Nidal Fikri Malware Analyst at Hatching Triage

My Expertise

Malware Research Analyst at Hatching Triage. Ex-Trend Micro CPITS intern. I've published MA reports more than once at Malpeida. Also, I am the author of some fun CTFs at CyberDefenders. Learning how computers are designed & how they function is my ultimate hobby. I can't stop stalking the internals & I love to REVERSE them.


Hands-on Training in Threat Defense & Cloud at Trend Micro North Africa CPITS 2021.


The First Egyptian Undergrad Speaker at BSides Cairo 2020. Check out the talk Here.


CAT Reloaded Cyber Security Circle at 2018. Cyber Security Community Leader at Mansoura, Egypt.

Featured Projects


RE Dridex Trojan

  • API Hashing
  • Vectored Exception Handling
  • Anti-Disassembly
  • Strings Decryption
  • C&C Extraction

Dissecting Dridex the famous banking trojan. Dridex -also known as Bugat and Cridex- is a form of malware that specializes in stealing bank credentials via a system that utilizes macros from Microsoft Word. The anti-Analysis techniques (API Hashing) used by Dridex is also used by some serious malware threats including CobaltStrike and BlackMatter Ransomware.

Check it out

RE RedLine Infostealer Malware

  • Reversing .NET
  • Data Exfiltration
  • Location Tracking
  • Crypto Stealing
  • Broswer Harvesting
  • YARA Rule

Reverse Engineering the newly emerged RedLine infostealer malware. RedLine was first being noticed at 2020 via COVID-19 phishing emails, and has been active in 2021. RedLine is used for extensive information stealing operations, like: credit card credentials, Crypto wallets, sensitive files, etc. Furthermore, RedLine also can be used as malware loader or dropper for extended malicious impact.

Check it out

RE Hancitor Malware Loader

  • DLL Unpacking
  • Process Injection
  • Host Profiling
  • Indicators of Compromise
  • YARA Rule
  • Configuration Extraction

Dissecting Hancitor the famous malware loader. Hancitor has been in use for years since first being observed in 2015. Hancitor has been the attacker's loader of choice to deliver malwares like: FickerStealer, Sendsafe, and Cobalt Strike if the victim characteristics are met.

Check it out