Skip to content
View Anoop-Kumar-Sharma's full-sized avatar
6 followers · 1 following
  • AMD

Block or report Anoop-Kumar-Sharma

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
Anoop-Kumar-Sharma/README.md

🧠 About Me

+ DFIR & Malware Analysis Specialist
+ Reverse Engineer (Userland + Windows Internals)
+ Builder of high-performance forensic tools
  • 🧬 I break systems to understand their internals
  • 💀 I hunt malware and reconstruct attacker behavior
  • ⚙️ I write efficient tooling in C / C++ / Python

⚡ Tech Stack

Languages

  • C
  • C++
  • Python

Domains

  • Malware Analysis
  • DFIR
  • Reverse Engineering
  • Windows Internals

Focus Areas

  • Memory Forensics
  • Process Injection
  • API Hooking
  • Artifact Analysis

🛠️ DFIR Tooling

DFIR CORE 

> Enumerating processes
> Scanning memory regions
> Detecting injection patterns
> Extracting IOCs
> Generating forensic report

STATUS: COMPLETED

What I build:

  • 🧠 Memory scanners (entropy, RWX, shellcode detection)
  • 🔍 Handle/Process analyzers (NtQuerySystemInformation)
  • ⚡ Behavior engines (API tracing + heuristics)
  • 🛡️ DFIR automation (artifact parsing + timelines)

🧩 Active Research

[ LIVE ANALYSIS ]
- Kernel-level visibility (bridging userland gaps)
- Memory forensics pipelines
- Anti-debug / anti-VM bypass
- Modern malware evasion

🔬 DFIR Workflow

flowchart LR
    A[Sample] --> B[Static]
    B --> C[Dynamic]
    C --> D[Memory]
    D --> E[IOC]
    E --> F[Report]
Loading

💻 Highlight Projects

📊 DFIR Analytics Dashboard

Popular repositories Loading

  1. ADBG ADBG Public

    A low-level Windows security research project focused on anti-debugging, process protection, and syscall-level evasion techniques.

    C 2 1

  2. WinTriage WinTriage Public

    Live Windows forensic triage tool that rapidly detects anti-forensics, suspicious execution, and post-compromise activity.

    Python

  3. KMDrv KMDrv Public

    Windows kernel-mode driver for process memory manipulation using IOCTL (read/write/attach via MmCopyVirtualMemory).

    C

  4. TamperTrace TamperTrace Public

    TamperTrace detects byte-level modifications in running processes by analyzing memory regions. It identifies altered data and provides targeted hex dumps for inspection.

    C++

  5. ExecTrace ExecTrace Public

    ExecTrace is a Windows forensic tool that detects executable activity by cross-referencing BAM registry entries with SYSTEM.LOG transaction logs. It surfaces programs that were run but had their BA…

    C++

  6. ShimCache-Parser ShimCache-Parser Public

    A forensic tool for parsing the Windows 10/11 ShimCache (AppCompatCache) registry artifact, producing enriched CSV output with file metadata, Authenticode signatures, PE compile timestamps, SHA-256…

    C++