This page contains a small subset of some of the research papers and reports I wrote over the years. They are mainly about reverse engineering, malware analysis and OpenMP, among others.
| Exploring JARM – An Active TLS Fingerprinting Algorithm
. Slides
. Video Presentation (YouTube)
. 32-bit & 64-bit releases are available on GitHub
Mohamad Mokbel. HITBSecConf2023 – Amsterdam. April 20, 2023
| Batch Everywhere – How to Execute Shell Commands or Open a Shell Inside a Surrogate File
. Article
Mohamad Mokbel. Mar 05, 2023
| The State of SSL/TLS Certificate Usage in Malware C&C Communications
. Paper
. Blog
Mohamad Mokbel. Trend Micro Research. Sep 03, 2021
| A Journey into Malware HTTP Communication Channels Spectacles
. Paper
. Slides
. YouTube Video Presentation
Mohamad Mokbel. vOPCDE. Jul 15, 2020
| An Exploratory Endeavor in the Reverse Engineering of a Multi-platform Compiler (PureBasic)
. Abstract & Description
. Slides (vOPCDE Edition)
. Slides (Living Document – Last updated (May 29th, 2020))
– Updates include details on the differences and similarities between version 4 and 5 of the compiler
. YouTube Video Presentation
. Tools (check Tools section)
Mohamad Mokbel. vOPCDE. May 06, 2020 and TyphoonCon. May 28th, 2020
| Analyzing C/C++ Runtime Library Code Tampering in Software Supply Chain Attacks
Addendum: Shadow Hammer Case Study
Mohamad Mokbel. Trend Micro Research. Apr 22, 2019
| Tildeb: Analyzing the 18-year-old Implant from the Shadow Brokers’ Leak
Blog post contains the Introduction and Conclusion sections. Details are in the paper.
Mohamad Mokbel. TrendLabs. Dec 13, 2018
| ShellPcapFication (SPF) – A Sophisticated Interactive Shell Framework (Conference Talk)
Check Tools section for more inf. about the framework.
Mohamad Mokbel. ToorCon: San Diego Conference. Sep 02, 2017
| On the Intractability of Designing an Efficient Entropy Brute Forcer
Mohamad Mokbel. Jun 09, 2012
| An Unobtrusive Entropy Based Compiler Optimization Comparator With Introduction to Symbiotic Differential Comparison Algorithm
Mohamad Mokbel, Christopher D. Cambly. In Technology Showcase at the 20th Annual International Conference on Computer Science and Software Engineering (CASCON 2010), Toronto, Ontario, Canada, Nov 1-4, 2010
| Towards a Quasi High Level Compiler Comparative and Attributive Model for OpenMP Programs
Mohamad Mokbel, Robert D. Kent and Michael Wong. Poster Session Presented at the 6th International Workshop on OpenMP (IWOMP), Tsukuba, Japan, Jun 14-16, 2010
| An Abstract Semantically Rich Compiler Collocative and Interpretative Model for OpenMP Programs
Mohamad Mokbel. Oxford Journals, The Computer Journal (submitted Mar 14, 2010, Accepted Dec 2010, The Computer Journal Advance Access published Apr 5, 2011)
| An Embellished Macro Descriptive Language For Reverse Assembly Code (PoC)
Mohamad Mokbel. This paper is published in IEEE Potentials Vol. 29, Issue 2, (Mar/Apr 2010) P. 26-33
| OpenMP: A Lookup on the Performance Internals
Mohamad Mokbel. Literature Review with Experimentation, School of Computer Science, University of Windsor, Sep 2009
| Achilles Heel in the Philosophy of Prometheus Boundless Security
Mohamad Mokbel. CodeBreakers Journal, Vol. 5, No. 2, 2008 Aug
| EAX-56 KGM Under Attack: A Thorough Examination of SCA
Mohamad Mokbel. CodeBreakers Journal, Vol. 4, No. 8, 2007 Aug
| RCE Profiling: Counterbalancing the Algo.this.Key
Mohamad Mokbel. CodeBreakers Journal, Vol. 4, No. 1, 2007 January
| WTM Register Maker v2.0 case study
Mohamad Mokbel (under the pseudo-handle tHE mUTABLE). ARTeam eZine Vol 1, Issue 2, Ch. 12, P. 66, Oct 2006
| RCE: Emphasizing on Breaking Software Protection
Mohamad Mokbel (under the pseudo-handle tHE mUTABLE). This book was published at ARTeam website on Jul 07, 2006 as an exclusive edition with my permission. Before that it was one of my projects at the LIU university. pass(base64decode(“dGhlbXV0YWJsZTIwMDY=”))
| Deciphering the Algorithm
Mohamad Mokbel (under the pseudo-handle tHE mUTABLE). Feb 22, 2006. pass(base64decode(“MDEwdGhlbXV0YWJsZTAxMA==”))
| Time Dilation and Length Contraction Formula
Mohamad Mokbel. Online version: MapleSoft. Dec 12, 2005