https://mooolight.github.io/A blog about pentesting, red teaming and malware with a focus on Windows security research. 2026-03-20T18:17:51+00:00 https://mooolight.github.io/ Jekyll © 2026 /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png 2026-03-20T17:00:00+00:00 2026-03-20T17:00:00+00:00 https://mooolight.github.io/TryHackMe-Certs/

TryHackMe Certifications - Timeline (2022 - 2024)

2025-06-19T17:00:00+00:00 2025-06-19T17:00:00+00:00 https://mooolight.github.io/Reversing-Ekko/

What is Ekko? Similar to Gargoyle, Ekko is a malware evasion technique as well that relies on a time window to wait before it modifies the payload’s memory region as executable again and then proceeding to actual execution instead of a detour. Reversing Ekko #include <windows.h> #include <stdio.h> #define _CRT_RAND_S #include <stdlib.h> #define NT_SUCCESS(Status) ((NTSTA...

2025-05-29T17:00:00+00:00 2025-06-27T01:48:45+00:00 https://mooolight.github.io/Reversing-Gargoyle/

What is Gargoyle? Gargoyle is a malware evasion technique that hides in plain sight (from an AV perspective). Unlike traditional malware, Gargoyle understands that AVs and EDRs will trigger to do memory scanning given some suspicious event or action from a process which in this case is process injection. AVs will do memory scan on the suspicious process’ executable region which Gargoyle utiliz...

2024-09-19T05:00:00+00:00 2025-03-11T15:27:33+00:00 https://mooolight.github.io/Threat-Hunting-Pivoting/

Questions: Is your organisation’s network robust enough to spot lateral movements of adversaries within your systems? Can you detect unusual network activities or illicit privilege escalation that could indicate a pivot attack? Can you use network telemetry and analytics to identify abnormal behaviour and halt lateral movement before it wreaks havoc? Example diagram: These are e...

2024-09-19T05:00:00+00:00 2024-10-01T20:22:20+00:00 https://mooolight.github.io/Threat-Hunting-Hunt-Me-II-Typo-Squatters/

Hunt Me II - Typo Squatters