abdellah.oullaij
À propos du candidat
Lieu
Éducation
Travail et expérience
The main tasks include: --->Intellectual property protection using remote code execution: In this task, I'm focusing on protecting our code from reverse engineers and preventing the theft of intellectual property using this technique. -->Malware Development: In this task, I'm creating malware that can evade detection by Windows Defender. --> Reverse engineering of DLL: In this task, I'm involved in reverse engineering a DLL used for Command and Control (C2). This DLL disables AMSI by patching the 'AmsiScanBuffer' function and also disables a function of ETW (Event Trace for Windows) by patching 'EtwEventWrite'. --> Creation of my own DLL capable of patching AMSI and ETW. --> Developing techniques to evade advanced AV vendors (such as Kaspersky): In this task, I developed advanced techniques to evade detection by Kaspersky. One of these techniques involves packing and making direct syscalls, as well as using cryptographic algorithms like XOR and RC4 to obfuscate code. Programming Languages used: C# ,C++, Python, Assembly Reverse engineering tools: IDA Pro , Ghidra Debuggers tools: X64dbg,WinDBG