Year: 2025

Insomni’hack 2025 – GuLosity writeup

The challenge

A malware was provided from a real DFIR case that occurred in January 2024. The final payloads were disarmed here, to allow the analysts to dissect the binary safely until they fully understand the execution chain of a reflective shellcode loader named GuLoader [which initially led to the delivery of Remcos RAT with an additional keylogger, but the original nasty shellcodes were replaced by benign ones to provide the most realistic challenge].

Continue reading Insomni’hack 2025 – GuLosity writeup

Reinventing PowerShell in C/C++

I like PowerShell, I like it a lot! I like its versatility, its ease of use, its integration with the Windows operating system, but it also has a few features, such as AMSI, CLM, and other logging capabilities, that slow it down. You know, I’m thinking about the performance gain here. I believe my scripts could run a lot faster without them.

Jokes aside, I know that a lot has already been done around this subject, but I wanted to approach the problem in a slightly different way than the existing projects. So, I worked on a way to instantiate a full-blown PowerShell console using only native code, which allowed me to do some “cleaning” at the same time.

Continue reading Reinventing PowerShell in C/C++