- 🧪 Malware Internals & Threat Hunting: Specializing in Windows internals, EDR evasion, and reverse engineering @ Cytomate
- 🧵 Tech Stack: Rust, Go, C/C++, x86/x64 Assembly, PowerShell, Bash
- 🛠️ Focus Areas: Exploit dev, AD pentesting, shellcode encryption, offline vuln scanning
- 🛰️ Learning Lane: Post-Quantum Cryptography, Quantum Computing, Network Forensics
- 🤝 Collab Goals: Offensive/defensive open-source tools (ethical, lawful research)
- 🧰 Day Job: Reverse → Break → Detect → Repeat
Note: All experiments conducted in controlled lab environments for R&D and defense.
user@lab:~$ whoami && hostname && date
noman psiberus-lab $(now)
OS: Win11/Kali/Arch | Editor: nvim + VSCode + CLion
Stacks: Rust • Go • C/C++ • Python • TS • Assembly
Targets: Win32/64, AD, browsers, Office, network toys
Lab: VMware/Hyper-V • AD forest • ELK • MDE • Sysmon • Zeek
- Psiberus: Rust + Go + Tauri adversary-sim suite. Agent, operator UI, MQTT/RabbitMQ backend, ELK/MDE/Sysmon telemetry
- Shifa SSO Platform: Hospital-grade SSO for Oracle Forms 11g/12c with AD/Kerberos auth, custom token handoff, JCI/ISO 27001 compliance
- Rust Metrics → WS Gateway: System metrics (CPU, disk, thermals) streamed to Tauri UI via WebSocket
- Go Microservices: Gin APIs, MQTT listeners, Oracle/MariaDB clients, C2-lite task runners, Windows service lifecycle
- Offline Vuln Scans: OpenSCAP, Lynis, CVE Binary Tool scripts for air-gapped Linux/macOS/Windows, mapping to CVEs
- FastAPI CVE Manager: JWT-auth app for generating/downloading CVE check scripts, optimized for Google Cloud
- Shellcode Encryption: Go-based AES-256-CTR encryption/decryption with hexdump output for loaders
- AD Pentesting Suite: Credential dumping, password spraying, and privilege escalation using Mimikatz, CrackMapExec, Impacket
- Windows Service Monitor: Go program for OCT folder monitoring and secure uploads, running as a Windows service
Repo hub: github.com/NomanNasirMinhas
- Windows Internals & Evasion: DLL unhooking, ETW/AMSI patching, section-remap loaders, thread hijack/APC, token/handle manipulation
- Auth/AD Tradecraft: NTLMv1/v2 capture (Inveigh/Responder), Hashcat cracking, BloodHound pathing, Impacket ops
- Network Forensics: Zeek/Suricata signals, PCAP triage, WPAD/Proxy research, TLS fingerprinting
- Crypto/PQC: Kyber/Dilithium studies, secure channel design, key management
- Languages: C, C++, Rust, Python, Go, Assembly, PowerShell, Bash
- Cyber Skills: Exploit Development, Reverse Engineering, Network Pentesting, Web3 Security, AD Attacks, Vulnerability Scanning
- Software Skills: FastAPI, Dockerized Deployments, Offline Auditing, Shellcode Encryption
- Tools: IDA Pro, Ghidra, Wireshark, Metasploit, Burp Suite, Volatility, Nmap, OpenSCAP, Lynis, CVE Binary Tool, Mimikatz, CrackMapExec, Impacket, sqlmap, BloodHound, Sysmon, Zeek
- Workflows: Chat, video, schedules, lab results with privacy-by-design
- Standards: JCI, ISO/IEC 27001:2022 (RBAC, audit trails, least privilege)
- Medium @malicious-dll
- Topics: Loader design, ETW/AMSI research, token/handle internals, memory forensics, AD attack/defense
- 💬 Ping me about GoLang, Rust, Networking, Cyber Ops, Exploit Dev
- 📧 Transmit to: [email protected]
- 🌐 Base station: beacons.ai/malicious.dll
- 📫 Email: [email protected]
- 🧭 Links hub: beacons.ai/malicious.dll
- 🐦 Twitter/X: @malicious_dll
"Break the system, secure the future."
🦂 Malware Slayer | Code Alchemist | Red Team Operative
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢠⠶⠶⠤⣄⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢸⣆⡀⠀⠈⠳⣄⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠻⢿⣶⣤⣤⣽⣆⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⢿⡿⠛⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⢀⣠⠤⠤⠤⠤⠤⢤⣤⣀⠀⠀⣸⣇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⣴⠋⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠻⣾⣿⣧⣀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⢸⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠙⠻⢿⣿⣶⣤⣀⡀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠸⣿⣦⣀⠀⢀⣠⠤⠤⠤⠤⣀⠀⠀⠀⠀⠀⠈⠉⠉⠙⠛⠓⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠈⠻⠿⡿⠛⠁⠀⠀⠀⠀⠀⠉⠓⠂⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⢶⣶⣶⣶⣶⣶⣶⣶⣶⣶⣶⣶⣶⣶⣶⣶⣶⣶⣶⣶⣶⣶⣶⣶⣶⣶⣶⣶⣶⣶⣶⡶
⠀⠘⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠃
⠀⠀⠈⠻⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠟⠁⠀
⠀⠀⠀⠀⠀⠀⠉⠙⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠛⠉⠀⠀⠀