|
Up
|
|
|
|
|
2004-04-06 - Remote Library Injection.pdf
|
|
|
|
|
2005-05-30 - Making WMI Queries In C.7z
|
|
|
|
|
2006-05-22 - Windows Network Services Internals.pdf
|
|
|
|
|
2008-12-27 - Detailed Guide to PE Infection.txt
|
|
|
|
|
2009-05-03 - PE Infection - How to Inject a DLL.pdf
|
|
|
|
|
2010-01-12 - Exercising the Firewall using Cplusplus.pdf
|
|
|
|
|
2011-01-25 - No Loitering - Exploiting Lingering Vulnerabilities in Default COM Objects.pdf
|
|
|
|
|
2011-05-04 - The Ultimate Anti-Debugging Reference.pdf
|
|
|
|
|
2011-06-29 - Implementing keyloggers in Windows.pdf
|
|
|
|
|
2012-02-14 - Stack Necromancy - Defeating Debuggers By Raising the Dead.pdf
|
|
|
|
|
2012-03-21 - Using UPX as a Security Packer.pdf
|
|
|
|
|
2012-09-19 - Knockin on Heavens Gate - Dynamic Processor Mode Switching.pdf
|
|
|
|
|
2012-11-01 - SizeOfStackReserve As Anti-Attaching Trick.pdf
|
|
|
|
|
2014-02-03 - PE Injection Demonstration 1.zip
|
|
|
|
|
2014-02-06 - Hide process with DKOM without hard coded offsets.txt
|
|
|
|
|
2014-04-13 - PE Injection Explained Advanced memory code injection technique.pdf
|
|
|
|
|
2014-12-03 - Hooking COM Objects - Intercepting Calls to COM Interfaces.7z
|
|
|
|
|
2015-03-06 - PE Infection - Add a PE section - with code.txt
|
|
|
|
|
2015-03-30 - Another detailed guide to PE infection.txt
|
|
|
|
|
2015-04-06 - Hiding loaded driver with DKOM.txt
|
|
|
|
|
2015-08-10 - Windows 10HH Symbolic Link Mitigations.pdf
|
|
|
|
|
2015-08-12 - Stealth Techniques - Hiding Files in the Registry.pdf
|
|
|
|
|
2015-08-20 - Manually Enumerating Process Modules.pdf
|
|
|
|
|
2015-12-05 - Abusing WMI To Build A Persistent Asynchronous And Fileless Backdoor.pdf
|
|
|
|
|
2016-01-12 - Creating Processes By Using Undocumented COM APIs.7z
|
|
|
|
|
2016-02-10 - The Definitive Guide on Win32 to NT Path Conversion.pdf
|
|
|
|
|
2016-05-19 - PE File Infection.pdf
|
|
|
|
|
2016-10-27 - AtomBombing - A Brand New Code Injection Technique for Windows.pdf
|
|
|
|
|
2016-11-21 - Keylogging using ETW in CSharp.NET.7z
|
|
|
|
|
2017-06-07 - Process Hollowing with Manalyzes PE library.pdf
|
|
|
|
|
2017-08-12 - Finding handle leaks - user mode duplicate handle in C and CSharp.zip
|
|
|
|
|
2017-09-19 - Abusing Delay Load DLLs for Remote Code Injection.pdf
|
|
|
|
|
2017-10-03 - Windows 10 Parallel Loading Breakdown.pdf
|
|
|
|
|
2017-10-06 - An Introduction to Standard and Isolation Minifilters.pdf
|
|
|
|
|
2017-10-15 - Understanding API Set Resolution.7z
|
|
|
|
|
2018-03-17 - Abusing Exported Functions and Exposed DCOM Interfaces.pdf
|
|
|
|
|
2018-03-26 - Ghostwrite Demonstration.c
|
|
|
|
|
2018-06-14 - PE Injection Demonstration 2.zip
|
|
|
|
|
2018-06-18 - Exploring PowerShell AMSI and Logging Evasion.pdf
|
|
|
|
|
2018-08-07 - Windows Exploitation Tricks Exploiting Arbitrary Object Directory Creation for Local Elevation of Pri.pdf
|
|
|
|
|
2018-08-19 - NTFS Alternate Streams What, When, and How To.7z
|
|
|
|
|
2018-09-06 - Persistence using Universal Windows Platform apps.pdf
|
|
|
|
|
2018-09-09 - Finding Interactive User COM Objects using PowerShell.pdf
|
|
|
|
|
2018-10-16 - Injecting Code into Windows Protected Processes using COM - Part 1.pdf
|
|
|
|
|
2018-10-20 - Using DropBox As A C2.zip
|
|
|
|
|
2018-11-01 - Process Injection Techniques and Detection using the Volatility Framework.pdf
|
|
|
|
|
2018-11-30 - Injecting Code into Windows Protected Processes using COM - Part 2.pdf
|
|
|
|
|
2018-12-12 - VBA RunPE - Breaking Out of Highly Constrained Desktop Environments.7z
|
|
|
|
|
2019-01-04 - A dive into the world of MS-DOS viruses.pdf
|
|
|
|
|
2019-02-15 - Understanding Windows x64 ASM.7z
|
|
|
|
|
2019-02-25 - Notes on RtlCloneUserProcess.7z
|
|
|
|
|
2019-04-07 - Loading and calling VB from CPlusPlus.zip
|
|
|
|
|
2019-04-08 - Early Bird Injection - APC Abuse.pdf
|
|
|
|
|
2019-04-26 - Hunting for Ghosts in Fileless Attacks.pdf
|
|
|
|
|
2019-06-03 - How Red Teams Bypass AMSI and WLDP for .NET Dynamic Code.pdf
|
|
|
|
|
2019-06-19 - Combining Direct System Calls and sRDI.pdf
|
|
|
|
|
2019-06-29 - Persistence with Windows Services.pdf
|
|
|
|
|
2019-07-03 - Dumping LSASS - MiniDumpWriteDump to Disk.txt
|
|
|
|
|
2019-07-03 - MiniDumpWriteDump and PssCaptureSnapshot.txt
|
|
|
|
|
2019-07-07 - Calling Syscalls Directly from Visual Studio to Bypass AVs and EDRs.pdf
|
|
|
|
|
2019-07-07 - Dumping LSASS - MiniDumpWriteDump to Memory using MiniDump Callbacks.txt
|
|
|
|
|
2019-07-21 - In-memory execution of VBScript, JavaScript or JScript.txt
|
|
|
|
|
2019-08-08 - Demonstating Various Process Injection Techniques - Pinjecta.zip
|
|
|
|
|
2019-08-08 - Process Injection Techniques - Gotta Catch Them All.pdf
|
|
|
|
|
2019-08-12 - Windows Process Injection via KnownDlls Cache Poisoning.pdf
|
|
|
|
|
2019-08-13 - The state of advanced code injections.pdf
|
|
|
|
|
2019-08-16 - IBM Java Control Panel for persistence.pdf
|
|
|
|
|
2019-08-17 - Weaponizing Privileged File Writes with the USO Service.7z
|
|
|
|
|
2019-08-22 - Common Language Runtime Hook for Persistence.pdf
|
|
|
|
|
2019-08-23 - How the Antimalware Scan Interface AMSI helps you defend against malware.pdf
|
|
|
|
|
2019-09-07 - AutoPlay Handlers for persistence.pdf
|
|
|
|
|
2019-09-20 - Exotic persistence - Windows Error Reporting Debugger key.pdf
|
|
|
|
|
2019-10-11 - An alternate way to execute a binary - NtQueryInformationProcess and the AeDebugProtected key.pdf
|
|
|
|
|
2019-10-23 - SPReview Phantom DLLs.pdf
|
|
|
|
|
2019-10-24 - SPReview Permanent Persistence.pdf
|
|
|
|
|
2019-11-06 - Bypassing Kernel Function Pointer Integrity Checks.pdf
|
|
|
|
|
2019-11-11 - Antimalware Scan Interface AMSI.pdf
|
|
|
|
|
2019-11-18 - Abusing Intel VTune Amplifier for Persistence.pdf
|
|
|
|
|
2019-12-02 - Evading WinDefender ATP credential-theft a hit after a hit-and-miss start.pdf
|
|
|
|
|
2019-12-17 - Calling Local Windows RPC Servers from NET.pdf
|
|
|
|
|
2020-01-02 - Exploiting Flaws in Windbg.pdf
|
|
|
|
|
2020-01-05 - RIP ROP CET Internals in Windows 20H1.pdf
|
|
|
|
|
2020-01-06 - NtCreateSection and NtMapViewOfSection for Code Injection.pdf
|
|
|
|
|
