Prajwal's Blog

So I was selected in one of the teams Sheridan is sending for cybersci and that meant I gotta prepare myself for the challenge, and what better way to do it than try a hard lab (I should have started with something easier, but atleast the pain was a learning experience). This is my writeup for BrainPan 1, or as I like to call it Brain Pain.

So my previous escapades into windows shellcoding led to me choosing to be more ambitious and thus deciding to try and make a Null byte free, Position Independent shellcode and embed that into an windows utility and having the shellcode to be executed by hijacking a ret call.

Basic Facts Components -         PASTA_MENTOR_PROMO_DEAL_agreement.docx.scr       (Initial Stage) [Program1.exe]      sha256 8d204db953fd7d637f8718f56fbecfbf93ebcc8e7402ce71d5c52b01689777a2       Program1.main.exe        (Second Stage) [Runs under InstallUtil.exe]      sha256 c7ce154d0ab5aec517829623f7b3b30a4e0ea6dc981fdf13134a8f263a062a9a   Malware Type: Injector/Info-Stealer  Windows PE | C# (stage 1) | Nim (stage 2)   --*--*--

In light of my previous success with handling windows API inside shellcode, I wanted to experiment more with what I had learnt.

I was busy making some mini hells for challenges for ISSessions CTF 2025, when I stumbled upon the idea of incorporating shellcode into it while learning about how to create malware (nothing illegal, promise). 

My first challenge as a part of the PMAT course, I have been provided a binary and been asked to analyse it, employing basic static and dynamic analysis methodologies I've learnt.

Very similar to the last lab, however this one focuses on analysis of the reverse shell malware.

The lab instructions are precise and we've got the hashes for the malware this time.