Writeups

Reverse engineering the worm payload via IAT resolution through sqlsort.dll — tracing the propagation logic from the UDP spray to the shellcode entry point.

Complete reverse engineering walkthrough of the Michelangelo DOS virus — boot sector infection, payload trigger logic, and disk overwrite mechanics.

Annotated walkthrough of the DOS7 sample — disassembly, infection mechanics, and payload analysis.

Annotated Hex-Rays decompilation of an x86_64 bot sample (with Joshua Harris) — beacon construction sending hashed bot_id / hostname / user to a C2 server, anti-debug timing checks, and consolidated obfuscation noise stripped down to intent.

Working through every exercise in xorpd's "little black book" — scanned handwritten notes for each snippet, covering bit manipulation, loop invariants, and obfuscation primitives.