2020-01-23 - Starting WERSVR from a restricted users.7z
|
|
|
|
|
2020-01-31 - DKOM - Now with Symbolic Links.pdf
|
|
|
|
|
2020-02-03 - Bypass EDRs memory protection - an introduction to hooking.pdf
|
|
|
|
|
2020-02-03 - Hooking Heavens Gate - a WOW64 hooking technique.pdf
|
|
|
|
|
2020-02-10 - From Process Injection to Function Hijacking.pdf
|
|
|
|
|
2020-02-10 - WDExtract - Extracting data from Windows Defender.zip
|
|
|
|
|
2020-02-18 - Move aside signature scanning Better kernel data discovery through lookaside lists.pdf
|
|
|
|
|
2020-02-18 - Symbolic Hooks Part 2 Getting the Target Name.pdf
|
|
|
|
|
2020-02-23 - A stealthier approach to spoofing process command line.pdf
|
|
|
|
|
2020-02-29 - Windows Kernel Ps Callbacks Experiments.pdf
|
|
|
|
|
2020-03-18 - ShimBad the Sailor.pdf
|
|
|
|
|
2020-03-19 - Symbolic Hooks Part 3 The Remainder Theorem.pdf
|
|
|
|
|
2020-03-24 - Symbolic Hooks Part 4 The App Container Traverse-ty.pdf
|
|
|
|
|
2020-04-01 - Updating the Undocumented ESTROBJ and STROBJ Structures for Windows 10 x64.pdf
|
|
|
|
|
2020-04-24 - Windows DLL Hijacking Hopefully Clarified.pdf
|
|
|
|
|
2020-04-30 - Fax Shell - Using Fax service for system.7z
|
|
|
|
|
2020-04-30 - Faxing Your Way to SYSTEM Part Two.pdf
|
|
|
|
|
2020-05-03 - Fax Service Bind shell abusing Ualapi.7z
|
|
|
|
|
2020-05-10 - The Fake Entry Point Trick.txt
|
|
|
|
|
2020-05-12 - PrintDemon Print Spooler Privilege Escalation Persistence amp Stealth CVE-2020-1048 amp more.pdf
|
|
|
|
|
2020-05-17 - APC Series User APC API.pdf
|
|
|
|
|
2020-05-18 - How to use Trend Micro's Rootkit Remover to Install a Rootkit.pdf
|
|
|
|
|
2020-05-27 - Shellcode - Recycling Compression Algorithms for the Z80, 8088, 6502, 8086 and 68K Architectures.pdf
|
|
|
|
|
2020-05-28 - GetEnvironmentVariable As Alternative to WriteProccessMemory in Process Injections.pdf
|
|
|
|
|
2020-06-01 - Using Syscalls to Inject Shellcode on Windows.pdf
|
|
|
|
|
2020-06-03 - APC Series User APC Internals.pdf
|
|
|
|
|
2020-06-06 - NINA - x64 Process Injection.pdf
|
|
|
|
|
2020-06-09 - Abusing Windows Telemetry for Persistence.pdf
|
|
|
|
|
2020-06-10 - Cmd Hijack - A Command_Argument Confustion with Path Traversal.pdf
|
|
|
|
|
2020-06-14 - Process Injection Techniques.pdf
|
|
|
|
|
2020-06-20 - Hiding Process Memory via Anti-Forensic Techniques.pdf
|
|
|
|
|
2020-06-24 - Process Injection Techniques used by Malware.pdf
|
|
|
|
|
2020-06-28 - APC Series KiUserApcDispatcher and Wow64.pdf
|
|
|
|
|
2020-07-03 - How to obfuscate strings using CPlusPlus constexpr Or how to do it correctly at compile time.txt
|
|
|
|
|
2020-07-10 - Fs Minifilter Hooking Part 1.pdf
|
|
|
|
|
2020-07-10 - Masking Malicious Memory Artifacts Part 1 – Phantom DLL Hollowing.pdf
|
|
|
|
|
2020-07-11 - Superfetch - Unknown Spy.pdf
|
|
|
|
|
2020-07-12 - Secure Pool Internals Dynamic KDP Behind The Hood.pdf
|
|
|
|
|
2020-07-16 - Masking Malicious Memory Artifacts Part II - Blending in with False Positives.pdf
|
|
|
|
|
2020-07-16 - Weaponizing Mapping Injection With instrumentation Callback.pdf
|
|
|
|
|
2020-07-30 - Terminal Server Utilities LOLBIN and Persistence.pdf
|
|
|
|
|
2020-08-02 - Removing Kernel Callbacks Using Signed Drivers.7z
|
|
|
|
|
2020-08-03 - Critical Protected DUT Processes in Windows 10.pdf
|
|
|
|
|
2020-08-04 - Masking Malicious Memory Artifacts Part III - Bypassing Defensive Scanners.pdf
|
|
|
|
|
2020-08-05 - Checkpoint Research - Anti-Debug - Assembly instructions.pdf
|
|
|
|
|
2020-08-05 - Checkpoint Research - Anti-Debug - Debug Flags.pdf
|
|
|
|
|
2020-08-05 - Checkpoint Research - Anti-Debug - Direct debugger interaction.pdf
|
|
|
|
|
2020-08-05 - Checkpoint Research - Anti-Debug - Exceptions.pdf
|
|
|
|
|
2020-08-05 - Checkpoint Research - Anti-Debug - Misc.pdf
|
|
|
|
|
2020-08-05 - Checkpoint Research - Anti-Debug - Object Handles.pdf
|
|
|
|
|
2020-08-05 - Checkpoint Research - Anti-Debug - Process Memory.pdf
|
|
|
|
|
2020-08-05 - Checkpoint Research - Anti-Debug - Timing.pdf
|
|
|
|
|
2020-08-16 - QT Framework QT_DEBUG_PLUGINS Persistence.pdf
|
|
|
|
|
2020-09-16 - Defeating Macro Document Static Analysis with Pictures of My Cat.pdf
|
|
|
|
|
2020-09-16 - Silent Runners - Exploring Persistence Methods.7z
|
|
|
|
|
2020-09-18 - Covert Data Persistence with Windows Registry Keys.pdf
|
|
|
|
|
2020-09-18 - More Windows 10 Phantom DLLs.pdf
|
|
|
|
|
2020-09-26 - Deep dive into user-mode Asynchronous Procedure Calls in Windows.pdf
|
|
|
|
|
2020-09-26 - Demystifying the SVCHOSTEXE Process and Its Command Line Options.pdf
|
|
|
|
|
2020-10-02 - Malware Persistence Mechanisms.pdf
|
|
|
|
|
2020-10-06 - CET Updates - CET on Xanax.pdf
|
|
|
|
|
2020-10-08 - Cryogenically Frozen Malware.7z
|
|
|
|
|
2020-10-10 - A Deep Dive Into RUNDLL32EXE.pdf
|
|
|
|
|
2020-10-11 - From a C project through assembly to shellcode.pdf
|
|
|
|
|
2020-10-11 - Masquerading the HKCU Run Key.7z
|
|
|
|
|
2020-10-12 - I Like to Move It - Windows Lateral Movement Part 3 - DLL Hijacking.pdf
|
|
|
|
|
2020-10-17 - DllBidEntryPoint Abuse.pdf
|
|
|
|
|
2020-10-18 - Commandeering Context Menu Entries.7z
|
|
|
|
|
2020-10-19 - SERVICE_FAILURE_ACTIONSW Exception for Persistence.pdf
|
|
|
|
|
2020-11-09 - DPWs are the new DPCs Deferred Procedure Waits in Windows 10 21H1.pdf
|
|
|
|
|
2020-11-09 - WOW64Hooks WOW64 Subsystem Internals and Hooking Techniques.pdf
|
|
|
|
|
2020-11-21 - Exploiting a Simple Vulnerability In 35 Easy Steps or Less.pdf
|
|
|
|
|
2020-11-23 - A Fresh Outlook on Mail Based Persistence.pdf
|
|
|
|
|
2020-11-29 - Weaponize GhostWriting Injection Code Injection Series Part 5.pdf
|
|
|
|
|
2020-12-24 - The worst of the two worlds - Excel meets Outlook.pdf
|
|
|
|
|
2020-12-31 - Antivirus Artifacts III.pdf
|
|
|
|
|
2020-12-31 - Bypassing User-Mode Hooks and Direct Invocation of System Calls for Red Teams.pdf
|
|
|
|
|
2021-01-08 - Exploiting a Simple Vulnerability Part 15 The Info Leak.pdf
|
|
|
|
|
2021-01-09 - CET Updates - Dynamic Address Ranges.pdf
|
|
|
|
|
2021-01-09 - Heresys Gate Kernel ZwNTDLL Scraping and Work Out Ring 0 to Ring 3 via Worker Factories.pdf
|
|
|
|
|
