{
  "version": "https://jsonfeed.org/version/1.1",
  "title": "nil — Zohir Hakmi",
  "home_page_url": "https://zx41r.github.io/",
  "feed_url": "https://zx41r.github.io/feed.json",
  "description": "Reverse engineering, OS internals, memory forensics, and low-level security research.",
  "language": "en-US",
  "authors": [
    {
      "name": "Zohir Hakmi",
      "url": "https://zx41r.github.io"
    }
  ],
  "items": [
    {
      "id": "https://zx41r.github.io/posts/c00ked-d3v/",
      "url": "https://zx41r.github.io/posts/c00ked-d3v/",
      "title": "c00ked d3v Full NexZeroCTF OSINT/4n6 Chain",
      "summary": "Full solve for c00ked d3v recovering a scrubbed trail from GHCR layers to a dead host, then from deleted GitHub activity to a staging mirror, DNS TXT dead drop, and the final Gist.",
      "content_text": "Full solve for c00ked d3v recovering a scrubbed trail from GHCR layers to a dead host, then from deleted GitHub activity to a staging mirror, DNS TXT dead drop, and the final Gist.",
      "date_published": "2026-05-02T00:00:00.000Z",
      "date_modified": "2026-05-02T00:00:00.000Z",
      "tags": [
        "nexzeroctf",
        "github",
        "ghcr",
        "docker",
        "favicon-hash",
        "fofa",
        "urlscan",
        "github-api",
        "gitlab",
        "dns",
        "gist",
        "osint",
        "forensics"
      ],
      "authors": [
        {
          "name": "Zohir Hakmi",
          "url": "https://zx41r.github.io"
        }
      ]
    },
    {
      "id": "https://zx41r.github.io/posts/phobos/",
      "url": "https://zx41r.github.io/posts/phobos/",
      "title": "Phobos Ransomware — Malware Analysis Walkthrough",
      "summary": "Deep analysis of Phobos ransomware: encrypted configuration, process termination, persistence mechanisms, and file encryption strategies.",
      "content_text": "Deep analysis of Phobos ransomware: encrypted configuration, process termination, persistence mechanisms, and file encryption strategies.",
      "date_published": "2026-01-04T00:00:00.000Z",
      "date_modified": "2026-01-04T00:00:00.000Z",
      "tags": [
        "ransomware",
        "phobos",
        "ida-pro",
        "x32dbg",
        "aes-encryption",
        "crc32",
        "malware-analysis",
        "reverse-engineering"
      ],
      "authors": [
        {
          "name": "Zohir Hakmi",
          "url": "https://zx41r.github.io"
        }
      ]
    },
    {
      "id": "https://zx41r.github.io/posts/red-stealer/",
      "url": "https://zx41r.github.io/posts/red-stealer/",
      "title": "Red Stealer — Threat Intelligence Walkthrough",
      "summary": "Analyze a suspicious executable using VirusTotal and MalwareBazaar to extract IOCs, identify C2 infrastructure, MITRE ATT&CK techniques, and privilege escalation mechanisms.",
      "content_text": "Analyze a suspicious executable using VirusTotal and MalwareBazaar to extract IOCs, identify C2 infrastructure, MITRE ATT&CK techniques, and privilege escalation mechanisms.",
      "date_published": "2026-01-03T00:00:00.000Z",
      "date_modified": "2026-01-03T00:00:00.000Z",
      "tags": [
        "virustotal",
        "malwarebazaar",
        "threatfox",
        "redline-stealer",
        "ioc",
        "mitre-attack",
        "c2",
        "threat-intelligence",
        "malware-analysis"
      ],
      "authors": [
        {
          "name": "Zohir Hakmi",
          "url": "https://zx41r.github.io"
        }
      ]
    },
    {
      "id": "https://zx41r.github.io/posts/re101/",
      "url": "https://zx41r.github.io/posts/re101/",
      "title": "RE101 — Reverse Engineering Fundamentals Walkthrough",
      "summary": "Analyze diverse file types including binaries, obfuscated scripts, and corrupted archives using reverse engineering techniques to extract hidden flags.",
      "content_text": "Analyze diverse file types including binaries, obfuscated scripts, and corrupted archives using reverse engineering techniques to extract hidden flags.",
      "date_published": "2026-01-03T00:00:00.000Z",
      "date_modified": "2026-01-03T00:00:00.000Z",
      "tags": [
        "base64",
        "jsfuck",
        "brainfuck",
        "zip-repair",
        "stack-strings",
        "xor-encryption",
        "ida",
        "ghidra",
        "hex-editor",
        "malware-analysis",
        "reverse-engineering"
      ],
      "authors": [
        {
          "name": "Zohir Hakmi",
          "url": "https://zx41r.github.io"
        }
      ]
    },
    {
      "id": "https://zx41r.github.io/posts/ransomed/",
      "url": "https://zx41r.github.io/posts/ransomed/",
      "title": "Ransomed — Malware Analysis Walkthrough",
      "summary": "Dynamic analysis and memory forensics: stack-strings, API resolution, shellcode and process hollowing.",
      "content_text": "Dynamic analysis and memory forensics: stack-strings, API resolution, shellcode and process hollowing.",
      "date_published": "2026-01-02T00:00:00.000Z",
      "date_modified": "2026-01-02T00:00:00.000Z",
      "tags": [
        "process-hollowing",
        "shellcode",
        "x32dbg",
        "scdbg",
        "ida",
        "malware-analysis",
        "reverse-engineering"
      ],
      "authors": [
        {
          "name": "Zohir Hakmi",
          "url": "https://zx41r.github.io"
        }
      ]
    }
  ]
}