index.html

---
layout: default
---

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Tools Heatmap</title>
    <style>
       body {
            font-family: Arial, sans-serif;
            background-color: #000;
            color: #fff;
            margin: 0;
            padding: 0;
        }
        header {
            text-align: center;
            padding: 50px 0;
            background-color: #333;
            color: white;
        }
      .content-section {
            width: 90%;
            max-width: 1200px;
            margin: 20px auto;
            padding: 20px;
        }
        .content-section h2 {
            color: #fff;
            border-bottom: 2px solid #fff;
            padding-bottom: 10px;
            margin-bottom: 20px;
        }
        .content-section p {
            line-height: 1.6;
            color: #ccc;
        }
    
/* Card Container Styling */
.card-container {
    display: flex;
    flex-wrap: wrap;
    gap: 20px;
    justify-content: center; /* Center cards on the page */
    padding: 20px; /* Add some padding around the cards */
}

/* Individual Card Styling */
.card {
    display: flex;
    flex-direction: row; /* Change to row for horizontal layout */
    width: 100%;
    max-width: 900px;
    border: 1px solid #ddd;
    border-radius: 8px;
    overflow: hidden;
    transition: transform 0.3s, box-shadow 0.3s;
    background-color: #fff;
}

/* Left Part Styling (Image) */
.card-image {
    width: 90%; /* Adjust width as needed */
    padding: 10px;
    display: flex;
    justify-content: center; /* Center image horizontally */
}

.card-image img {
    width: 100%;
    height: auto;
    object-fit: cover;
}

/* Right Part Styling (Heading and Description) */
.card-content {
    width: 100%; /* Adjust width as needed */
    padding: 10px;
    display: flex;
    flex-direction: column;
    justify-content: center; /* Center content vertically */
}

/* Heading Styling */
.card-content h3 {
    margin: 0;
    font-size: 1.2em;
    margin-bottom: 8px; /* Space between heading and description */
    color: #000;
}

/* Description Styling */
.card-content p {
    margin: 0;
    font-size: 0.9em;
    color: #555;
}
.card:hover {
            transform: scale(1.05);
        }
        .heatmap-container {
            display: grid;
            grid-template-columns: repeat(4, 1fr);
            gap: 15px;
        }
        .tool {
            position: relative;
            background-color: #e0e0e0;
            padding: 15px;
            border-radius: 8px;
            text-align: center;
            transition: background-color 0.3s ease;
            color: #000;
            cursor: pointer;
        }
        .tool:hover {
            background-color: #ffcccb; /* Heatmap hover effect */
        }
        .tool-name {
            font-weight: bold;
            margin-bottom: 10px;
        }
        .description {
            display: none;
            font-size: 14px;
            color: #0b0b0b;
            margin-top: 5px;
        }
        .tool:hover .description {
            display: block;
        }
        .download-link {
            margin-top: 10px;
            display: inline-block;
            text-decoration: none;
            color: #0066cc;
            font-weight: bold;
        }
        @media (max-width: 800px) {
            .heatmap-container {
                grid-template-columns: repeat(2, 1fr);
            }
        }
        @media (max-width: 500px) {
            .heatmap-container {
                grid-template-columns: 1fr;
            }
        }
        .iframe-container {
            border: 2px solid #ccc; /* Border around iframes */
            border-radius: 10px; /* Rounded corners */
            overflow: hidden;
            background-color: #fff; /* Background color of container */
            box-shadow: 0 2px 5px rgba(0,0,0,0.1); /* Subtle shadow */
            padding: 10px; /* Space inside the border */
            max-width: 2000px; /* Maximum width for large screens */
            box-sizing: border-box; /* Include padding and border in the element's total width and height */
        }

        iframe {
            width: 100%;
            height: 750px; /* Fixed height for all iframes */
            border: none; /* Remove default border */
        }
    </style>
  
</head>
<body>
    <div align="center">
        <img width="400px" src="Assets/RE.jpg" alt="Malware Series" />
    </div>
    <div class="content-section">
        <h2>C:\Users\Offensive-Panda>whoami</h2>
         <p><B>Usman Sikander</B> (a.k.a Offensive-Panda) is a seasoned security professional passionate to identifying and researching advanced evasion techniques, to develop a comprehensive understanding of threat tactics, techniques, and procedures (TTPs) through in-depth analysis of real-world attack scenarios, prominent Advanced Persistent Threat (APT) campaigns, and emerging evasion tactics for validating security postures through emulations. With a proven track record in developing exploits aligned with MITRE ATT&CK tactics and automating exploit processes, I excel in conducting comprehensive simulations within controlled environments that include all security controls. My primary objective is to identify the weaknesses, mis-configuration, vulnerabilities, validate the security controls, incident response capabilities and identify areas for improvement, deliver detailed threat analysis for proactive threat hunting, providing adversary attack paths, indicators of attack (IOAs), indicators of compromise (IOCs), and actionable mitigation strategies to strengthen and enhance an organisation's detection engineering capabilities.</p>
        <h2>Purpose</h2>
         <p>
            <h3>Malware Technical Analysis</h3><ul>
            <li>Dive deep into the anatomy of malware specimens.</li>
            <li>Detailed reports break down the structure, behavior, and attack vectors of different malware types.</li>
            <li>Shedding light on their inner workings.</li>
        </ul>
        