2021-01-10 - Offensive Windows IPC Internals 1 Named Pipes.pdf
|
|
|
|
|
2021-01-12 - tagSOleTlsData and the COM concurrency model for the current thread.pdf
|
|
|
|
|
2021-01-20 - Process on a diet anti-debug using job objects.pdf
|
|
|
|
|
2021-01-24 - LSASS Memory Dumps are Stealthier than Ever Before - Part 1.pdf
|
|
|
|
|
2021-01-30 - Executing Position Independent Shellcode from Object Files in Memory.pdf
|
|
|
|
|
2021-02-06 - Microsoft Office HTML Editor for Persistence.pdf
|
|
|
|
|
2021-02-12 - Offensive Windows IPC Internals 2 RPC.pdf
|
|
|
|
|
2021-02-13 - x64 Deep Dive.pdf
|
|
|
|
|
2021-02-16 - LSASS Memory Dumps are Stealthier than Ever Before - Part 2.pdf
|
|
|
|
|
2021-02-27 - Windows object permissions as a backdoor.pdf
|
|
|
|
|
2021-02-28 - PE Injection_ Executing PEs inside Remote Processes.pdf
|
|
|
|
|
2021-03-01 - Shellcode Execution via CopyFile2.cpp
|
|
|
|
|
2021-03-01 - Shellcode Execution via CreateTimerQueueTimer.cpp
|
|
|
|
|
2021-03-01 - Shellcode Execution via CreateTimerQueueTimer_Tech.cpp
|
|
|
|
|
2021-03-01 - Shellcode Execution via EnumChildWindows.cpp
|
|
|
|
|
2021-03-01 - Shellcode Execution via EnumResourceTypesW.cpp
|
|
|
|
|
2021-03-01 - Shellcode Execution via EnumWindows.cpp
|
|
|
|
|
2021-03-02 - Shellcode Execution via EnumDisplayMonitors.cpp
|
|
|
|
|
2021-03-02 - Shellcode Execution via EnumPropsEx.cpp
|
|
|
|
|
2021-03-03 - Shellcode Execution via EnumDesktopWindows.cpp
|
|
|
|
|
2021-03-05 - Persistence via Java Environment Variables.pdf
|
|
|
|
|
2021-03-05 - Shellcode Execution via EnumPageFilesW.cpp
|
|
|
|
|
2021-03-07 - Shellcode Execution via CopyFileEx.cpp
|
|
|
|
|
2021-03-07 - Shellcode Execution via EnumWindowStationsW.cpp
|
|
|
|
|
2021-03-07 - Shellcode Execution via SymEnumProcesses.cpp
|
|
|
|
|
2021-03-08 - Shellcode Execution via EnumerateLoadedModules.cpp
|
|
|
|
|
2021-03-08 - Shellcode Execution via ImageGetDigestStream.cpp
|
|
|
|
|
2021-03-10 - Exfiltrating Data from Outlook Demonstration.7z
|
|
|
|
|
2021-03-11 - Exploiting a Simple Vulnerability Part 2 What If We Made Exploitation Harder.pdf
|
|
|
|
|
2021-03-11 - Shellcode Execution via VerifierEnumerateResource.cpp
|
|
|
|
|
2021-03-12 - Shellcode Execution via CertEnumSystemStore.cpp
|
|
|
|
|
2021-03-14 - Shellcode Execution via CertEnumSystemStoreLocation.cpp
|
|
|
|
|
2021-03-18 - Anti Debugging Protection Techniques with Examples.pdf
|
|
|
|
|
2021-03-19 - Shellcode Execution via CreateThreadPoolWait.cpp
|
|
|
|
|
2021-03-19 - Shellcode Execution via EnumDesktopW.cpp
|
|
|
|
|
2021-03-19 - Shellcode Execution via EnumDirTreeW.cpp
|
|
|
|
|
2021-03-21 - Shellcode Execution via SysEnumSourceFiles.cpp
|
|
|
|
|
2021-03-24 - Excel Macro Anti-Analysis Techniques.pdf
|
|
|
|
|
2021-03-25 - Demonstrating Keylogging Using NtUserGetRawInputDataKeylogger.cpp
|
|
|
|
|
2021-03-27 - Shellcode Execution via FiberContextEdit.vcxproj
|
|
|
|
|
2021-03-27 - Shellcode Execution via InitOnceExecuteOnce.cpp
|
|
|
|
|
2021-03-27 - Shellcode Execution via SymFindFileInPath.cpp
|
|
|
|
|
2021-03-28 - Executing a PE File in Memory.zip
|
|
|
|
|
2021-03-28 - Shellcode Execution via EnumPropsW.cpp
|
|
|
|
|
2021-03-28 - Shellcode Execution via FlsAlloc.cpp
|
|
|
|
|
2021-03-28 - Shellcode Execution via RtlUserFiberStart.vcxproj
|
|
|
|
|
2021-03-30 - KeDll Injector.rar
|
|
|
|
|
2021-03-30 - Shellcode Execution via LdrEnumerateLoadedModules.cpp
|
|
|
|
|
2021-03-30 - Shellcode Execution via LdrpCallInitRoutine.vcxproj
|
|
|
|
|
2021-03-31 - Shellcode Execution via EnumLanguageGroupLocalesW.cpp
|
|
|
|
|
2021-04-01 - Shellcode Execution via SetTimer.cpp
|
|
|
|
|
2021-04-04 - Shellcode Execution via SetupCommitFileQueueW.cpp
|
|
|
|
|
2021-04-08 - Process Code Injection Through Undocumented NTAPI.pdf
|
|
|
|
|
2021-04-08 - Shellcode Execution via EnumUILanguagesW.cpp
|
|
|
|
|
2021-04-09 - Shellcode Execution via EnumSystemLocales.cpp
|
|
|
|
|
2021-04-11 - Shellcode Execution via EnumPwrSchemes.cpp
|
|
|
|
|
2021-04-12 - Shellcode Execution via EnumResourceTypesExW.cpp
|
|
|
|
|
2021-04-15 - Shellcode Execution via ImmEnumInputContext.cpp
|
|
|
|
|
2021-04-20 - Thread and Process State Change.pdf
|
|
|
|
|
2021-04-22 - Binary Data Hiding in VB6 Executables.pdf
|
|
|
|
|
2021-04-28 - Shellcode Execution via EnumFontsW.cpp
|
|
|
|
|
2021-04-30 - Shellcode Execution via EnumFontFamiliesW.cpp
|
|
|
|
|
2021-05-01 - Shellcode Execution via EnumFontFamiliesExW.cpp
|
|
|
|
|
2021-05-01 - Symantec Endpoint Protection Meets COM - Using Symantec.SSHelper As A LOLBIN.pdf
|
|
|
|
|
2021-05-03 - Shellcode Execution via EnumObjects.cpp
|
|
|
|
|
2021-05-05 - Weird Ways to Run Unmanaged Code in NET.pdf
|
|
|
|
|
2021-05-06 - Shellcode Execution via CryptEnumOIDInfo.cpp
|
|
|
|
|
2021-05-07 - Shellcode Execution via EnumTimeFormatsEx.cpp
|
|
|
|
|
2021-05-12 - Breaking the WDAPT Rules with COM.pdf
|
|
|
|
|
2021-05-13 - Reshaping Shadow Volumes with IOCTLs.txt
|
|
|
|
|
2021-05-21 - Dumping Stored Credentials with SeTrustedCredmanAccessPrivilege.pdf
|
|
|
|
|
2021-05-23 - Preventing memory inspection on Windows.pdf
|
|
|
|
|
2021-05-24 - IO Rings When One IO Operation is Not Enough.pdf
|
|
|
|
|
2021-06-12 - Shellcode Execution via EnumICMProfiles.cpp
|
|
|
|
|
2021-06-18 - Knock Knock The postman is here (abusing Mailslots and PortKnocking for connectionless shells).pdf
|
|
|
|
|
2021-06-19 - Backstab - Demonstrating how to kill EDR protected processes.zip
|
|
|
|
|
2021-06-20 - Demonstrating How to Dump Chrome Passwords.7z
|
|
|
|
|
2021-06-28 - Stealing Tokens In Kernel Mode With A Malicious Driver.pdf
|
|
|
|
|
2021-07-23 - Modifying MS Office security warnings.PNG
|
|
|
|
|
2021-07-26 - Shellcoding - Process Injection with Assembly.pdf
|
|
|
|
|
2021-08-03 - Reading, Writing, and Executing A File WITHOUT A File Path - yarhLoader.c
|
|
|
|
|
2021-08-05 - Evil Model - Hiding Malware.pdf
|
|
|
|
|
2021-08-23 - Another AMSI-Bypass paper.pdf
|
|
|
|
|
2021-09-30 - Azure Outlook C2.zip
|
|
|
|
|
2021-10-09 - IoRing vs io_uring a comparison of Windows and Linux implementations.pdf
|
|
|
|
|
2021-10-09 - Trololololobin and other lolololocoasters.pdf
|
|
|
|
|
