Projects

Cybersecurity projects, tools, and research initiatives

ProjectJul 2, 2026

Dynamic Analysis of njRAT v0.6.4

This report presents a dynamic analysis of njRAT v0.6.4, following a previous static analysis of the same sample. Using VMware, FLARE VM, Process Monitor, Regshot, Wireshark, and FakeNet, the malware was executed in an isolated environment to validate hypotheses derived from static reverse engineering. The analysis confirms the dropper behavior, registry-based persistence, firewall modifications, TCP communication with the command-and-control infrastructure, and the initial C2 beacon containing host fingerprint information. It also identifies a secondary payload (windows.exe), compares runtime observations against static predictions, and highlights findings that remain inconclusive.

malware-analysisnjRATdynamic-analysisreverse-engineeringinfosec
ProjectJun 29, 2026

Static Analysis of njRAT v0.6.4

A static analysis of njRAT v0.6.4, a well-known Remote Access Trojan first observed in 2012 and linked to a developer known as njq8. The sample, obtained from the theZoo malware repository, was analyzed using DIE, strings, and dnSpy. Analysis reveals the main executable is a dropper that silently delivers two obfuscated payloads. The writeup covers dropper behavior, privilege escalation indicators, registry-based persistence, firewall modification, capability analysis including keylogging, credential theft, remote shell, and camera surveillance, as well as encryption indicators and attribution artifacts extracted from the binary. Several findings remain unconfirmed pending dynamic analysis.

malware-analysisstatic-analysisnjRAT RAT reverse-engineeringdotnet windows infosec
ProjectApr 13, 2026

Hardware Security Assessment: $10 IoT Camera Network Analysis

This report documents Part 2 of a hardware security assessment on a budget IoT camera ($10 USD). Through isolated network traffic analysis using Wireshark, I captured and analyzed the camera's network behavior. Key findings include: unencrypted bootloader communication, encrypted video stream on UDP port 34593 (local-only transmission), mandatory WireGuard VPN tunnel to manufacturer's server, and telemetry collection via msftconnect.com connectivity checks. The analysis reveals the device prioritizes cloud connectivity over local security, with all non-video traffic routed through an encrypted manufacturer-controlled tunnel.

Network AnalysisCCTVSecurity Research
ProjectApr 12, 2026

Hardware Security Assessment: $10 IoT Camera UART Extraction & Firmware Analysis

This report documents a hardware security assessment of a budget IoT camera ($10 USD). Through UART extraction and bootloader analysis, I successfully captured the full boot sequence, identifying critical firmware vulnerabilities: Ingenic XBurst T23 SoC with EOL U-Boot 2013.07 and Linux 3.10.14 kernel—both lacking 8+ years of security patches. The analysis reveals absent secure boot mechanisms, writable flash partitions, and exposed debug interfaces. Part 1 establishes the attack surface; subsequent phases will involve SPI flash extraction and network reconnaissance for deeper vulnerability mapping.

CCTVSecurity Research
ProjectFeb 2, 2026

ZTE ZXHN H298A Home Gateway – Hardware Recon & Boot Process Analysis

An initial hardware security assessment of the ZTE ZXHN H298A home gateway focusing on physical access, UART discovery, and boot process analysis. This post documents the methodology, extracted bootlogs, observed security mechanisms, and limitations encountered, with proposed next steps for deeper firmware and bootloader analysis.

IoTHardwareHacking
ProjectDec 30, 2024

Simple Physics Simulation: Humble Beginnings

The first part of a basic physics simulation developed in C. It models a particle subjected to gravitational forces aiming to model many general forces.

New ProjectPhysicsC