Solutions Overview

Solution Search

Solution	Author	SHA256	Difficulty	Tags	Likes	Posted
AlmondRAT Analysis	0xdeluks	`55901c2d5489d6ac5a0671971d29a31f4cdfa2e03d56e18c1585d78547a26396`	easy	string deobfuscation .net rat almondrat		05 Jan 2026
JScript Loader Analysis	0xdeluks	`5bc8b1a067ec4b487e88c2bb93728158633f4fdf22b111d5562cbb4ad3426d30`	medium	loader js obfuscated stage 1		05 Jan 2026
Office Dropper	0xdeluks	`9887f1e95b4e11825941bd207400d1cc1580a7d438969f6c8d8c656551d339e2`	easy	loader macro office		05 Jan 2026
Finding the next stage in a Word Document abusing VSTO functionality	0xdeluks	`56f5623daa470bee190ae0ecd961be8e6df71c8da1ccf7b268fe876b84c183d9`	easy	loader msoffice openxml vsto add-in		20 Jan 2026
Malicious .docx Analysis	ge0lev	`56f5623daa470bee190ae0ecd961be8e6df71c8da1ccf7b268fe876b84c183d9`	easy	loader msoffice openxml vsto add-in		24 Jan 2026
Malicious .docx Analysis	ge0lev	`29325e23a684f782db14a1bf0dc56c65228e666d1f561808413a735000de3515`	easy	loader msoffice external template openxml		26 Jan 2026
Analysis Report: AlmondRAT (stdrcl.exe)	hexwarden	`55901c2d5489d6ac5a0671971d29a31f4cdfa2e03d56e18c1585d78547a26396`	easy	string deobfuscation .net rat almondrat		26 Feb 2026
SilentNight Analysis Report	hexwarden	`4029f9fcba1c53d86f2c59f07d5657930bd5ee64cca4c5929cbd3142484e815a`	medium	string deobfuscation		26 Feb 2026
Supper is served	humpty_tony	`61f8224108602eb1f74cb525731c9937c2ffd9a7654cb0257624507c0fdb5610`	medium	rat revshell windows		04 Jan 2026
Install Linters, Get Malware - DevSecOps Speedrun Edition	humpty_tony	`5bed39728e404838ecd679df65048abcb443f8c7a9484702a2ded60104b8c4a9`	medium	api hashing anti-vm supply chain		04 Jan 2026
Dissecting a fresh BlankGrabber sample	humpty_tony	`94237eac80fd2a20880180cab19b94e8760f0d1f06715ff42a6f60aef84f4adf`	medium	python stealer		04 Jan 2026
Windows Shortcut (.LNK)	hwangstice	`95a636c2b3af0bc69cc05f7b32281ff17c58cbe637bec5f8918f7514a5f37e09`	easy	lnk godmode		13 May 2026
Programmatically NOP the Current Selection in Ghidra	larsborn	`0b38ca277bbb042d43bd1f17c4e424e167020883526eb2527ba929b2f0990a8f`	medium	obfuscated rat windows scripting		05 Jan 2026
Defeating Sodinokibi/REvil String-Obfuscation in Ghidra	larsborn	`5f56d5748940e4039053f85978074bde16d64bd5ba97f6f0026ba8172cb29e93`	medium	string deobfuscation ransomware revil		07 Jan 2026
Use Ghidra to decrypt strings of KpotStealer malware	larsborn	`67f8302a2fd28d15f62d6d20d748bfe350334e5353cbdef112bd1f8231b5599d`	medium	string deobfuscation		13 Jan 2026
Zloader String Obfuscation	larsborn	`4029f9fcba1c53d86f2c59f07d5657930bd5ee64cca4c5929cbd3142484e815a`	medium	string deobfuscation		13 Jan 2026
String Obfuscation in the Hamweq IRC-bot	larsborn	`4eb33ce768def8f7db79ef935aabf1c712f78974237e96889e1be3ced0d7e619`	easy	string deobfuscation		13 Jan 2026

Page 1 of 4

»