>_
The Fuzz.
0xfuzz@thefuzz:~$ cat /etc/motd

It's always DNS.

Field notes from a defensive-security practitioner. Detection engineering, malware analysis, threat intel, and the occasional CTF writeup.

$ ls posts/$ filter --ctf
4
posts published
3
categories used
16
tags indexed
41
min total reading
featured

Pinned by the author

view all →
$ open --post hello-worl
SOC

Hello, World: Why The Fuzz Exists

Starting a defensive-security blog because notes get lost in vaults, in Teams chats, in chat logs. This is where mine live now.

Apr 25, 20264 min
$ open --post ctf-ddc-hi
CTF Writeups

DDC Regionals 2026 — Hidden Trouble 1

Hunting fileless WMI persistence on a dead-disk Windows 11 image. From ASEP-sweep through XOR'd C2 to the flag.

Apr 25, 202612 min
$ open --post unpacking-
Malware Analysis

Unpacking Emotet's Latest Loader: A Static + Dynamic Walkthrough

Reverse engineering the new Emotet loader stage. We cover the unpacking routine, anti-analysis tricks, and pull a clean payload for YARA authoring.

Apr 22, 202614 min
recent activity

Latest from the lab

Apr 25
SOC
Hello, World: Why The Fuzz Exists
Starting a defensive-security blog because notes get lost in vaults, in Teams chats, in chat logs. This is where mine live now.
4 min →
Apr 25
CTF Writeups
DDC Regionals 2026 — Hidden Trouble 1
Hunting fileless WMI persistence on a dead-disk Windows 11 image. From ASEP-sweep through XOR'd C2 to the flag.
12 min →
Apr 22
Malware Analysis
Unpacking Emotet's Latest Loader: A Static + Dynamic Walkthrough
Reverse engineering the new Emotet loader stage. We cover the unpacking routine, anti-analysis tricks, and pull a clean payload for YARA authoring.
14 min →
Apr 18
CTF Writeups
HTB: Resolute — From AS-REP Roasting to DnsAdmins Privilege Escalation
A clean walkthrough of HackTheBox's Resolute box. Enumeration, AS-REP roast, lateral movement via password reuse, and DLL injection through DnsAdmins.
11 min →
$ cat all_posts.md