βββββββββββ ββββββββββββββ βββββββ βββββββ ββββ βββ
βββββββββββ ββββββββββββββ ββββββββββββββββββββββ βββ
ββββββββββββββββββββββ βββ βββ ββββββ βββββββββ βββ
ββββββββββββββββββββββ βββ βββ ββββββ βββββββββββββ
βββββββββββ βββββββββββββββββββββββββββββββββββββββ ββββββ
βββββββββββ ββββββββββββββββββββββββββ βββββββ βββ βββββ
[noman@psiberus-lab ~]$ id && uname -a && cat /etc/operator
uid=0(root) gid=0(root) groups=0(root),1337(red-team),31337(elite)
Linux psiberus-lab 6.x.x-hardened #1 SMP PREEMPT x86_64 GNU/Linux
OPERATOR : Noman Nasir Minhas ALIAS: Sheldon / malicious_dll
ROLE : Security Engineer β Offensive Ops & Adversary Emulation
ORG : Cytomate Solutions & Services β Doha, Qatar πΆπ¦
EDUCATION : MS Cybersecurity β Air University | IEEE Published Researcher
CLEARANCE : [REDACTED] β Need to know only
STATUS : ACTIVE β CRTO ββββββββββββββ 78%
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β CLASSIFICATION: [TOP SECRET // OFFSEC // RED CELL] β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ£
β OPERATOR : Noman Nasir Minhas β
β HANDLE : Sheldon / malicious_dll β
β MISSION : Break. Emulate. Detect. Harden. Repeat. β
β THEATER : Windows Internals Β· AD Β· EDR Β· Post-Exploitation β
β WEAPONS : Rust Β· Go Β· C/C++ Β· C# Β· Python Β· ASM β
β LAB ENV : VMware/Hyper-V Β· AD Forest Β· ELK Β· MDE Β· Sysmon β
β INTEL ORG : Cytomate Solutions β Adversary Emulation Division β
β FOUNDER : Psiberus LLC β Autonomous Adversary Sim Platform β
β RESEARCH : USPTO Patent 18/530,422 β Cytomate Threat Intel β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[noman@psiberus-lab ~]$ cat /var/log/active_ops.log
[+] ADVERSARY SIMULATION β Full-scope red team engagements @ Cytomate.
MITRE ATT&CK-mapped campaigns, purple team
pipelines, ASL-driven scenario automation
[+] KERNEL DRIVERS DEV β Windows kernel driver research in Rust (WDK).
EDR/AV internals, DKOM, callback manipulation,
minifilter drivers, object/handle hooking
[+] AD SECURITY RESEARCH β Cross-domain/forest trust attack chains,
Kerberos delegation abuse, ExtraSids golden
ticket forgery, DCSync, BloodHound pathing
[+] QUANTUM CYBERSECURITY β Post-quantum cryptography migration tooling,
Kyber-768 / Dilithium3 protocol integration,
quantum-safe secure channel design research
[+] EDR EVASION R&D β AMSI heap corruption (HAMSICONTEXT), ETW
patching, patchless syscall techniques, DLL
call tracing via Frida, hook evasion research
[+] PSIBERUS PLATFORM β Rust+Go+Tauri autonomous adversary sim suite.
MQTT/RabbitMQ C2 backend, ELK/MDE telemetryβοΈ Offensive Tooling (click to expand)
- AMSI Bypass: Heap corruption via
HAMSICONTEXT, patchless ntdll-level techniques, ETW patching - DLL Unhooking: Section remapping, fresh ntdll load, manual syscall resolution
- Process Injection: Fork-chain injection (Go), APC injection, thread hijack, shellcode fluctuation (Rust)
- Module Stomping:
dinvoke_rs-powered stomping with in-memory PE manipulation - Loaders: AES-256-CBC/CTR shellcode encryption/decryption; Zig-based loader with runtime decryption
- Frida Tracing: Cross-DLL call chain visibility with full forwarding chain resolution
- Kerberoasting / ASREPRoasting via Impacket / Rubeus
- Golden Ticket Forgery:
ExtraSidsfield manipulation for cross-domain trust attacks (child β parent) - DCSync / SecretsDump: Credential harvesting from domain controllers
- BloodHound: Graph-based attack path enumeration
- Forest Trust Pivoting: Inter-forest lateral movement (CONTOSO β ENCLAVE)
- Constrained Delegation Abuse: S4U2self / S4U2proxy exploitation
- ARP Poisoning (ARP-Puker): Gratuitous ARP MITM at Layer 2
- NTLMv1/v2 Capture: Inveigh / Responder relay chains
- WPAD / Proxy Abuse: Transparent traffic interception
- TLS Fingerprinting: JA3/JA3S analysis via Zeek
π¦ Languages & Runtimes
Language | Proficiency | Primary Use
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Rust | ββββββββββββ | Implants, drivers, ARP tooling, C2 agents
Go | ββββββββββββ | Microservices, C2 runners, network tools, loaders
C / C++ | ββββββββββββ | Malware internals, WinAPI, kernel research
C# | ββββββββββββ | .NET post-exploitation, Cobalt Strike BOFs
Python | ββββββββββββ | Automation, Impacket, tooling scripts
x86/x64 ASM | ββββββββββββ | Shellcode, syscall stubs, manual trampolines
PowerShell | ββββββββββββ | AD recon, living-off-the-land
Zig | ββββββββββββ | Shellcode loaders, cross-compilation experiments
π§ Tools & Frameworks
| Category | Tools |
|---|---|
| C2 Frameworks | Cobalt Strike, custom MQTT/RabbitMQ C2 (Psiberus) |
| RE / Analysis | IDA Pro, Ghidra, x64dbg, Frida, Volatility |
