/ Recent content on Vanilla InfoSec Hugo -- gohugo.io en Wed, 13 May 2026 00:00:00 +0000 /posts/belphc2---jitter-logic-and-chaos-theory/ Wed, 13 May 2026 00:00:00 +0000 /posts/belphc2---jitter-logic-and-chaos-theory/ BelphC2 - Jitter Logic and Chaos Theory Disclaimer Is this necessary? Probably not… Do I find this cool and do I want to blab about it? Yes! Introduction to Jittering While developing BelphC2’s polling behavior, I had to decide how to generate seemingly random jittering values. Most post exploitation frameworks implement some form of a jitter. The term “jitter” refers to how a post exploitation framework’s beacon/implant manages its communication or ‘polling’ intervals. /posts/introduction-to-process-injection---a-primer-on-the-theory/ Thu, 16 Apr 2026 00:00:00 +0000 /posts/introduction-to-process-injection---a-primer-on-the-theory/ What is Process Injection? In essence, process injection involves: Inserting a block of code (usually shellcode) into the memory space of a process. Process injection is a means to an end for evading on disk detection. Instead of executing malicious code directly via a PE file or script (which could more easily be caught on disk by antivirus or EDR), the code is injected into process memory. While by no means is this a reliably stealthy on its own, it is a fundamental concept needed to be understood before developing more advanced execution workflows. /posts/remote-thread-injection---writing-a-powershell-shellcode-loader/ Thu, 16 Apr 2026 00:00:00 +0000 /posts/remote-thread-injection---writing-a-powershell-shellcode-loader/ Process Injection in Practice: PowerShell Remote Thread Injection In the previous article, we explored what exactly process injection is, why it is used, and how blue teams attempt to detect it. In this post, we move from theory into practice by walking through a real-world example of the classic Remote Thread Injection technique, implemented using PowerShell. This example is intentionally straightforward and educational. It does not attempt to evade EDR, bypass AMSI, or conceal behavior whatsoever. /posts/belphc2---dumping-passwords-out-of-web-browsers/ Sun, 01 Mar 2026 00:00:00 +0000 /posts/belphc2---dumping-passwords-out-of-web-browsers/ Save password..? Yes It feels like web browsers have accidentally become credential vaults? Mainly because… Well we typically hit “save password” when prompted: Admittedly, without much prior thought! Credentials for: Email accounts. Banking logins. Corporate VPN credentials. Cloud dashboards. Developer secrets. Session tokens. But there’s an important detail here in regards to how these browsers secure credentials in default configurations: Browser password managers are often designed to protect data at rest, not necessarily protect data from the logged-in user context itself. /about/about/ Thu, 04 Sep 2025 00:00:00 +0000 /about/about/ “Know the enemy and know yourself, and you need not fear the result of a hundred battles.” — Sun Tzu $ whoami My name is Alex Messham, and I’m a passionate multidisciplinary computer science professional - an engineer and nerd at heart, interested in building and breaking systems. This is my blog dedicated to writing offensive security articles, and discussing information security concepts as a whole. I have a particular interest in malware development, programming/automation, and defense evasion. /resume/resume/ Thu, 04 Sep 2025 00:00:00 +0000 /resume/resume/ Robert Messham Dayton, OH 45419 ramessham@gmail.com | +1 937 479 7994 Professional Summary I’m a multidisciplinary InfoSec professional and systems engineer with expertise in: Red teaming Infrastructure Security Engineering Software development I have proven experience in developing and executing internal red team operations, using outputs from red team engagements as roadmaps for infrastructure improvements, tool development, and automations engineering. I am skilled in a wide range of programming languages, operating systems, and computer science disciplines. /posts/rust-malware-development---linux-keylogger/ Thu, 04 Sep 2025 00:00:00 +0000 /posts/rust-malware-development---linux-keylogger/ Overview Keyloggers remain a valid TTP for offering deep insight into user behavior. I wanted to write one in Rust aiming for a binary that was memory-safe and efficient (I’m really just learning Rust because it’s trendy and my coworkers like using it). We will be leveraging the evdev interface — the Linux kernel’s raw input event device system. This gives us direct, low-noise access to keystroke events from /dev/input/event* /posts/establishing-persistent-remote-access-to-linux-systems---systemd-backdoor-services/ Wed, 03 Sep 2025 00:00:00 +0000 /posts/establishing-persistent-remote-access-to-linux-systems---systemd-backdoor-services/ Overview Systemd services are the standard means for managing persistent processes in most modern Linux distributions. Because services start automatically with the system during the init sequence, adversaries often abuse them for persistent access to target systems. A stealthy backdoor service may masquerade itself as a legitimate system component and launch attacker-controlled payloads at boot. This enables hackers with the opportunity to re-enter an environment if something does not go according to plan.