// reverse_engineer && threat_intel_analyst

BreakingBinaries.

Reverse Engineering · Malware Analysis · Windows Internals · CTF

{ whoami }

I unweave malware, one byte at a time.

I am a Threat Intelligence Analyst based in Ireland, specializing in Reverse Engineering, Malware Analysis, and Windows Kernel Driver Development. I focus on dissecting advanced malware and conducting low-level security research, particularly on kernel-level threats. I actively participate in Reverse Engineering CTFs and undertake Hardware Hacking challenges to continually hone my skills.

⏪ Reverse Engineering🐛 Malware Analysis⚙️ Driver Development🐍 Python Programming©️ C Programming💾 x86-64 Assembly Programming🔧 Hardware Hacking

// experience.log

  • 2025 - Present

    Security Analyst (DIR)

    Squarespace Ltd. · Squarespace House, Dublin, Ireland

  • 2025 - 2025

    Cyber Threat Intelligence Analyst

    Bank of Ireland · Baggot Plaza, Dublin, Ireland

  • 2023 - 2025

    Threat Intelligence Analyst

    eSentire Inc. · Ballincollig, Cork, Ireland

  • 2022 - 2023

    Senior SOC Analyst

    eSentire Inc. · Ballincollig, Cork, Ireland

  • 2021 - 2022

    SOC Analyst I

    eSentire Inc. · Ballincollig, Cork, Ireland

Saptarshi Laha
Saptarshi LahaACTIVE · THREAT INTEL

MZ 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00

REMALCTFKRNHW
5+Years
9Writeups
5+Publications
{ disciplines }

What I do.

01

Malware Analysis

Static and dynamic dissection of real-world threats — loaders, stealers, backdoors. Payload decryption, C2 config extraction and IOC hunting.

Latrodectus·AMOS·Koi Loader·Oyster
02

Reverse Engineering

Windows internals, kernel driver development and low-level research. Reading x86-64 disassembly the way most people read prose.

IDA Pro·Ghidra·WinDbg·C / ASM
03

CTF & Hardware

Reverse engineering CTF challenges and hardware hacking projects — documented step by step, with challenge files to try yourself.

Zero Days·pycdc·Firmware·UART
{ featured_research }

Selected work.

01 / 05
Breaking the Base: AMOS Stealer’s Custom Base64 Secrets Exposed
Malware Analysis1st January, 2025

Breaking the Base: AMOS Stealer’s Custom Base64 Secrets Exposed

AMOS Stealer (also known as Atomic Stealer) is a sophisticated malware targeting macOS systems. It utilizes advanced encoding/encryption schemes to obfuscate its activities and evade detection. This analysis covers the malware’s C2 communication protocols, detection strategies, and one of the key encoding/encryption methods it employs. This is just one of several active encoding and encryption techniques used by AMOS currently, which contribute to its ongoing effectiveness in avoiding security measures and compromising systems. Understanding these tactics is crucial for enhancing defenses against this evolving threat.

Read writeup
Shell Shocked: The Oyster Backdoor Update
Malware Analysis15th September, 2024

Shell Shocked: The Oyster Backdoor Update

In September 2024, a new version of the Oyster Backdoor, also known as CleanUpLoader, was discovered. It spread through fake software downloads via ads on search engines, posing as legitimate applications like Teams, Edge, and Chrome. The malware was linked to a specific company issuing certificates and showed similarities to earlier Oyster campaigns.

Read writeup
Latrodectus: Unweaving the Web
Malware Analysis30th April, 2024

Latrodectus: Unweaving the Web

Unlock the secrets of Latrodectus, a cutting-edge loader malware shaking up the cybersecurity world. Explore its evolving delivery tactics, payload execution, and decryption strategies in a detailed analysis. Delve into the inner workings of this sophisticated threat and uncover its hidden complexities.

Read writeup
Koi Loader/Stealer: Part 1
Malware Analysis8th April, 2024

Koi Loader/Stealer: Part 1

Part 1 of the overview and analysis of the Koi Loader/Koi Stealer campaign will specifically delve into the initial delivery and loading mechanism. This section will detail the infection chain, behavior of various components, and functionalities of the associated malware. The purpose and function of each script and payload involved in the campaign, such as the batch script, JavaScript file, and PowerShell scripts, will be covered.

Read writeup
Zero Days CTF (2024) RE - 5
CTF Writeup7th April, 2024

Zero Days CTF (2024) RE - 5

In this final challenge of ZeroDays CTF 2024, participants are presented with a captivating reverse engineering task encapsulated in the 'the_kings_secret.zip' challenge. As we embark on this journey, we navigate through the provided ZIP file, unraveling its intricacies to uncover hidden insights and solutions. Join us as we delve into the depths of reverse engineering, exploring the complexities of executable analysis and decryption techniques to unlock the secrets concealed within.