2021-10-10 - SeManageVolumePrivilege Abuse with FSCTL_SD_GLOBAL_CHANGE.zip
|
|
|
|
|
2021-10-21 - Life is Pane - Persistence via Preview Handlers.pdf
|
|
|
|
|
2021-10-21 - Windows Exploitation Tricks - Relaying DCOM Authentication.pdf
|
|
|
|
|
2021-10-23 - From AMSI to Reflection 0x0.pdf
|
|
|
|
|
2021-10-23 - Shellcode Execution via EnumCalendarInfoEx.cpp
|
|
|
|
|
2021-10-25 - C3 - Demonstrating C2s from MatterMost - GitHub - OneDrive and more.zip
|
|
|
|
|
2021-10-28 - Malicious ZIP Demonstration.zip
|
|
|
|
|
2021-11-10 - The DLL Search Order And Hijacking It.pdf
|
|
|
|
|
2021-11-15 - Design issues of modern EDRs bypassing ETW-based solutions.pdf
|
|
|
|
|
2021-11-18 - Persistence via Recycle Bin.7z
|
|
|
|
|
2021-11-26 - Abusing Windows’ Implementation of Fork() for Stealthy Memory Operations.pdf
|
|
|
|
|
2021-12-01 - Writing a simple 16 bit VM in less than 125 lines of C.pdf
|
|
|
|
|
2021-12-05 - Shellcode Execution via EnumThreadWindows.cpp
|
|
|
|
|
2021-12-07 - Demonstrating USB Propagation.7z
|
|
|
|
|
2021-12-07 - Dynamically Retrieving SYSCALLs - Hells Gate.7z
|
|
|
|
|
2021-12-07 - Identifying Antivirus Software by enumerating Minifilter String Names.7z
|
|
|
|
|
2021-12-07 - Programmatically Modifying Boot Configurations - BCDEdit.7z
|
|
|
|
|
2021-12-07 - The hidden side of Seclogon part 2 - Abusing leaked handles to dump LSASS memory.pdf
|
|
|
|
|
2021-12-07 - Weaponizing Windows Virtualization.7z
|
|
|
|
|
2021-12-09 - Create Microsoft-Signed Phishing Documents.pdf
|
|
|
|
|
2021-12-14 - COM Hijacking for Persistence.pdf
|
|
|
|
|
2022-01-01 - HyperGuard Secure Kernel Patch Guard Part 1 SKPG Initialization.pdf
|
|
|
|
|
2022-01-03 - NTSockets - Downloading a file via HTTP using the NtCreateFile.pdf
|
|
|
|
|
2022-01-04 - Exploring Token Members Part 1.pdf
|
|
|
|
|
2022-01-09 - Understanding Windows Structured Exception Handling Part 1 – The Basics.pdf
|
|
|
|
|
2022-01-11 - Signed Kernal Drivers - Unguarded Gateway to Windows Core.pdf
|
|
|
|
|
2022-01-12 - Playing Around COM Objects Part 1 - DllGetClassObject and ShellExecute IDispatch for Process creation.pdf
|
|
|
|
|
2022-01-12 - Red Canary - Antimalware Scan Interface (AMSI).pdf
|
|
|
|
|
2022-01-15 - CreateRemoteThread Process Injection.7z
|
|
|
|
|
2022-01-15 - Demonstrating ATOM Bombing.7z
|
|
|
|
|
2022-01-15 - Demonstrating EAT hooking from Kernel space.7z
|
|
|
|
|
2022-01-15 - Modifying the EPROCESS structure.7z
|
|
|
|
|
2022-01-15 - Process Doppelgänging POC.7z
|
|
|
|
|
2022-01-15 - Process HerpaDerping.7z
|
|
|
|
|
2022-01-15 - Programmatically Stopping Windows Defender.7z
|
|
|
|
|
2022-01-15 - ReflectiveDLLInjection Example.7z
|
|
|
|
|
2022-01-15 - SetThreadContextInjection Example.7z
|
|
|
|
|
2022-01-15 - SetWindowsHookExInjection Example.7z
|
|
|
|
|
2022-01-15 - Stealing Process Tokens POC.7z
|
|
|
|
|
2022-01-15 - The ExtraWindowInject Process Injection Technique.7z
|
|
|
|
|
2022-01-15 - UserApcInject Example.7z
|
|
|
|
|
2022-01-16 - Notes on Windows MS-CXH and MS-CXH-FULL handlers.pdf
|
|
|
|
|
2022-01-16 - Oobe Setup ErrorHandle.cmd Hijack.pdf
|
|
|
|
|
2022-01-16 - Understanding Windows Structured Exception Handling Part 2 – Digging Deeper.pdf
|
|
|
|
|
2022-01-18 - O365 HKCU WwlibDll Sideloading.pdf
|
|
|
|
|
2022-01-22 - Understanding Windows Structured Exception Handling Part 3 – Under The Hood.pdf
|
|
|
|
|
2022-01-22 - WinINET InternetErrorDlgEx Registry Lookup persistence.pdf
|
|
|
|
|
2022-01-23 - Persistence via P2P_PEER_DIST_API LoadPeerDist.pdf
|
|
|
|
|
2022-01-23 - Reload Executable Files to Achieve Efficient Inline-Hook.pdf
|
|
|
|
|
2022-01-23 - Understanding Windows Structured Exception Handling Part 4 – Pseudo __try and __except.pdf
|
|
|
|
|
2022-01-26 - Using SecureString to protect Malware.pdf
|
|
|
|
|
2022-01-28 - The good the bad and the stomped function.7z
|
|
|
|
|
2022-01-30 - Retrieving the current EIP in C⁄C++.pdf
|
|
|
|
|
2022-01-30 - SetTcpEntry6 - A custom SetTcpEntry implementation for IPv6.pdf
|
|
|
|
|
2022-01-31 - Abusing the MS Office protocol scheme.pdf
|
|
|
|
|
2022-02-01 - System-wide anti-debug technique using NtQuerySystemInformation and DuplicateHandle.pdf
|
|
|
|
|
2022-02-02 - Reading and writing remote process data without using ReadProcessMemory ⁄WriteProcessMemory.pdf
|
|
|
|
|
2022-02-04 - AppLocker bypass by hash caching misuse.pdf
|
|
|
|
|
2022-02-04 - CallRemoteAPI - Call functions in remote processes.pdf
|
|
|
|
|
2022-02-04 - CreateSvcRpc - A custom RPC client to execute programs as the SYSTEM user.pdf
|
|
|
|
|
2022-02-04 - EmbedExeLnk - Embedding an EXE inside a LNK with automatic execution.pdf
|
|
|
|
|
2022-02-04 - JmpNoCall.pdf
|
|
|
|
|
2022-02-04 - KCTHIJACK - KernelCallbackTable Hijack.zip
|
|
|
|
|
2022-02-06 - HijackFileHandle - Hijack a file in a remote process without code injection.pdf
|
|
|
|
|
2022-02-07 - Invisible Sandbox Evasion - Check Point Research.pdf
|
|
|
|
|
2022-02-08 - StackScraper - Capturing sensitive data using real-time stack scanning against a remote.pdf
|
|
|
|
|
2022-02-09 - Hooks-On Hoot-Off Vitaminizing MiniDump.pdf
|
|
|
|
|
2022-02-10 - WindowsNoExec - Abusing existing instructions to executing arbitrary code without allocating executable memory.pdf
|
|
|
|
|
2022-02-14 - Abusing Exceptions for Code Execution Part 1.pdf
|
|
|
|
|
2022-02-16 - Exploring Token Members Part 2.pdf
|
|
|
|
|
2022-02-16 - wlrmdr.exe LOLBIN.7z
|
|
|
|
|
2022-02-17 - HyperGuard Secure Kernel Patch Guard Part 2 SKPG Extents.pdf
|
|
|
|
|
2022-02-17 - The magic behind wlrmdrexe.pdf
|
|
|
|
|
2022-02-25 - LogNT32 - Part 2 - Return-address hijacking implemented to improve efficiency.pdf
|
|
|
|
|
2022-03-11 - AV and EDR Evasion Using Direct System Calls.pdf
|
|
|
|
|
2022-03-14 - Reversing Common Obfuscation Techniques.pdf
|
|
|
|
|
2022-03-17 - Process Overwriting - yet another variant.zip
|
|
|
|
|
2022-03-17 - Process-Hollowing Example.7z
|
|
|
|
|
2022-03-24 - Manipulating LastWriteTime without leaving traces in the NTFS USN Journal.pdf
|
|
|
|
|
2022-03-26 - Digging into PssCaptureSnapshot for LSASS Dumping.pdf
|
|
|
|
|
