Netacoding 🛡️
Dedicated to Low-Level Research and Cybersecurity Tools. Analyze internet protocols, master Assembly language, and use our professional-grade security toolkit for daily operations.
ICMP-Ghost v3.6.2: Fileless C2 with Dual-Channel Protocol Pivoting, VTable Architecture & Full DPI Evasion
Ghost-C2 v3.6.2 introduces Dual-Channel Protocol Pivoting via an in-memory VTable architecture — seamlessly switching between Raw ICMP and DNS UDP tunneling at runtime. Combined with PIC injection, VESQER compression, and layered evasion, it defeats Suricata v8.0.3. All in pure x64 Assembly.
Pure Assembly vs C/Rust: Why Language Choice Matters for Malware Evasion
Most people assume the language doesn’t matter — only behavior does. This post breaks down exactly why that assumption is wrong, with empirical evidence and real-world test results.
Dissecting LockBit 5.0 Linux: A Deep Dive into Offline-Capable Ransomware
LockBit 5.0 Linux encrypts files with zero network activity, uses ChaCha20 with Curve25519 key exchanges, and actively evades strace-based monitoring. This post documents the full analysis pipeline: eBPF tracing, static RE with Ghidra, and triple-confirmed network behavior analysis.
The 'Lone Wolf' Illusion in Systems: AI Firewall Nonsense and the Revenge of Determinism
A technical analysis of why deterministic security problems cannot be solved with probabilistic AI solutions, and why container/RBAC approaches provide stronger guarantees.
Timed Noise: LCG-Based Jitter in x64 Assembly
Fixed-interval sleeps make system behavior predictable. Break that pattern with LCG-based jitter — combine rdtsc entropy with LCG scrambling and deliver randomized delays via nanosleep.
Blinding AI Scanners and Static Analysis Engines: Polymorphic CFG Breakers in x64 Assembly
Static analysis tools like Ghidra and AI-driven EDRs rely on branching instructions to map malicious behavior. Discover how replacing JMPs with CMOV instructions creates a ‘Flat Graph’ illusion that completely blinds heuristic engines.
Evasion Techniques in Pure x64 Assembly: SROP and Zero-Copy Injection
Combining SROP with Syscall 311 provides a stealthy way to load shellcode. Learn how to hide syscalls and manipulate context while surviving the debugging hell of unnoticeable opcodes.
VESQER: Building a DPCM+RLE Hybrid Compressor in Pure x64 Assembly
I accidentally reinvented a 1970s telecom algorithm at 5 AM while trying to shrink C2 payloads. Here’s how it works, why it’s effective, and a full walkthrough of the x64 Assembly implementation.
Introduction to Position Independent Code (PIC) Architecture
Break free from compiler constraints. Explore how to write Sectionless x64 Assembly, manipulate the stack for dynamic Read-Write (R-W) memory, and build reliable, position-independent foundations from scratch.
Building a Reverse Shell in x86-64 Assembly: A Syscall Chain Deep Dive
Learn how to chain socket creation, connection, file descriptor redirection, and process execution to build a functional reverse shell entirely in x86-64 assembly using PIC architecture.