8 juin 2024

À propos du candidat



sécurité informatique et cybersécurité
École Nationale des Sciences Appliquées d’Oujda

Travail et expérience

cybersecurity consultant intern 05/02/2024 - 05/06/2024

The main tasks include: --->Intellectual property protection using remote code execution: In this task, I'm focusing on protecting our code from reverse engineers and preventing the theft of intellectual property using this technique. -->Malware Development: In this task, I'm creating malware that can evade detection by Windows Defender. --> Reverse engineering of DLL: In this task, I'm involved in reverse engineering a DLL used for Command and Control (C2). This DLL disables AMSI by patching the 'AmsiScanBuffer' function and also disables a function of ETW (Event Trace for Windows) by patching 'EtwEventWrite'. --> Creation of my own DLL capable of patching AMSI and ETW. --> Developing techniques to evade advanced AV vendors (such as Kaspersky): In this task, I developed advanced techniques to evade detection by Kaspersky. One of these techniques involves packing and making direct syscalls, as well as using cryptographic algorithms like XOR and RC4 to obfuscate code. Programming Languages used: C# ,C++, Python, Assembly Reverse engineering tools: IDA Pro , Ghidra Debuggers tools: X64dbg,WinDBG