Rahul Mishra

I am a computer science and engineering student specialising in cyber security. here you will find all my learnings and projects which i am doing while exploring the world of cyber security.

Process Explorer

Process Explorer is a free, powerful system Monitoring tool from Microsoft’s Sysinternals suite that goes far beyond the builtin Task Manager. ‍ To ensure Process Explorer always runs with administrative privileges: Right‑click on procexp64.exe​ (or its shortcut) and select Properties. Switch to the Compatibility tab. Under Settings, check Run this program as an administrator. Click OK to save. ‍ ‍ There are more columns present here compared to task manager ...

July 16, 2025 · 11 min · 2202 words · Me

The Stack allignment problem

While learning about ret2libc exploitation, I encountered a stack alignment issue that initially confused me. After spending some time debugging, I finally understood why we add that extra ret instruct for the solution. I thought it would be valuable to share this insight with you all, in case it helps someone facing the same problem. ‍ Lets look at the memory layout ‍ Our key interest Right now, is the stack! ...

June 10, 2025 · 7 min · 1425 words · Me

Analysing Brbbot

In the previous article we unpacked the sample using various methods. In this post we will do static and dynamic analysis on the given sample. ‍ Static analysis The sample communicates over the internet, possibly to a C2 server, using DNS resolution, HTTP GET/POST, and low-level sockets. It builds and sends HTTP requests, reads headers, and handles responses. ‍ The malware uses encryption to protect its data or payload, likely for obfuscation or C2 encryption. ...

May 10, 2025 · 5 min · 935 words · Me

Return to mprotect (defeating NX)

Hello everyone! I’ve been exploring binary exploitation and found Return-Oriented Programming (ROP) really fascinating. In this post, I’ll share what I’ve learned so far. Since I’m still learning, if you spot any mistakes or have better ideas, please let me know! Before we dive in, make sure you’re familiar with buffer overflows and ret2libc attacks. If you’re already comfortable with those, great let’s get started! Otherwise, I recommend checking those topics first and then coming back here. ...

May 10, 2025 · 7 min · 1392 words · Me

Unpacking Malware

Malware Packing Packing is like wrapping a program in layers to hide its contents. Malware authors use packers to compress or encrypt the original program and add a small unpacking stub. The stub is a tiny piece of code that runs first. When the packed file is executed, the stub decompresses (or decrypts) the real malicious code into memory and then hands control to it (courses.cs.umbc.edu ,redscan.com). This means on disk you only see a wrapper, not the actual malware. Packing makes static analysis very hard, because the real code (and its strings or import table) stays hidden until runtime. ...

May 10, 2025 · 10 min · 1998 words · Me