        <h3>Attacker TTP Extraction</h3>
        <ul>
            <li>Learn techniques to uncover the Tactics, Techniques, and Procedures (TTPs) used by threat actors.</li>
            <li>Understand their methodologies to improve threat intelligence.</li>
        </ul>
        
        <h3>Community Contributions</h3>
        <ul>
            <li>Encouragement for contributions from the cybersecurity community.</li>
            <li>Share your insights, analysis reports, or new YARA rules.</li>
            <li>Bolster the repository's knowledge base.</li>
        </ul>
     </p>
    <h2>Opensource And Commercial Tools</h2>
    <div class="heatmap-container">
        <div class="tool" onclick="window.location.href='https://github.com/fireeye/flare-vm'">
            <div class="tool-name">Flare-VM</div>
            <div class="description">A Windows-based virtual machine for reverse engineering and malware analysis, pre-configured with a wide range of tools.</div>
            <a href="https://github.com/fireeye/flare-vm" class="download-link">Download</a>
        </div>
        <div class="tool" onclick="window.location.href='https://remnux.org/'">
            <div class="tool-name">REMnux</div>
            <div class="description">A Linux toolkit for reverse engineering and analyzing malware, including tools for static and dynamic analysis.</div>
            <a href="https://remnux.org/" class="download-link">Download</a>
        </div>
        <div class="tool" onclick="window.location.href='https://github.com/dnSpy/dnSpy'">
            <div class="tool-name">dnSpy</div>
            <div class="description">A .NET assembly editor and debugger with a user-friendly interface for exploring and modifying assemblies.</div>
            <a href="https://github.com/dnSpy/dnSpy" class="download-link">Download</a>
        </div>
        <div class="tool" onclick="window.location.href='https://github.com/radareorg/cutter'">
            <div class="tool-name">Cutter</div>
            <div class="description">A Qt GUI powered by Radare2, designed for reverse engineering, binary analysis, and exploit development.</div>
            <a href="https://github.com/radareorg/cutter" class="download-link">Download</a>
        </div>
        <div class="tool" onclick="window.location.href='https://www.de.dziemba.org/detect-it-easy/'">
            <div class="tool-name">Detect-It-Easy</div>
            <div class="description">A tool to identify and analyze the type of executable files and their packers or crypters.</div>
            <a href="https://www.de.dziemba.org/detect-it-easy/" class="download-link">Download</a>
        </div>
        <div class="tool" onclick="window.location.href='https://sourceforge.net/projects/regshot/'">
            <div class="tool-name">RegShot</div>
            <div class="description">A tool for comparing the registry snapshots before and after a system change, useful for analyzing malware behavior.</div>
            <a href="https://sourceforge.net/projects/regshot/" class="download-link">Download</a>
        </div>
        <div class="tool" onclick="window.location.href='https://www.exeinfo.org/'">
            <div class="tool-name">ExeInfoPE</div>
            <div class="description">A tool for analyzing and identifying the properties of executable files, including file headers and possible packers.</div>
            <a href="https://www.exeinfo.org/" class="download-link">Download</a>
        </div>
        <div class="tool" onclick="window.location.href='https://github.com/De4dot/de4dot'">
            <div class="tool-name">De4dot</div>
            <div class="description">A deobfuscator for .NET assemblies, used to reverse engineer obfuscated .NET code.</div>
            <a href="https://github.com/De4dot/de4dot" class="download-link">Download</a>
        </div>
        <div class="tool" onclick="window.location.href='https://github.com/mandiant/capa'">
            <div class="tool-name">Capa</div>
            <div class="description">A tool for identifying capabilities in binaries using rule-based pattern matching, focusing on functionality and behavior.</div>
            <a href="https://github.com/mandiant/capa" class="download-link">Download</a>
        </div>
        <div class="tool" onclick="window.location.href='https://docs.microsoft.com/en-us/sysinternals/downloads/procmon'">
            <div class="tool-name">Procmon</div>
            <div class="description">A real-time system monitoring tool that provides detailed information about file system, registry, and process/thread activity.</div>
            <a href="https://docs.microsoft.com/en-us/sysinternals/downloads/procmon" class="download-link">Download</a>
        </div>
        <div class="tool" onclick="window.location.href='https://github.com/processhacker/processhacker'">
            <div class="tool-name">ProcessHacker</div>
            <div class="description">A powerful tool for managing and analyzing processes and system activity, providing features beyond the standard Task Manager.</div>