2022-03-30 - EventPipe - An IPC method to transfer binary data between processes using event objects.pdf
|
|
|
|
|
2022-04-02 - AudioTransmit - Transmitting data between computers using audio.pdf
|
|
|
|
|
2022-04-02 - Unmanaged Code Execution with .NET Dynamic PInvoke.pdf
|
|
|
|
|
2022-04-03 - FveApiDLL Abuse Demonstration.7z
|
|
|
|
|
2022-04-03 - NtdllPipe - Using cmd.exe to retrieve a clean version of ntdll.dll.pdf
|
|
|
|
|
2022-04-04 - AtlasC2 - Demonstrating A C2 in CSharp.zip
|
|
|
|
|
2022-04-04 - Sharing is Caring - Abusing Shared Sections for Code Injection.pdf
|
|
|
|
|
2022-04-09 - Demonstrating API Hooking in Rust.rar
|
|
|
|
|
2022-04-11 - Demonstrating Copying Data To A GPU - GpuMemoryAbuse.cpp
|
|
|
|
|
2022-04-15 - Make phishing great again VSTO office files are the new macro nightmare.pdf
|
|
|
|
|
2022-04-18 - A blueprint for evading industry leading endpoint protection in 2022.pdf
|
|
|
|
|
2022-04-18 - Implementing Global Injection and Hooking in Windows.pdf
|
|
|
|
|
2022-04-18 - Token Manipulation in Rust Demonation.zip
|
|
|
|
|
2022-04-18 - UACMe.zip
|
|
|
|
|
2022-04-19 - Dumping passwords using KRShowKeyMgr.PNG
|
|
|
|
|
2022-04-19 - HyperGuard Part 3 More SKPG Extents.pdf
|
|
|
|
|
2022-04-19 - Resolving System Service Numbers using the Exception Directory.pdf
|
|
|
|
|
2022-04-22 - Bypassing LSA Protection in Userland.pdf
|
|
|
|
|
2022-04-23 - Bypassing PESieve and Moneta The easy way.pdf
|
|
|
|
|
2022-04-27 - Alternate Method Of Contacting IPV4.PNG
|
|
|
|
|
2022-04-29 - One Year to IO Ring What Changed.pdf
|
|
|
|
|
2022-04-30 - Programmatically Hiding Windows Snapshots.7z
|
|
|
|
|
2022-05-01 - GetRawInputData Keylogger Demonstration.7z
|
|
|
|
|
2022-05-01 - Ipv4Fuscation Demonstration.7z
|
|
|
|
|
2022-05-02 - g_CiOptions in a Virtualized World.pdf
|
|
|
|
|
2022-05-05 - A very simple and alternative PID finder.pdf
|
|
|
|
|
2022-05-05 - Process Injection via Component Object Model (COM) IRundown-DoCallback().pdf
|
|
|
|
|
2022-05-05 - Studying Next Generation Malware - NightHawks Attempt At Obfuscate and Sleep.pdf
|
|
|
|
|
2022-05-08 - Demonstrating Process Injection in Rust - Rusty Memory LoadLibrary.zip
|
|
|
|
|
2022-05-09 - Spawning IE on Windows 11.PNG
|
|
|
|
|
2022-05-10 - Making NtCreateUserProcess Work.pdf
|
|
|
|
|
2022-05-14 - About XLL Phishing.zip
|
|
|
|
|
2022-05-16 - Demonstrating Reflective DLL Loading - KaynLdr.zip
|
|
|
|
|
2022-05-24 - Gargoyle x64 - DeepSleep.zip
|
|
|
|
|
2022-05-27 - Nls Code Injection Through The Registry.zip
|
|
|
|
|
2022-05-31 - Crashing Windows by Abusing NtRaiseHardError.PNG
|
|
|
|
|
2022-06-08 - Inside Get-AuthenticodeSignature.pdf
|
|
|
|
|
2022-06-14 - Demonstrating inline syscalls in Cplusplus.zip
|
|
|
|
|
2022-06-17 - Demonstrating Thread Stack Spoofing.zip
|
|
|
|
|
2022-06-17 - Sleep Obfuscation - Ekko.zip
|
|
|
|
|
2022-06-21 - WebView2 Cookie Stealer Demonstration.zip
|
|
|
|
|
2022-06-22 - Extracting Whitelisted Paths from Windows Defender ASR Rules.pdf
|
|
|
|
|
2022-06-25 - PE Resource section for Process Injection.zip
|
|
|
|
|
2022-06-26 - Protecting the Heap - Encryption and Hooks.pdf
|
|
|
|
|
2022-06-28 - The hidden side of Seclogon part 3 - Racing for LSASS dumps.pdf
|
|
|
|
|
2022-06-28 - Weaponizing and Abusing Hidden Functionalities Contained in Office Document Properties.pdf
|
|
|
|
|
2022-06-30 - CallStack Spoofer Demonstration.zip
|
|
|
|
|
2022-06-30 - Spoofing Call Stacks To Confuse EDRs.pdf
|
|
|
|
|
2022-07-05 - One I_O Ring to Rule Them All_ A Full Read_Write Exploit Primitive on Windows 11.pdf
|
|
|
|
|
2022-07-05 - Vulpes - Obfuscating Memory Regions with Timers.pdf
|
|
|
|
|
2022-07-05 - WMI Internals Part 1 - Understanding the Basics.pdf
|
|
|
|
|
2022-07-13 - Bluffy the AV Slayer.pdf
|
|
|
|
|
2022-07-14 - Lord Of The Ring0 - Part 1 Introduction.pdf
|
|
|
|
|
2022-07-16 - Process Injection using QueueUserAPC Technique in Windows.pdf
|
|
|
|
|
2022-07-17 - 30 second execution persistence with Winlogon.PNG
|
|
|
|
|
2022-07-19 - Creating Processes Using System Calls.7z
|
|
|
|
|
2022-07-26 - Understanding DISM - Servicing Stack Interaction.pdf
|
|
|
|
|
2022-07-29 - Running Exploit As Protected Process Light From Userland.pdf
|
|
|
|
|
2022-08-01 - DeathSleep - Demonstrating sleep obfuscation.7z
|
|
|
|
|
2022-08-01 - DLL Hijacking Windows Defender NisSrv.txt
|
|
|
|
|
2022-08-02 - Fourteen Ways to Read the PID for the Local Security Authority Subsystem Service LSASS.pdf
|
|
|
|
|
2022-08-02 - Inside Windows Defender System Guard Runtime Monitor.pdf
|
|
|
|
|
2022-08-04 - API Resolving Obfuscation via Veh.zip
|
|
|
|
|
2022-08-04 - Lord Of The Ring0 - Part 2 A tale of routines IOCTLs and IRPs.pdf
|
|
|
|
|
2022-08-05 - Backdooring Office Structures Part 1 The Oldschool.pdf
|
|
|
|
|
2022-08-05 - Exploring the Windows Search Application Cache.zip
|
|
|
|
|
2022-08-07 - Tampering With Windows Syscalls.zip
|
|
|
|
|
2022-08-08 - Backdooring Office Structures Part 2 Payload Crumbs In Custom Parts.pdf
|
|
|
|
|
2022-08-08 - Manual Implementation of BlockDLLs and ACG.cpp
|
|
|
|
|
2022-08-16 - Demonstrating inline function importing in Cplusplus.zip
|
|
|
|
|
2022-08-16 - Understanding a New Mitigation Module Tampering Protection.pdf
|
|
|
|
|
2022-08-19 - Bypassing AppLocker by abusing HashInfo.pdf
|
|
|
|
|
2022-08-19 - Warbird Hook - Demonstrating shellcode injection and application hijacking.7z
|
|
|
|
|
2022-08-29 - DLL Sideloading ShellChromeAPI.PNG
|
|
|
|
|
2022-09-05 - DirectX and HyperV - An Offensive View.pdf
|
|
|
|
|
2022-09-05 - Inside the Windows Cache Manager.pdf
|
|
|
|
|
2022-09-05 - Shellcode Execution via CDefFolderMenu_Create2.c
|
|
|
|
|
2022-09-05 - Shellcode Execution via CopyFileTransacted.c
|
|
|
|
|
2022-09-05 - Shellcode Execution via DSA_EnumCallback.c
|
|
|
|
|
2022-09-05 - Shellcode Execution via EncryptedFileRaw.c
|
|
|
|
|
2022-09-05 - Shellcode Execution via EvtSubscribe_CVEEventWrite.c
|
|
|
|
|
2022-09-05 - Shellcode Execution via MagSetWindowTransform.c
|
|
|
|
|
2022-09-05 - Shellcode Execution via MessageBoxIndirect.c
|
|
|
|
|
2022-09-05 - Shellcode Execution via MFAddPeriodicCallback.c
|
|
|
|
|
