcher

USMAN SIKANDER

ADVERSARY EMULATION  ·  RED TEAMING  ·  MALWARE DEV

InfoSec enthusiast — living in the purple 💜 but in love with red ❤️. Crafting offensive tools, validating modern defenses, and emulating real-world adversaries with precision.

Read Articles View Projects
offensive-panda@redteam:~
LIVE
MITRE ATT&CK
T1055 · Process InjectionT1059 · Command & ScriptingT1003 · OS Credential DumpingT1548 · Abuse Elevation ControlT1218 · Signed Binary ProxyT1140 · Deobfuscate/DecodeT1027 · Obfuscated FilesT1070 · Indicator RemovalT1562 · Impair DefensesT1134 · Access Token ManipulationT1055 · Process InjectionT1059 · Command & ScriptingT1003 · OS Credential DumpingT1548 · Abuse Elevation ControlT1218 · Signed Binary ProxyT1140 · Deobfuscate/DecodeT1027 · Obfuscated FilesT1070 · Indicator RemovalT1562 · Impair DefensesT1134 · Access Token Manipulation
01 // Who I Am

Threat Actor Perspective

I specialize in understanding and emulating real-world adversary techniques, redteaming, malware development — from low-level shellcode to sophisticated AV/EDR bypasses. The goal: truly think like an attacker.

CURRENTLY FOCUSED ON

Adversary Emulation & Red Teaming
Malware Development
Network Penetration Testing
Active Directory Exploitation
Breach & Attack Simulation
Security Control Validation
SOC Use Case Validation
IR Capabilities Validation
EDR / XDR Evasion
Payload Customization

CERTIFICATIONS

CRTP
Certified Red Team Professional
CRTO
Certified Red Team Operator
CRTA
Certified Red Team Analyst
PJPT
Practical Junior Penetration Tester
CEH
Certified Ethical Hacker
HCIA
Huawei Certified ICT Associate
CSFPC
Cyber Security Foundation
ISO 27001
Information Security Mgmt
Buy Me a Coffee Donate via PayPal
02 // Knowledge Base

Research Series

DEFENSE EVASION
Defense Evasion
01
Defense Evasion
Advanced Evasion Techniques
AV/EDR bypass, payload obfuscation, syscall abuse, and living-off-the-land strategies for modern environments.
Explore Series
MALWARE ANALYSIS
Malware Analysis
02
Malware Analysis
Malware Analysis Series
Static & dynamic analysis, reverse engineering PE files, behavioral dissection, and unpacking techniques.
Explore Series
PROCESS A lsass.exe PROCESS B inject → SHELL PROCESS INJECTION
Process Injection
03
Process Injection
Process Injection Techniques
DLL injection, reflective loading, shellcode runners, early-bird injection, and adversary TTPs in depth.
Explore Series
03 // Open Source

Pinned Projects

RWX Memory Hunt & Injection
Abuses Windows fork API + OneDrive.exe to inject shellcode into existing RWX regions — no VirtualProtect, no VirtualAllocEx.
C++
VIEW
ShadowDumper
Advanced LSASS memory dumper with multiple techniques for credential extraction. Flexible red team options.
C++CASM
VIEW
D3MPSEC — Lsass Dumper
Dumps LSASS via direct syscalls, randomized procedures, prototype name obfuscation to bypass AV/EDR.
C++CASM
VIEW
Lsass Reflect Dumping
RtlCreateProcessReflection to clone lsass.exe, MINIDUMP_CALLBACK_INFORMATION for dump. Parses with Mimikatz.
C++
VIEW
NT AUTHORITY — RTCORE Exploit
CVE-2019-16098 (MSI Afterburner RTCore) with dynamic Ntoskrnl.exe base and recalculated offsets for modern Windows.
C++
VIEW
WPM Magic Entry Point Injection
AddressOfEntryPoint exploit via WriteProcessMemory internal magic. Direct syscalls bypass EDR user-mode hooks.
C++CASM
VIEW
.NET Profiler DLL Loading
Abuses .NET profiler via env vars + Task Scheduler (MMC) to load malicious DLL and bypass UAC for admin escalation.
C++C
VIEW
PEB Walk & API Obfuscation Injection
Dynamic API resolution via PEB walk + API call obfuscation during process injection to defeat static AV/EDR analysis.
C++
VIEW
Dirty Vanity New (DV_NEW)
Direct syscalls + egg-hunt technique to bypass EDR hooks and avoid static detection of syscall instruction stubs.
C++CASM
VIEW
04 // Activity

GitHub Stats

Total Stars
across all repos
Total Forks
community forks
Public Repos
open source tools
Followers
github followers
Watchers
repo watchers
Open Issues
across all repos
Following
accounts followed
Member Since
github member
LANGUAGE BREAKDOWN
Loading…
05 // Contact

Let's Connect.

Follow my research, reach out for collaboration, or just say hello across these platforms.