jm33_ng
  • Malware
  • Misc
  • Programming
  • R&d
  • Tools
  • Vulnerabilities
  • RSS

jm33_ng


cyber security / noob developer / poor English

Reversing a Nim-based APT Sample with Ghidra and x64dbg

Date Fri 14 November 2025 Tags ghidra / nim / reversing / windows / x64dbg / malware

banner

Introduction

This article is not just about analysing a malware sample, it's more about sharing my malware analysis methodology in general, and the sample I used has some interesting characteristics that make it a good candidate for demonstration.

The sample is from a Chinese APT group known as RedDelta. The …

View comments.

more ...

Offensive CGO - An ELF Loader

Date Fri 24 January 2025 Tags golang / elf / loader / cgo / redteam / linux

code screenshot

TL;DR

emp3r0r is a C2 framework written in pure Go. For many years, I have been building it without CGO because of annoying dependencies (glibc) that prevent the agent from running on some systems, that also ruled out the possibility of using CGO to compile agent in DLL or …

View comments.

more ...
  • «
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • »

About jm33

Who

  • Resume

Contact

  • Email

  • Mastodon

  • Leave a message

  • Social

    • Twitter
    • GitHub
    • LinkedIn

  • Recent Posts

    • Reversing a Nim-based APT Sample with Ghidra and x64dbg
    • Offensive CGO - An ELF Loader
    • My 2024
    • Reversing a Go Malware Using Ghidra
    • Secure Boot in Arch Linux

  • Tags
    • 2024
    • 404
    • 443
    • active directory
    • ad
    • announcement
    • antivirus
    • anyconnect
    • apache
    • arch
    • assembly
    • asu
    • backdoor
    • baidu
    • blackhat
    • bridge
    • C#
    • career
    • censorship
    • cgo
    • cisco
    • code maintainance
    • compton
    • conhost
    • conpty
    • Coursera
    • credential harvesting
    • crypto
    • cryptography
    • CVE
    • CVE-2018-18955
    • CVE-2018-7750
    • diary
    • DNS污染
    • DPI
    • elf
    • email
    • emp3r0r
    • exploit
    • file transfer
    • gdb
    • gfw
    • ghidra
    • github
    • Glowing Bear
    • golang
    • gpu
    • great wall
    • greatwall
    • hacking
    • hacking tool
    • HiWiFi
    • HTTP2
    • https
    • injection
    • IRC
    • 极路由
    • KCP
    • kcptun
    • kernel
    • killer
    • lede
    • libvirt
    • life
    • linux
    • linux kernel
    • lkm
    • loader
    • log cleaner
    • LPE
    • macos
    • malware
    • mass exploit
    • mec
    • mentohust
    • Misc
    • mouse
    • multi-threaded crawler
    • namespace
    • natural scroll
    • netcat
    • network
    • nic
    • nim
    • obfs4
    • obfsproxy
    • ocserv
    • openwrt
    • paramiko
    • pentest
    • pep8
    • PGP
    • pi
    • port-forwarding
    • post-exploitation
    • privilege escalation
    • programming
    • project
    • proxy
    • ptrace
    • PTRACE_TRACEME
    • python
    • pythonic
    • qemu
    • QQ
    • quote
    • RCE
    • redteam
    • reverse shell
    • reversing
    • rootkit
    • s2-045
    • scanner
    • scramblesuit
    • secure boot
    • sfu
    • shadowsocks
    • shadowsocks-plus
    • shell
    • shellcode
    • socket
    • SS
    • ssh
    • ssh-harvester
    • sshd
    • SSL
    • Stanford
    • sudo
    • switch
    • systemd
    • terminal
    • Thomas Jefferson
    • TMUX
    • tools
    • trasparent proxy
    • vim
    • virtualbox
    • virtualization
    • vpn
    • wayland
    • web
    • weechat
    • windows
    • windows domain
    • windows server
    • x64dbg
    • xfce4
    • xfwm
    • xhost
    • xml
    • zoomeye
© 2025 jm33-ng - About this site

Creative Commons License Content licensed under a Creative Commons Attribution-NonCommercial 4.0 International License, except where indicated otherwise.

Images hosted on this site are either my own or from the Internet