2022-09-05 - Shellcode Execution via NotifyIpInterfaceChange.c
|
|
|
|
|
2022-09-05 - Shellcode Execution via NotifyTeredoPortChange.c
|
|
|
|
|
2022-09-05 - Shellcode Execution via NotifyUnicastIpAddressChange.c
|
|
|
|
|
2022-09-05 - Shellcode Execution via PerfStartProviderEx.c
|
|
|
|
|
2022-09-05 - Shellcode Execution via RegisterWaitForSingleObject.c
|
|
|
|
|
2022-09-05 - Shellcode Execution via SetWaitableTimer.c
|
|
|
|
|
2022-09-05 - Shellcode Execution via SHCreateThreadWithHandle.c
|
|
|
|
|
2022-09-05 - Shellcode Execution via StackWalk.c
|
|
|
|
|
2022-09-05 - Shellcode Execution via SymRegisterCallback.c
|
|
|
|
|
2022-09-05 - Shellcode Execution via TaskDialogIndirect.c
|
|
|
|
|
2022-09-05 - Shellcode Execution via WinHttpSetStatus.c
|
|
|
|
|
2022-09-09 - WriteProcessMemoryAPC - Write memory to a remote process using APC calls.pdf
|
|
|
|
|
2022-09-10 - Shellcode Execution via InternetSetStatusCallback.c
|
|
|
|
|
2022-09-11 - Shellcode Execution via CreateThreadPoolTimer.c
|
|
|
|
|
2022-09-11 - Shellcode Execution via CreateThreadPoolWork.c
|
|
|
|
|
2022-09-11 - Shellcode Execution via GetOpenFileName.c
|
|
|
|
|
2022-09-11 - Shellcode Execution via GetSaveFileName.c
|
|
|
|
|
2022-09-12 - Shellcode Execution via FindText.c
|
|
|
|
|
2022-09-12 - Shellcode Execution via OleUIBusy.c
|
|
|
|
|
2022-09-12 - Shellcode Execution via PrintDlg.c
|
|
|
|
|
2022-09-12 - Shellcode Execution via ReplaceText.c
|
|
|
|
|
2022-09-13 - Shellcode Execution via PageSetupDlg.c
|
|
|
|
|
2022-09-14 - Abusing Notepad Plugins for Evasion and Persistence.pdf
|
|
|
|
|
2022-09-14 - Myths About External C2.pdf
|
|
|
|
|
2022-09-15 - Shellcode Execution via ChooseFont.c
|
|
|
|
|
2022-09-15 - Shellcode Execution via TrySubmitThreadpoolCallback.c
|
|
|
|
|
2022-09-16 - Dissecting Windows Section Objects.pdf
|
|
|
|
|
2022-09-18 - Shellcode Execution via acmDriverEnum.c
|
|
|
|
|
2022-09-18 - Shellcode Execution via acmFilterChoose.c
|
|
|
|
|
2022-09-18 - Shellcode Execution via ChooseColor.c
|
|
|
|
|
2022-09-18 - Shellcode Execution via LineDDA.c
|
|
|
|
|
2022-09-18 - Shellcode Execution via NotifyRouteChange2.c
|
|
|
|
|
2022-09-18 - Shellcode Execution via RegisterWaitChainCOMCallback.c
|
|
|
|
|
2022-09-19 - Shellcode Execution via PdhBrowseCounters.c
|
|
|
|
|
2022-09-20 - Shellcode Execution via CertFindChainInStore.c
|
|
|
|
|
2022-09-20 - Shellcode Execution via ClusWorkerCreate.c
|
|
|
|
|
2022-09-20 - Shellcode Execution via PowerRegisterForEffectivePowerModeNotifications.c
|
|
|
|
|
2022-09-21 - Shellcode Execution via MI_Session_Close.c
|
|
|
|
|
2022-09-21 - Shellcode Execution via MI_Session_Invoke.c
|
|
|
|
|
2022-09-21 - Shellcode Execution via NotifyNetworkConnectivityHintChange.c
|
|
|
|
|
2022-09-21 - Shellcode Execution via WinBioCaptureSampleWithCallback.c
|
|
|
|
|
2022-09-21 - Shellcode Execution via WinBioEnrollCaptureWithCallback.c
|
|
|
|
|
2022-09-21 - Shellcode Execution via WinBioVerifyWithCallback.c
|
|
|
|
|
2022-09-21 - Shellcode Execution via WindowsInspectString.c
|
|
|
|
|
2022-09-23 - Shellcode Execution via FCICreate.c
|
|
|
|
|
2022-09-26 - Sacrificing Suspended Processes.7z
|
|
|
|
|
2022-09-27 - Constrained Language Mode Bypass When __PSLockDownPolicy Is Used.pdf
|
|
|
|
|
2022-09-28 - Demonstrating the VirusTotal C2.zip
|
|
|
|
|
2022-09-28 - MS Help 2 Primer.pdf
|
|
|
|
|
2022-10-01 - Manual ICMP implementation using NtDeviceIoControlFile.txt
|
|
|
|
|
2022-10-07 - Short term snapshot deletion via ExecuteScheduledSPPCreation.7z
|
|
|
|
|
2022-10-09 - Windows Server LDIF File Abuse for Silently Downloading Files.7z
|
|
|
|
|
2022-10-11 - Abusing the Windows Power Management API.7z
|
|
|
|
|
2022-10-11 - Custom Keyboard Layout Persistence.zip
|
|
|
|
|
2022-10-13 - Random Number Generation using IOCTL.txt
|
|
|
|
|
2022-10-15 - Shellcode Execution via EnumCalendarInfo.cpp
|
|
|
|
|
2022-10-18 - Changing memory protection using APC.pdf
|
|
|
|
|
2022-10-18 - Fantastic Rootkits And Where to Find Them Part 1.pdf
|
|
|
|
|
2022-10-20 - SharedMemUtils - A simple tool to automatically find vulnerabilities in shared memory objects.pdf
|
|
|
|
|
2022-10-22 - WAM BAM - Recovering Web Tokens From Office.7z
|
|
|
|
|
2022-10-28 - Using Windows IUIAutomation for spyware and other malicious purposes.html
|
|
|
|
|
2022-10-30 - Lord Of The Ring0 - Part 3 Sailing to the land of the user and debugging the ship.pdf
|
|
|
|
|
2022-10-31 - Heavens Gate in CSharp.7z
|
|
|
|
|
2022-10-31 - Resolving syscalls in CSharp.7z
|
|
|
|
|
2022-11-02 - IIS Pool Credential Dumping via undocumented command line arguments.7z
|
|
|
|
|
2022-11-16 - Bypassing AV-EDR Hooks via Vectored Syscall.pdf
|
|
|
|
|
2022-11-19 - An Exercise in Dynamic Analysis.pdf
|
|
|
|
|
2022-11-22 - x64 return address spoofing.7z
|
|
|
|
|
2022-11-23 - An End to KASLR Bypasses.pdf
|
|
|
|
|
2022-12-04 - SilentMoonWalk - Demonstrating call stack spoofing.zip
|
|
|
|
|
2022-12-07 - Programmatically Deleting Shadow Volumes - Xaoc.7z
|
|
|
|
|
2022-12-08 - Hooking System Calls in Windows 11 22H2 like Avast Antivirus. Research, analysis and bypass.pdf
|
|
|
|
|
2022-12-10 - StealthHook - A method for hooking a function without modifying memory protection.pdf
|
|
|
|
|
2022-12-16 - Polyshell - Bash, Batch, and Powershell Polyglot.zip
|
|
|
|
|
2022-12-18 - Diving into Intel Killer bloatware part 1.pdf
|
|
|
|
|
2022-12-18 - Shellcode Execution via GrayString.c
|
|
|
|
|
2022-12-18 - Shellcode Execution via SHBrowseForFolder.c
|
|
|
|
|
2022-12-19 - Shellcode Execution via DirectDrawEnumerateExA.c
|
|
|
|
|
2022-12-19 - Shellcode Execution via SetupIterateCabinet.c
|
|
|
|
|
2022-12-20 - Shellcode Execution via DnsStartMulticastQuery.c
|
|
|
|
|
2022-12-20 - Shellcode Execution via WriteEncryptedFileRaw.c
|
|
|
|
|
2022-12-23 - Ctrl Injection Collection.7z
|
|
|
|
|
2022-12-23 - Simple PE Loader.7z
|
|
|
|
|
2022-12-29 - Bootkitting Windows Sandbox.pdf
|
|
|
|
|
2022-12-30 - Code Execution against Windows HVCI.pdf
|
|
|
|
|
2023-01-04 - Investigating Filter Communication Ports.pdf
|
|
|
|
|
2023-01-11 - SelfDebug - A useless anti-debug trick by forcing a process to debug itself.pdf
