Recreating an MSI Payload for Fun and no profit – as used by Gwisin Ransomware


Credits & Disclaimer

Credits – (Click to Expand) There is no novel research/content in this blog post, nor do I claim any work in this blog post to be mine (it’s not). This post is just a personal study note that I use for personal reasons while I study others’ work regarding offensive security tradecraft. All credits go to the authors below, and many more. HuskyHacks – MSI Payload Blog Post

ASEC AhnLab – blog post

SK Shieldus

Atomic Red Team


This post contains my best effort to si…

Read More