            <a href="https://github.com/processhacker/processhacker" class="download-link">Download</a>
        </div>
        <div class="tool" onclick="window.location.href='https://docs.microsoft.com/en-us/sysinternals/downloads/tcpview'">
            <div class="tool-name">TcpView</div>
            <div class="description">A tool that shows all open TCP and UDP endpoints on the system, including local and remote addresses, and their states.</div>
            <a href="https://docs.microsoft.com/en-us/sysinternals/downloads/tcpview" class="download-link">Download</a>
        </div>
        <div class="tool" onclick="window.location.href='http://pebear.sourceforge.net/'">
            <div class="tool-name">PE Bear</div>
            <div class="description">A tool for analyzing and modifying the Portable Executable (PE) structure of executable files, useful for reverse engineering.</div>
            <a href="http://pebear.sourceforge.net/" class="download-link">Download</a>
        </div>
        <div class="tool" onclick="window.location.href='https://www.winitor.com/'">
            <div class="tool-name">PE Studio</div>
            <div class="description">A static analysis tool for inspecting PE files, detecting malicious code, and providing insights into the file's structure and behavior.</div>
            <a href="https://www.winitor.com/" class="download-link">Download</a>
        </div>
        <div class="tool" onclick="window.location.href='https://www.wireshark.org/download.html'">
            <div class="tool-name">Wireshark</div>
            <div class="description">A network protocol analyzer that captures and inspects network traffic, providing detailed information about network packets and communications.</div>
            <a href="https://www.wireshark.org/download.html" class="download-link">Download</a>
        </div>
        <div class="tool" onclick="window.location.href='https://www.hex-rays.com/ida-pro/'">
            <div class="tool-name">IDA Pro</div>
            <div class="description">A disassembler and debugger for analyzing executable files, providing powerful tools for reverse engineering and vulnerability analysis.</div>
            <a href="https://www.hex-rays.com/ida-pro/" class="download-link">Download</a>
        </div>
        <div class="tool" onclick="window.location.href='https://github.com/gchq/CyberChef'">
            <div class="tool-name">CyberChef</div>
            <div class="description">A web-based tool for performing a wide range of data transformations and analyses, including decoding, encryption, and data manipulation.</div>
            <a href="https://github.com/gchq/CyberChef" class="download-link">Download</a>
        </div>
        <div class="tool" onclick="window.location.href='https://mh-nexus.de/en/hxd/'">
            <div class="tool-name">HxD</div>
            <div class="description">A hex editor for viewing and editing binary files, providing various features for data manipulation and analysis.</div>
            <a href="https://mh-nexus.de/en/hxd/" class="download-link">Download</a>
        </div>
        <div class="tool" onclick="window.location.href='https://ntcore.com/?page_id=388'">
            <div class="tool-name">CFF Explorer</div>
            <div class="description">A Portable Executable (PE) editor that provides detailed insights into file structures and allows modification of PE headers.</div>
            <a href="https://ntcore.com/?page_id=388" class="download-link">Download</a>
        </div>
        <div class="tool" onclick="window.location.href='https://www.virustotal.com/'">
            <div class="tool-name">VirusTotal</div>
            <div class="description">An online service that scans files and URLs for malware using multiple antivirus engines and provides comprehensive analysis reports.</div>
            <a href="https://www.virustotal.com/" class="download-link">Download</a>
        </div>
        <div class="tool" onclick="window.location.href='https://virustotal.github.io/yara/'">
            <div class="tool-name">YARA</div>
            <div class="description">A tool for identifying and classifying malware samples by creating custom rules and patterns for file analysis.</div>
            <a href="https://virustotal.github.io/yara/" class="download-link">Download</a>
        </div>
        <div class="tool" onclick="window.location.href='https://x32dbg.com/'">
            <div class="tool-name">x32dbg</div>
            <div class="description">A 32-bit debugger with a user-friendly interface for reverse engineering and debugging applications.</div>
            <a href="https://x32dbg.com/" class="download-link">Download</a>
        </div>
        <div class="tool" onclick="window.location.href='https://x64dbg.com/'">
            <div class="tool-name">x64dbg</div>
            <div class="description">A 64-bit debugger with powerful features for reverse engineering, debugging, and analyzing applications.</div>
            <a href="https://x64dbg.com/" class="download-link">Download</a>
        </div>
    </div>