|
|
|
|
|
2023-01-20 - Shellcode Execution via RoInspectCapturedStackBackTrace.c
|
|
|
|
|
2023-01-20 - Shellcode Execution via RoInspectThreadErrorInfo.c
|
|
|
|
|
2023-01-21 - Shellcode Execution via NPAddConnection3.c
|
|
|
|
|
2023-01-21 - Shellcode Execution via WscRegisterForChanges.c
|
|
|
|
|
2023-01-23 - Exfiltrating data using Powershell and WAV files.7z
|
|
|
|
|
2023-01-24 - Persistence via VSCode Profile Abuse.7z
|
|
|
|
|
2023-01-28 - Shellcode Execution via acmFormatTagEnum.c
|
|
|
|
|
2023-01-28 - Shellcode Execution via DrawState.c
|
|
|
|
|
2023-01-28 - Shellcode Execution via WriteEncryptedFileRaw.c
|
|
|
|
|
2023-01-29 - Indirect Syscall is Dead Long Live Custom Call Stacks.7z
|
|
|
|
|
2023-01-29 - Shellcode Execution via BindImageEx.c
|
|
|
|
|
2023-01-29 - Shellcode Execution via CertCreateContext.c
|
|
|
|
|
2023-01-29 - Shellcode Execution via CertEnumPhysicalStore.c
|
|
|
|
|
2023-01-29 - Shellcode Execution via DdeInitialize.c
|
|
|
|
|
2023-01-29 - Shellcode Execution via DnsServiceBrowse.c
|
|
|
|
|
2023-01-29 - Shellcode Execution via SetupInstallFile.c
|
|
|
|
|
2023-01-29 - Shellcode Execution via waveOutOpen.c
|
|
|
|
|
2023-01-30 - Abusing Exceptions for Code Execution Part 2.pdf
|
|
|
|
|
2023-01-30 - Shellcode Execution via MiniDumpWriteDump.c
|
|
|
|
|
2023-01-31 - Lets Go VS Code - Using VS Code as a Reverse Shell.pdf
|
|
|
|
|
2023-02-01 - Weird things I learned while writing an x86 emulator.pdf
|
|
|
|
|
2023-02-03 - Windows Domain Controller NTDSUTIL activate instance abuse.PNG
|
|
|
|
|
2023-02-06 - Diving Deeper Into Pre-created Computer Accounts.pdf
|
|
|
|
|
2023-02-07 - Demonstrating Unhooking NTDLL from Disk.7z
|
|
|
|
|
2023-02-07 - Demonstrating Unhooking NTDLL from KnownDlls.7z
|
|
|
|
|
2023-02-07 - Demonstrating Unhooking NTDLL from Remote Server.7z
|
|
|
|
|
2023-02-07 - Demonstrating Unhooking NTDLL from Suspended Process.7z
|
|
|
|
|
2023-02-07 - Home Grown Red Team - Lets Make Some OneNote Phishing Attachments.pdf
|
|
|
|
|
2023-02-09 - Transitioning from User Mode to Kernel mode - Extravagant Prick.txt
|
|
|
|
|
2023-02-14 - Adopting Position Independent Shellcodes from Object Files in Memory for Threadless Injection.pdf
|
|
|
|
|
2023-02-24 - Lord Of The Ring0 - Part 4 The call back home.pdf
|
|
|
|
|
2023-03-16 - Minimal Executables.pdf
|
|
|
|
|
2023-03-19 - Different ways to create a process.html
|
|
|
|
|
2023-03-21 - EkkoEx Sleep obfuscation.txt
|
|
|
|
|
2023-04-11 - Stepping Insyde System Management Mode.pdf
|
|
|
|
|
2023-04-17 - An in-depth look at the Golang Windows calls.pdf
|
|
|
|
|
2023-04-18 - Diving into Intel Killer bloatware part 2.pdf
|
|
|
|
|
2023-04-18 - Process injection in 2023 evading leading EDRs.pdf
|
|
|
|
|
2023-04-25 - Demonstrating stack encryption.zip
|
|
|
|
|
2023-05-02 - Preventing application creation by IFEO keys.png
|
|
|
|
|
2023-05-03 - Exploring Impersonation through the Named Pipe Filesystem Driver.pdf
|
|
|
|
|
2023-05-04 - Fantastic Rootkits and Where to Find Them Part 2.pdf
|
|
|
|
|
2023-05-17 - VBA resolving exports in runtime without NtQueryInformationProcess or GetProcAddress.pdf
|
|
|
|
|
2023-05-20 - Demonstrating using SMS as a C2.zip
|
|
|
|
|
2023-06-01 - Improving the stealthiness of memory injections techniques.pdf
|
|
|
|
|
2023-06-05 - Abusing undocumented features to spoof PE section headers.pdf
|
|
|
|
|
2023-06-05 - Terminator - Demonstrating how to kill EDR processes using a driver.zip
|
|
|
|
|
2023-06-09 - Finding and exploiting process killer drivers with LOL for 3000 dollars.7z
|
|
|
|
|
2023-06-09 - Finding and exploiting process killer drivers with LOL for 3000 dollars.pdf
|
|
|
|
|
2023-06-09 - No Alloc, No Problem - Leveraging Program Entry Points for Process Injection.pdf
|
|
|
|
|
2023-06-18 - DCOMHijack - Demonstrating lateral movement using DCOM and DLL hijacking.zip
|
|
|
|
|
2023-06-27 - Process Mockingjay Echoing RWX In Userland To Achieve Code Execution.pdf
|
|
|
|
|
2023-07-01 - Demonstrating a Rust based Bootkit.zip
|
|
|
|
|
2023-07-14 - Oh-No a Vulnerability and PoC demonstration in a popular Minecraft Anticheat tool.pdf
|
|
|
|
|
2023-07-15 - Poch Poch is this thing on - Bypass AMSI with Divide and Conquer.pdf
|
|
|
|
|
2023-07-19 - Escalating Privileges via Third-Party Windows Installers.pdf
|
|
|
|
|
2023-07-23 - Malware via VHD Files, an Excellent Choice.pdf
|
|
|
|
|
2023-07-25 - Advanced Module Stomping & Heap Stack Encryption.pdf
|
|
|
|
|
2023-07-25 - Prefetch - The Little Snitch That Tells on You.pdf
|
|
|
|
|
2023-07-26 - WSPCoerce - PoC to allow authentication from Windows hosts using MS-WSP.zip
|
|
|
|
|
2023-07-27 - Kerberos UAC Bypass - Abusing Kerberos Tickets for UAC Bypasses.zip
|
|
|
|
|
2023-07-29 - Lord Of The Ring0 - Part 5 Sarumans Manipulation.pdf
|
|
|
|
|
2023-08-04 - Advanced persistence via Shell Extensions.7z
|
|
|
|
|
2023-08-13 - LAPS 2.0 Internals.pdf
|
|
|
|
|
2023-08-15 - Dll Notification Injection.7z
|
|
|
|
|
2023-08-16 - Understanding Syscalls Direct and Indirect and Cobalt Strike Implementation.pdf
|
|
|
|
|
2023-08-23 - Demonstrating how IIS decrypts AppPool credentials.7z
|
|
|
|
|
2023-08-23 - Demystifying DLL Hijacking Understanding the Intricate World of Dynamic Link Library Attacks.pdf
|
|
|
|
|
2023-08-27 - Demonstrating Parent Process ID Spoofing.txt
|
|
|
|
|
2023-08-28 - Uac bypass via UIPI or Windows Task Manager.txt
|
|
|
|
|
2023-08-29 - DevTunnels for C2.pdf
|
|
|
|
|
2023-09-05 - Demonstrating MockingJay with a POC and BOF.7z
|
|
|
|
|
2023-09-06 - How to Troll an AV.7z
|
|
|
|
|
2023-09-10 - GIF Steganography from First Principles.pdf
|
|
|
|
|
2023-09-11 - MATLAB Reverse Shell.7z
|
|
|
|
|
2023-09-12 - Peeling back the curtain with call stacks.pdf
|
|
|
|
|
2023-09-14 - Bypassing UAC with SSPI Datagram Contexts.pdf
|
|
|
|
|
2023-09-15 - An Introduction into Stack Spoofing.pdf
|
|
|
|
|
2023-09-15 - Hypervisor Detection with SystemHypervisorDetailInformation.pdf
|
|
|
|
|
2023-09-20 - Windows Authentication - Credential Providers - Part 1.pdf
|
|
|
|
|
2023-10-02 - Process Injection using NtSetInformationProcess.pdf
|
|
|
