Skip to content
View darksys0x's full-sized avatar
🎯
Focusing
🎯
Focusing
7 followers · 38 following

Achievements

Achievement: YOLOAchievement: Arctic Code Vault ContributorAchievement: Pull Shark

Achievements

Achievement: YOLOAchievement: Arctic Code Vault ContributorAchievement: Pull Shark

Organizations

@cpl-malware-research

Block or report darksys0x

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
darksys0x/README.md

x64dbg [profile.bin] - Suspended at entry breakpoint

d a r k s y s 0 x

Blog Profile views

About Me

Cyber security professional focused on DFIR, malware analysis, reverse engineering, and IT/OT security. My day-to-day mixes incident response with hands-on work in Windows internals, kernel debugging, and vulnerability research.

  • Building and breaking things at the intersection of forensics and low-level systems
  • Publishing original research at darksys0x.net
  • Currently working on Windows artifact collection tooling and offensive security research
  • Areas of interest: Windows internals, kernel debugging, EDR development, exploit research, threat hunting
  • Applying machine learning to malware detection, family classification, and automated function identification in reverse engineering
  • Exploring applied ML beyond security — including computer vision on remote-sensing / satellite imagery

Currently Debugging

BP 0x00   EDR detection logic                        ; building
BP 0x01   ML — malware family classification         ; researching
BP 0x02   Windows kernel exploitation primitives     ; studying
BP 0x03   darksys0x.net technical writeups           ; writing

Stack & Tools

  • Languages C C++ Python Assembly PowerShell JavaScript

  • Reverse Engineering & Debugging IDA Pro Ghidra WinDbg x64dbg

  • DFIR Platforms Magnet AXIOM FTK Imager Volatility KAPE

  • OS & Environments Windows Linux

  • Machine Learning & Data PyTorch scikit-learn TensorFlow Pandas NumPy OpenCV

GitHub Stats

GitHub Stats Top Languages

Research & Writing

I write about Windows internals, vulnerability research, malware reverse engineering, and DFIR methodology on my blog:

Selected topics:

[CVE-RESEARCH]   ASP.NET VIEWSTATE deserialization in Microsoft Exchange OWA
[DFIR]           Windows forensic artifact collection at scale
[MALWARE]        Manual unpacking & anti-debug bypass on commodity stealers
[ML / DFIR]      PE features, opcode n-grams, behavioral classification, function identification
[ML / VISION]    Computer vision on remote-sensing / satellite imagery (private)

Selected Projects (.exports)

Address Function Description Stack
sub_401000 H9 Automatic dynamic malware detection — behavioral analysis for runtime classification C++
sub_401200 Ransomware_Key_BruteForce Cryptographic brute-force tooling for recovering keys from ransomware-encrypted artifacts C++
sub_401400 LogsAnalytics Log parsing and analytics utilities for incident response and threat hunting JavaScript
sub_401600 Reverse-function Function-level reverse engineering utilities C++
sub_401800 HM1-webshell-bruteForce Webshell credential brute-force tool for offensive security testing C
sub_401A00 LMS Legal Management System — full-stack web application (side project) JavaScript
sub_401C00 Collector (private) Windows forensic artifact collector covering 40+ artifact types (MFT, USN Journal, timestomping detection) C / Win32 API

Engagement-specific tooling and ongoing private research are not published.

Contact

"Trust the artifacts, not the assumption."

Pinned Loading

  1. Ransomware_Key_BruteForce Ransomware_Key_BruteForce Public

    C++ 1

  2. TheLawyers/LMS TheLawyers/LMS Public

    Legal Management System

    JavaScript 1 2

  3. LogsAnalytics LogsAnalytics Public

    JavaScript 1

  4. H9 H9 Public

    Automatic dynamic malware detection

    C++ 1

  5. -Reverse-function -Reverse-function Public

    C++

  6. HM1-webshell-bruteForce HM1-webshell-bruteForce Public

    C 1