<h2>Check Out My Articles</h2>
<div class="card-container">
    <!-- Card 1 -->
    <div class="card">
        <div class="card-image">
            <img src="Assets/DC_AI.jpg" alt="DCRat">
        </div>
        <div class="card-content">
            <h3>Dark Crystel RAT (DCrat) Detailed Analysis</h3>
            <p>An in-depth analysis of DCrat, the remote access trojan - a critical threat to organizations worldwide. 🌐🔒. Discover the multifaceted capabilities of DCrat, including remote control, keylogging, file manipulation, and data exfiltration.</p>
            <a href="https://medium.com/system-weakness/dark-crystel-rat-dcrat-detailed-analysis-94a2bcccd5ce" target="_blank" class="card-link">Read More</a>
        </div>
    </div>

    <!-- Card 2 -->
    <div class="card">
        <div class="card-image">
            <img src="Assets/async_AI.jpg" alt="AsyncRAT">
        </div>
        
        <div class="card-content">
            <h3>Unveiling the Intricacies of AsyncRAT</h3>
            <p>Technical analysis of the reemerged Blind Eagle threat group (𝐀𝐏𝐓-𝐂-36), known for its targeted phishing campaigns. 🛡️ In their latest tactic, they're masquerading as a Colombian government agency, aiming their cyberattacks at organizations within 𝐂𝐨𝐥𝐨𝐦𝐛𝐢𝐚 and Ecuador.</p>
            <a href="https://medium.com/@merasor07/unveiling-the-intricacies-of-asyncrat-a-deployment-in-colombia-by-the-blind-eagle-cyber-group-83b48cc415a7" target="_blank" class="card-link">Read More</a>
        </div>
    </div>

    <!-- Card 3 -->
    <div class="card">
        <div class="card-image">
            <img src="Assets/Sam_AI.jpg" alt="SamSam">
        </div>
        <div class="card-content">
            <h3>Unveiling the Intricacies of SamSam Ransomware</h3>
            <p>Detailed analysis and proactive threat emulation approach. I analyzed Samsam Ransomware sample which is exploiting windows systems. APT group was using multiple techniques to get initial access and executing malware on victim computer. For this variant, the initial access was done by using RDP Brute Force.</p>
            <a href="https://medium.com/@merasor07/unveiling-the-intricacies-of-samsam-ransomware-a-comprehensive-analysis-plus-proactive-threat-bee37979f407" target="_blank" class="card-link">Read More</a>
        </div>
    </div>
    </div>

    <h2>Analysis Repo</h2>
    <div class="card-container">
        <!-- Card 1 -->
        <div class="card">
            <div class="card-image">
                <img src="Assets/combo_AI.jpg" alt="All">
            </div>
            <div class="card-content">
                <h3>Malware Analysis GitHub Repo</h3>
                <p>This repository is dedicated to providing in-depth technical analysis of various malware strains, equipping security professionals, researchers, and enthusiasts with the knowledge and tools needed o counteract cyber threats effectively..</p>
                <a href="https://github.com/Offensive-Panda/MalwareAnalysis" target="_blank" class="card-link">Visit Repo</a>
            </div>
        </div>
        </div>
        <h2>Writeups For Cyber Community</h2>
        <div class="container">
            <div class="iframe-container">
                <iframe src="DCRAT.pdf"></iframe>
            </div>
            <div class="iframe-container">
                <iframe src="SamSam.pdf"></iframe>
            </div>
            <div class="iframe-container">
                <iframe src="AsyncRAT.pdf"></iframe>
            </div>
        </div>
        </div>

        <div class="references">
            <h2>References</h2>
            <ul style="list-style-type: none; padding: 0;">
                <li style="margin-bottom: 10px;">
                    <a href="https://attack.mitre.org/matrices/enterprise/" style="text-decoration: none; color: #007bff;">https://attack.mitre.org/matrices/enterprise/</a>
                </li>
                <li style="margin-bottom: 10px;">
                    <a href="https://www.linkedin.com/in/usman-sikander13/" style="text-decoration: none; color: #007bff;">https://www.linkedin.com/in/usman-sikander13/</a>
                </li>
                <li style="margin-bottom: 10px;">
                    <a href="https://medium.com/@merasor07" style="text-decoration: none; color: #007bff;">https://medium.com/@merasor07</a>
                </li>
                  <li style="margin-bottom: 10px;">
            <a href="https://cytomate.net" style="text-decoration: none; color: #007bff;">https://www.cytomate.net</a>
        </li>
            </ul>
        </div>
        <div class="disclaimer">
            <h2>Disclaimer</h2>
            <p>The content, techniques, and tools provided in this repository are intended solely for educational and research purposes within the cybersecurity community. I explicitly disclaim any responsibility for the misuse or unlawful use of the provided materials. Any actions taken based on the information are done so at the user's own risk.</p>
        </div>

</body>
</html>