|
|
2023-10-03 - Lets Go into the rabbit hole - the challenges of dynamically hooking Golang programs.pdf
|
|
|
|
|
2023-10-03 - LPE with MSI Installers.pdf
|
|
|
|
|
2023-10-04 - Windows Authentication - Credential Providers - Part 2.pdf
|
|
|
|
|
2023-10-05 - Windows Authentication - Credential Providers - Part 2.pdf
|
|
|
|
|
2023-10-06 - Reflective call stack detections and evasions.pdf
|
|
|
|
|
2023-10-09 - Demonstrating Sleep Obfuscation - KrakenMask.7z
|
|
|
|
|
2023-11-06 - Running PEs Inline Without a Console.pdf
|
|
|
|
|
2023-11-12 - How to dig into the CLR.pdf
|
|
|
|
|
2023-11-22 - ETW internals for security research and forensics.7z
|
|
|
|
|
2023-11-29 - The Art of Windows Persistence.pdf
|
|
|
|
|
2023-11-29 - Unwind - Callstack spoofing in Rust.7z
|
|
|
|
|
2023-12-06 - Process Injection Techniques Using Windows Thread Pools.7z
|
|
|
|
|
2023-12-19 - SignToolEx - code signing with leaked certs and abusing MS detours.zip
|
|
|
|
|
2023-12-21 - InsightEngineering - Advanced Windows Debugging.zip
|
|
|
|
|
2023-12-24 - Arbitrary Command Execution Via Windows Kit's StandaloneRunner.pdf
|
|
|
|
|
2023-12-25 - An Introduction to Bypassing User Mode EDR Hooks.pdf
|
|
|
|
|
2023-12-26 - A little known secret of runonceexe 32-bit.pdf
|
|
|
|
|
2023-12-27 - A little known secret of regsvr32exe take two.pdf
|
|
|
|
|
2023-12-29 - Usermode encryption but only LOCALSYSTEM can decrypt.7z
|
|
|
|
|
2023-12-31 - Compression using undocumented RDP APIs.7z
|
|
|
|
|
2024-01-06 - A little known secret of fondue dot exe.pdf
|
|
|
|
|
2024-01-06 - Token stealing with Syscalls only.7z
|
|
|
|
|
2024-01-15 - Undocumented DISM properties.7z
|
|
|
|
|
2024-01-22 - Demonstrating proxy DLL loading.zip
|
|
|
|
|
2024-01-23 - Windows Event Log service DoS.zip
|
|
|
|
|
2024-01-24 - Demonstrating Remote TLS Callback Injection.zip
|
|
|
|
|
2024-01-24 - How to perform a Complete Process Hollowing.pdf
|
|
|
|
|
2024-01-31 - Abusing the GPU for Malware with OpenCL.pdf
|
|
|
|
|
2024-02-01 - Unmanaged .NET Patching.pdf
|
|
|
|
|
2024-02-02 - Bypassing EDRs With EDR-Preloading.pdf
|
|
|
|
|
2024-02-02 - GetProcAddress usage via ordinal.7z
|
|
|
|
|
2024-02-06 - Exploiting a vulnerable Minifilter driver to create a process killer.7z
|
|
|
|
|
2024-02-08 - Bypassing ApplyOnce limitation in GPO with key removal.7z
|
|
|
|
|
2024-02-08 - Deep Dive Into Exploiting Windows Thread Pools.7z
|
|
|
|
|
2024-02-08 - Disabling System Event Logs with IDataCollectorSet.7z
|
|
|
|
|
2024-02-08 - Executing CSharp Assemblies from C code.pdf
|
|
|
|
|
2024-02-09 - Sudo On Windows - Quick Rundown.pdf
|
|
|
|
|
2024-02-12 - Hypervisor enforced security policies for NTOS secure kernel and a child partition.pdf
|
|
|
|
|
2024-02-12 - Why Windows cant follow WSL symlinks.pdf
|
|
|
|
|
2024-02-16 - Beyond Process and Object Callbacks - An Unconventional Method.pdf
|
|
|
|
|
2024-02-16 - InflativeLoading.7z
|
|
|
|
|
2024-02-24 - iExpress LOLBINS and Diamond seds.7z
|
|
|
|
|
2024-02-25 - Keylogging in the Windows kernel with undocumented data structures.pdf
|
|
|
|
|
2024-02-27 - What is Regedt32.EXE.7z
|
|
|
|
|
2024-02-28 - MutationGate.7z
|
|
|
|
|
2024-03-03 - A Trip Down Memory Lane - A history of AV evasion.pdf
|
|
|
|
|
2024-03-03 - Explorer.exe LOLBIN and persistence.pdf
|
|
|
|
|
2024-03-08- Manipulating Token Attribute structures.7z
|
|
|
|
|
2024-03-09 - YARP as a C2 Redirector.pdf
|
|
|
|
|
2024-03-15 - Capping process CPU usage.7z
|
|
|
|
|
2024-03-18 - Abusing SeTrustedCredmanAccessPrivilege to dump user creds.zip
|
|
|
|
|
2024-03-23 - Anti-Anti-Rootkit Techniques - Part I UnKovering mapped rootkits.pdf
|
|
|
|
|
2024-04-12 - Understanding ETW Patching.pdf
|
|
|
|
|
2024-04-19 - Detecting Sandboxes Without Syscalls.pdf
|
|
|
|
|
2024-06-09 - Bypassing EDR NTDSdit protection using BlueTeam tools.pdf
|
|
|
|
|
2024-06-11 - Lets Go into the rabbit hole part 2 - the challenges of dynamically hooking Golang programs.pdf
|
|
|
|
|
2024-08-04 - Abusing the search-ms URI protocol handler.pdf
|
|
|
|
|
2024-08-08 - Abusing Windows Hello without a severed hand.7z
|
|
|
|
|
2024-08-09 - Blocking EDR Drivers with WDAC policies.7z
|
|
|
|
|
2024-08-10 - ShimMe - Manipulating Shim and Office for Code Injection.7z
|
|
|
|
|
2024-08-11 - Blocking EDR drivers with HVCIDisallowedimage.7z
|
|
|
|
|
2024-08-11 - DriverJack.7z
|
|
|
|
|
2024-08-13 - Abusing AVEDR Exclusions to Evade Detections.pdf
|
|
|
|
|
2024-08-14 - Tricks with Microsoft Word and Sandboxes.pdf
|
|
|
|
|
2024-08-15 - Offline SAM Editing.pdf
|
|
|
|
|
2024-08-17 - HookChain - A new perspective for Bypassing EDR Solutions.pdf
|
|
|
|
|
2024-08-19 - DRMBIN - Prevent binaries from running on other machines.zip
|
|
|
|
|
2024-08-26 - DLL Sideloading ith LicenseDiag.exe.7z
|
|
|
|
|
2024-08-30 - Evil MSI A story about vulnerabilities in MSI Files.pdf
|
|
|
|
|
2024-08-31 - Finding open file handles in PS.7z
|
|
|
|
|
2024-09-03 - Rundll32 and Phantom DLL lolbins.7z
|
|
|
|
|
2024-09-04 - Rundll32 and Phantom DLL lolbins, 32-bit version.7z
|
|
|
|
|
2024-09-12 - Proof of Concept - Transforming an EXE or DLL to Shellcode.7z
|
|
|
|
|
2024-09-13 - ScriptBlock Smuggling.pdf
|
|
|
|
|
2024-09-16 - Kernel ETW is the bestnbspETW.pdf
|
|
|
|
|
2024-09-20 - Anti-Anti-Rootkit Techniques - Part II Stomped Drivers and Hidden Threads.pdf
|
|
|
|
|
2024-09-28 - Notes on unprivileged access to Bitlocker.zip
|
|
|
|
|
2024-10-04 - Notes on xWizard.exe and xWizards.dll.png
|
|
|
|
|
2024-10-09 - XBL Live Game Save DCOM for lateral movement.zip
|
|
|
|
|
2024-10-15 - Introducing Early Cascade Injection from Windows process creation to stealthy injection.pdf
|
|
|
|
|
2024-10-22 - Offensive Groovy programming.pdf
|
|
|
|
|
2024-10-22 - Reading BitLocker numerical passwords via API.zip
|
|
|
|
|
2024-10-24 - EmbedPayloadInPng.zip
|
|
|
|
|
2024-10-27 - ExecutePeFromPngViaLNK.zip
|
|
|
|
|
2024-10-30 - EV code signing with pfx in 2024.pdf
|
|
|
|
|
2024-10-31 - SysVEHSyscalls in Rust.zip
|
|
|
|
|
2024-11-09 - Structured Storage and Compound Files.pdf
|
|
|
|
|
2024-11-09 - Using VBS enclaves for anti-cheat purposes.pdf
|
|
|
|
