About
[+] Malware Loving Homo Sapien
[+] I do = {xchg…
Activity
-
Kimsuky (#APT43) employs anti-forensics by deleting the PowerShell "ConsoleHost_history.txt" file which stores the PS console command history. #apt…
Kimsuky (#APT43) employs anti-forensics by deleting the PowerShell "ConsoleHost_history.txt" file which stores the PS console command history. #apt…
Shared by Niraj S
-
Brute Ratel v1.4.x crack leaked 💀 Licensed to: Rnd Lab - Delhi (daily[.]workmail22@gmail[.]com) #BruteRatel #c2 #leak #crack #cyber #dfir…
Brute Ratel v1.4.x crack leaked 💀 Licensed to: Rnd Lab - Delhi (daily[.]workmail22@gmail[.]com) #BruteRatel #c2 #leak #crack #cyber #dfir…
Shared by Niraj S
-
Wrote a PoC for OnMouseMove HTML file used in the Russian APT group campaign targeting Ukraine. A classic Anti-Sandbox technique =) Link:…
Wrote a PoC for OnMouseMove HTML file used in the Russian APT group campaign targeting Ukraine. A classic Anti-Sandbox technique =) Link:…
Shared by Niraj S
Experience & Education
-
SentinelOne
View Niraj’s full experience
See their title, tenure and more.
or
Publications
-
Steal-It Campaign
See publicationNew campaign dubbed as the "Steal-It" campaign where the threat actors steal NTLMv2 hashes, execute various system commands and exfiltrate the retrieved data via Mockbin APIs using geofenced precision. The campaign could be attributed to APT28 (aka Fancy Bear)
-
RAT as a Ransomware – An Hybrid Approach
Botconf 2023
See publicationPresented research at BotConf 2023 in Strasbourg, France
Courses
-
Zero2Automated The Advanced Malware Analysis Course
D01-4F0-1A8
Projects
-
Lnk2Vbs
-
See projectA Python script that embeds Target VBS into LNK and when executed runs the VBS script from within.
-
ImpulsiveDLLHijack
-
See projectC# based tool which automates the process of discovering and exploiting DLL Hijacks in target binaries. The Hijacked paths discovered can later be weaponized during Red Team Operations to evade EDR's.
-
pyc2bytecode
-
See projectA Python Bytecode Disassembler helping reverse engineers in dissecting Python binaries by disassembling and analyzing the compiled python byte-code(.pyc) files across all python versions (including Python 3.10.*)
-
WinRAR Code Execution Vulnerability (CVE-2023-38831)
-
Honors & Awards
-
I am Exceptional Award
Ernst & Young
Intellectually Stimulating: For successfully executing Ransomware and C&C simulation for one of the largest Global Investment Management firm
Languages
-
English
Full professional proficiency
More activity by Niraj
-
Give a man an 0day and he'll have access for a day, teach a man to phish and he'll have access for life. - @thegrugq #quotes #fridayquotes…
Give a man an 0day and he'll have access for a day, teach a man to phish and he'll have access for life. - @thegrugq #quotes #fridayquotes…
Posted by Niraj S
-
Forest Blizzard (#APT28) GooseEgg's help command Use the command line arguments "-?" or "--help" Ps. Analysis in progress #apt #GooseEgg #cyber…
Forest Blizzard (#APT28) GooseEgg's help command Use the command line arguments "-?" or "--help" Ps. Analysis in progress #apt #GooseEgg #cyber…
Shared by Niraj S
-
Forest Blizzard's (#APT28) GooseEgg batch script dumps SAM and LSA secrets, it also contains a remark indicating future script updates might include…
Forest Blizzard's (#APT28) GooseEgg batch script dumps SAM and LSA secrets, it also contains a remark indicating future script updates might include…
Shared by Niraj S
-
Legitimate binaries patched with ArguePatch loader by Sandworm aka APT44 Patched function vs Original function shown in the images #Sandworm #APT44…
Legitimate binaries patched with ArguePatch loader by Sandworm aka APT44 Patched function vs Original function shown in the images #Sandworm #APT44…
Shared by Niraj S
-
The tool I developed to analyze malicious OneNote documents - "OneNoteAnalyzer" is now a part of the Flare VM. Check it out! ✌ Flare VM:…
The tool I developed to analyze malicious OneNote documents - "OneNoteAnalyzer" is now a part of the Flare VM. Check it out! ✌ Flare VM:…
Shared by Niraj S
-
Code execution via Python path configuration (.pth) file. This technique could be used to maintain persistence on the machine as the .pth files are…
Code execution via Python path configuration (.pth) file. This technique could be used to maintain persistence on the machine as the .pth files are…
Shared by Niraj S
-
Analyzed the Kimsuky PowerShell Backdoor & published the commented enum detailing the backdoor commands & few notes regarding the commands - Link:…
Analyzed the Kimsuky PowerShell Backdoor & published the commented enum detailing the backdoor commands & few notes regarding the commands - Link:…
Shared by Niraj S
-
The Persistent XSS Vulnerability (CVE-2023-43770) which I reported in RoundCube Webmail was added to the Known Exploited Vulnerabilities (KEV)…
The Persistent XSS Vulnerability (CVE-2023-43770) which I reported in RoundCube Webmail was added to the Known Exploited Vulnerabilities (KEV)…
Shared by Niraj S
-
ISOON/Anxun's (Chinese #APT) WiFi Proximity Attack System deployed in target area could be disguised as a #Xiaomi Power Bank and has the capability…
ISOON/Anxun's (Chinese #APT) WiFi Proximity Attack System deployed in target area could be disguised as a #Xiaomi Power Bank and has the capability…
Shared by Niraj S
-
Sexology USB-Powered Vibrator delivering Lumma Stealer 💀 Infection Chain: #cyber #dfir #infosec #informationsecurity #cybersecurity #malware…
Sexology USB-Powered Vibrator delivering Lumma Stealer 💀 Infection Chain: #cyber #dfir #infosec #informationsecurity #cybersecurity #malware…
Shared by Niraj S
-
PoC showcases how the Threat Actor captured & exfiltrated credentials (base64 encoded) to the C2 for users logging into the ICS Web SSL VPN page by…
PoC showcases how the Threat Actor captured & exfiltrated credentials (base64 encoded) to the C2 for users logging into the ICS Web SSL VPN page by…
Shared by Niraj S
Other similar profiles
-
Hardik Jain
Connect -
Manisha Prajapati
Connect -
Ravi Rajput (Frustrated Researcher)
Core Team @Telecom Village Defcon Project Lead of AutoHackOS Author @AutoSecPro Course on @Pentestmag Ex-Null Ahmedabad Chapter Lead Automotive Security, Malware Dev, Vulnerability Research Trainer, Speaker & Mentor
Connect -
Niyati Daftary
Connect -
Adhokshaj Mishra
Connect -
Gayathri Anbalagan
Connect -
Artem Baranov
📌 Talks about cybersecutity, AI and Windows Internals
Connect -
Paul U.
dev | C5pider
Connect -
Avinash kumar
Manager, Malware Research ThreatLabs, Zscaler Inc.
Connect -
Manav Bardoliya
Threat Detection Engineer | Incident Response , Security Event Management, Automation, Threat Hunting
Connect
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore MoreOthers named Niraj S in India
-
Niraj S
Bachelor of Computer Applications (BCA) | Amrita Vishwa Vidyapeetham Mysore
-
niraj S
--
-
Niraj S
Business /Writer(Born:27/6/1981)
-
Niraj S
Attended Visvesvaraya Technological University
52 others named Niraj S in India are on LinkedIn
See others named Niraj S