Mariusz Banach

Where it All Began

My middle school had this Win95 box connected to an educational LED box. I was 14 years old, in a computer science class, with the topic C++. There was this Win95 box and an attached custom educational board with Blinkenlights. We used code to tell it to light up – and it obeyed. Something clicked. I was all in.

Then there was x86 Assembly, int 0x2e, and fooling around with CRT displays. But the real turning point was sheer luck: someone handed me a copy of The Art of Computer Virus Research and Defense by Peter Szor. That book changed everything. I became fascinated by the mechanics of self-spreading code, studying how it infected Master Boot Records and PE headers, GDT, or SSDT tables. I spent my high school years scouring milw0rm, Bugtraq, and Phrack for samples, exploits, and ezines. The Manifest, Malloc Des-Maleficarum, and lcamtuf’s Silence on the Wire truly shaped who I am today.

Where it Went From There

My professional career began unexpectedly when a friendly Polish hacker – Gynvael Coldwind – forwarded my resume to friends at an antivirus company without my knowledge!

I landed my first role as a malware researcher. However, while I loved the technical depth of analysing specimens, writing cleaners, and improving the disinfection engine, I quickly felt it was going to be a never-ending spectacle of working through malicious samples. I wanted to act in the Game of Breaches rather than spectate it as an analyst. So, I crossed the barricade into offensive security.

After spending years as a penetration tester breaking diverse tech stacks, I eventually developed a desire to drive holistic simulations that truly measure an organization’s cyber resilience. That drive led me to Red Teaming, where I could finally stretch my skillset and feel properly challenged – AVs? EDRs? 24/7 SOC team? I’m on it, hold my beer.

Then was my first blood – a Domain Admin I got while assessing a huge Bank, I felt unstoppable.

My Coolest Project Ever

I’ve done a lot of cool things in my career – but you never forget your first. Mine happened early in my antivirus days.

A large Japanese company was hit by the Win32/Virlock malware. A nasty polymorphic infector that had encrypted thousands of their systems. My task seemed straightforward: reverse engineer the sample, write a standalone cleaner, and ship it. A project that was supposed to decide whether I’m a good fit for the company’s AV engine development team.

After a few sleepless days, I had the encryption engine reverse-engineered and a working cleaner prototype. Then came the gut punch – the infection wasn’t just one variant. It was Virlock.A, Virlock.B, Virlock.B2… all the way through the alphabet. Each variant shared a similar encryption scheme, but was different enough to break my cleaner. Heavily polymorphic. Constantly mutating.

What was supposed to take days turned into three months. I had to reverse-engineer every single variant, understand their mutation patterns, and write code that could handle them all. I ended up building a custom x86 emulator, a dissection engine, and dozens of static decryption routines.

When it finally worked – when I heard that the cleaner successfully restored the customer’s files — I felt something I’ll never forget. This was my trial by fire, my entry into the fascinating world of computer viruses and later ethical offensive security tools.

Needless to say, I passed the test and breached into cybersecurity.