Read writeup
00Years in Security
00Malware Deep-Dives
00CTF Writeups
00External Publications
{ latest_writing }

Latest writing.(14)

Malware

Breaking the Base: AMOS Stealer’s Custom Base64 Secrets Exposed

AMOS Stealer (also known as Atomic Stealer) is a sophisticated malware targeting macOS systems. It utilizes advanced encoding/encryption schemes to obfuscate its activities and evade detection. This analysis covers the malware’s C2 communication protocols, detection strategies, and one of the key encoding/encryption methods it employs. This is just one of several active encoding and encryption techniques used by AMOS currently, which contribute to its ongoing effectiveness in avoiding security measures and compromising systems. Understanding these tactics is crucial for enhancing defenses against this evolving threat.

cat writeup.md →
External ↗

Go Injector Leading to Stealers

External research published on esentire.com.

read on esentire.com ↗
Malware

Shell Shocked: The Oyster Backdoor Update

In September 2024, a new version of the Oyster Backdoor, also known as CleanUpLoader, was discovered. It spread through fake software downloads via ads on search engines, posing as legitimate applications like Teams, Edge, and Chrome. The malware was linked to a specific company issuing certificates and showed similarities to earlier Oyster campaigns.

cat writeup.md →
External ↗

The Gatekeeper's Secrets: DarkGate Malware Analysis

External research published on esentire.com.

read on esentire.com ↗
External ↗

More_eggs Activity Persists Via Fake Job Applicant Lures

External research published on esentire.com.

read on esentire.com ↗
External ↗

Fake Browser Updates delivering BitRAT and Lumma Stealer

External research published on esentire.com.

read on esentire.com ↗
Malware

Latrodectus: Unweaving the Web

Unlock the secrets of Latrodectus, a cutting-edge loader malware shaking up the cybersecurity world. Explore its evolving delivery tactics, payload execution, and decryption strategies in a detailed analysis. Delve into the inner workings of this sophisticated threat and uncover its hidden complexities.

cat writeup.md →
Malware

Koi Loader/Stealer: Part 1

Part 1 of the overview and analysis of the Koi Loader/Koi Stealer campaign will specifically delve into the initial delivery and loading mechanism. This section will detail the infection chain, behavior of various components, and functionalities of the associated malware. The purpose and function of each script and payload involved in the campaign, such as the batch script, JavaScript file, and PowerShell scripts, will be covered.

cat writeup.md →
CTF

Zero Days CTF (2024) RE - 5

In this final challenge of ZeroDays CTF 2024, participants are presented with a captivating reverse engineering task encapsulated in the 'the_kings_secret.zip' challenge. As we embark on this journey, we navigate through the provided ZIP file, unraveling its intricacies to uncover hidden insights and solutions. Join us as we delve into the depths of reverse engineering, exploring the complexities of executable analysis and decryption techniques to unlock the secrets concealed within.

cat writeup.md →
CTF

Zero Days CTF (2024) RE - 4

Dive into the intriguing world of binary analysis with the fourth challenge, 'acup.exe'. Discover the secrets hidden within this packed executable file, as we unravel its obfuscated code and delve into its cryptographic algorithms. Through meticulous examination, we uncover the ingenious methods employed to conceal its true purpose. However, the journey doesn't end there - further exploration reveals the key to decrypting the flag, awaiting those who dare to venture into the depths of its intricacies.

cat writeup.md →
CTF

Zero Days CTF (2024) RE - 1

Embark on the inaugural reverse engineering CTF challenge, 'mystery.pyc', to unravel Python's .pyc file intricacies. Explore compiled bytecode and decompiled output, culminating in flag reconstruction using CyberChef.

cat writeup.md →
CTF

Zero Days CTF (2024) RE - 2

In this challenge, we'll explore binary analysis, focusing on binary file formats, executable packers, and static analysis techniques. We'll examine the structure of executables, how packers like UPX compress them, and how to unpack and analyze such binaries using tools like HxD, Detect-It-Easy, and Binary Ninja. Through this exploration, we'll uncover hidden information and potential flags within binary files.

cat writeup.md →
CTF

Zero Days CTF (2024) RE - 3

This challenge involves navigating a compressed archive frequently utilized for software distribution and file archiving in Unix-like environments. The archive's dual compression method reduces file size effectively. Participants are tasked with exploring the archive's contents to gain insights, emphasizing asset analysis over immediate reverse engineering.

cat writeup.md →
External ↗

Fake Browser Updates Distribute LummaC Stealer, Amadey and PrivateLoader Malware

External research published on esentire.com.

read on esentire.com ↗
{ get_in_touch() }

Let's talk malware.

Research collaboration, threat intel exchange, CTF talk, or feedback on a writeup — reach out on any channel.