| Network | Wireshark, Zeek, Suricata, Nmap, Inveigh, Responder |
| AD Attacks | BloodHound, Impacket, CrackMapExec, Mimikatz, Rubeus |
| Web | Burp Suite, sqlmap, ffuf |
| Vuln Scanning | OpenSCAP, Lynis, CVE Binary Tool (air-gapped) |
| EDR/SIEM | MDE, Sysmon, ELK Stack, custom ETW consumers |
| Crypto | Kyber/Dilithium (PQC), AES-256 CTR/CBC, C2PA |
| Repo | Lang | TTP / Purpose |
|---|---|---|
| Offensive-Rust | π¦ Rust | C2 server Β· local/remote shellcode injection Β· WinAPI bindings |
| Offensive-Go | πΉ Go | GoShark (packet capture UI) Β· NetworkMonitor passive listener |
| Rust-Driver-Clone | π¦ Rust | Windows kernel driver (WDK) β EDR/AV internals research |
| ARP-Puker | π¦ Rust | Gratuitous ARP poisoning Β· Layer-2 MITM packet interception |
| binary-to-shellcode | π§ Multi | PE β PIC shellcode conversion with encryption support |
| CPP-Utils | βοΈ C++ | Utility library for malware/offensive tooling (MSVC) |
| Pentesting-Notes | π β | AD attack mindmaps Β· pentest cheatsheets Β· CherryTree notes |
| Qiskit-Quantum | π Python | Qiskit notebooks β single/multi-qubit quantum information |
Private / WIP: Psiberus agent (Rust) Β· Zig shellcode loader Β· Go fork-chain injector Β· Rust fluctuation implant Β· ASL JSON generator Β· sandbox/VM detection toolkit
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β DOMAIN CURRENT FOCUS β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β Windows Evasion AMSI/ETW internals, heap corruption, β
β patchless bypasses, call stack spoof β
β Active Directory Cross-domain/forest trust attacks, β
β ExtraSids golden ticket, Kerberos β
β EDR Research Telemetry blind spots, hook evasion, β
β MDE signal analysis, DLL tracing β
β Post-Quantum Crypto Kyber-768, Dilithium3, secure channel β
β design, PQC migration tooling β
β Adversary Emulation MITRE ATT&CK mapping, ASL framework, β
β automated purple team pipelines β
β Malware Analysis PE internals, memory forensics, β
β behavioral signatures, sandbox escape β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
[psiberus@lab ~]$ cat /opt/psiberus/README
PSIBERUS β Autonomous AI-Driven Penetration Testing Platform
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
STACK:
Agent β Rust (evasion-first, modular payload)
Operator UI β Tauri + Svelte (desktop)
C2 Backend β Go microservices, MQTT/RabbitMQ transport
Telemetry β ELK + MDE + Sysmon correlation engine
Emulation β MITRE ATT&CK mapped, ASL-native scenario engine
STATUS: [PRIVATE ALPHA] β Founder: Psiberus LLC, Doha QA
[noman@psiberus-lab ~]$ git log --all --oneline | wc -l && gh api /users/nomannasirminhas
CONTRIBUTIONS : 2,590 (May 8, 2017 β Present)
CURRENT STREAK : 6 days (May 17 β May 22)
LONGEST STREAK : 12 days (Apr 30 β May 11, 2020)
βββββββββββββββββββββββββββββββββββββββββββββ
TROPHY RANK POINTS TITLE
βββββββββββββββββββββββββββββββββββββββββββββ
MultiLanguage S 15pt Rainbow Lang User
Repositories S 166pt God Repo Creator
Commits A 744pt Ultra Committer
Experience A 33pt Expert Dev
Followers A 34pt Dynamic User
Stars B 17pt Middle Star
- π‘ Medium @malicious-dll β Loader design, ETW/AMSI internals, token manipulation, memory forensics, AD attack/defense
- π¬ IEEE Research β Published peer-reviewed offensive security research
- π§ Instagram @science_with_noman β Physics, quantum computing, space, mathematics science communication
[noman@psiberus-lab ~]$ netstat -contact
PROTOCOL ENDPOINT STATUS
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
EMAIL β [email protected] OPEN
TWITTER β @malicious_dll LISTENING
LINKEDIN β /in/noman-nasir-minhas AUTHENTICATED
MEDIUM β @malicious-dll PUBLISHING
HUB β beacons.ai/malicious.dll ACTIVE
GITHUB β /NomanNasirMinhas PUBLIC
TOPICS: GoLang Β· Rust Β· C2 Dev Β· EDR Evasion Β· AD Attacks
Quantum Computing Β· Exploit Dev Β· Red/Purple Opsβββββββ βββββββββββββββββββββββ βββββββ βββ ββββββββββββββ ββββββββββββ βββ βββββββββββββββ
ββββββββββββββββββββββββββββββββ ββββββββ βββ ββββββββββββββ βββββββββββββ βββββββββββββββββββ
βββ βββββββββ ββββββ ββββββββ βββββββββ βββ ββββββββββββββ ββββββ ββββββ ββββββ ββββββ
βββ βββββββββ ββββββ βββββββ βββββββββββββ ββββββββββββββ ββββββ βββββββββββββ ββββββ
βββββββββββββββββββββββββββ ββββββ ββββββ ββββββββββββββββββββββββββββββ ββββββββββββββββββββββ
βββββββ βββββββββββββββββββ ββββββ βββββ ββββββββββββββββββββββββββββββ βββββ βββββββββββββββ
"The best defense is understanding how the offense thinks."
π¦ Malware Researcher Β· Exploit Developer Β· Red/Purple Team Operator Β· Science Communicator
All research conducted in controlled lab environments for ethical R&D and defense purposes.