|
Go up
|
— |
— |
|
|
2008-08-06 - Branchless Equivalents of Simple Functions.pdf
|
178 KiB |
|
|
|
2011-07-04 - Mixing x86 with x64 code.pdf
|
298 KiB |
|
|
|
2015-08-10 - Windows 10HH Symbolic Link Mitigations.pdf
|
387 KiB |
|
|
|
2016-02-10 - The Definitive Guide on Win32 to NT Path Conversion.pdf
|
935 KiB |
|
|
|
2017-10-03 - Windows 10 Parallel Loading Breakdown.pdf
|
2.1 MiB |
|
|
|
2017-10-06 - An Introduction to Standard and Isolation Minifilters.pdf
|
338 KiB |
|
|
|
2017-10-15 - Understanding API Set Resolution.7z
|
558 KiB |
|
|
|
2018-04-11 - WoW64 internals.pdf
|
2.6 MiB |
|
|
|
2018-08-07 - Windows Exploitation Tricks Exploiting Arbitrary Object Directory Creation for Local Elevation of Pri.pdf
|
255 KiB |
|
|
|
2018-08-19 - NTFS Alternate Streams What, When, and How To.7z
|
236 KiB |
|
|
|
2019-02-15 - Understanding Windows x64 ASM.7z
|
2.0 MiB |
|
|
|
2019-02-25 - Notes on RtlCloneUserProcess.7z
|
436 KiB |
|
|
|
2019-04-26 - Hunting for Ghosts in Fileless Attacks.pdf
|
4.3 MiB |
|
|
|
2019-08-23 - How the Antimalware Scan Interface AMSI helps you defend against malware.pdf
|
430 KiB |
|
|
|
2019-12-17 - Calling Local Windows RPC Servers from NET.pdf
|
431 KiB |
|
|
|
2020-01-02 - Exploiting Flaws in Windbg.pdf
|
1012 KiB |
|
|
|
2020-01-05 - RIP ROP CET Internals in Windows 20H1.pdf
|
1.6 MiB |
|
|
|
2020-04-01 - Updating the Undocumented ESTROBJ and STROBJ Structures for Windows 10 x64.pdf
|
827 KiB |
|
|
|
2020-04-24 - Windows DLL Hijacking Hopefully Clarified.pdf
|
737 KiB |
|
|
|
2020-05-17 - APC Series User APC API.pdf
|
337 KiB |
|
|
|
2020-05-27 - Shellcode - Recycling Compression Algorithms for the Z80, 8088, 6502, 8086 and 68K Architectures.pdf
|
414 KiB |
|
|
|
2020-06-03 - APC Series User APC Internals.pdf
|
599 KiB |
|
|
|
2020-06-28 - APC Series KiUserApcDispatcher and Wow64.pdf
|
335 KiB |
|
|
|
2020-07-03 - How to obfuscate strings using CPlusPlus constexpr Or how to do it correctly at compile time.txt
|
7.7 KiB |
|
|
|
2020-07-10 - Fs Minifilter Hooking Part 1.pdf
|
1.5 MiB |
|
|
|
2020-07-11 - Superfetch - Unknown Spy.pdf
|
1.5 MiB |
|
|
|
2020-07-12 - Secure Pool Internals Dynamic KDP Behind The Hood.pdf
|
1.3 MiB |
|
|
|
2020-08-03 - Critical Protected DUT Processes in Windows 10.pdf
|
474 KiB |
|
|
|
2020-09-26 - Deep dive into user-mode Asynchronous Procedure Calls in Windows.pdf
|
717 KiB |
|
|
|
2020-09-26 - Demystifying the SVCHOSTEXE Process and Its Command Line Options.pdf
|
350 KiB |
|
|
|
2020-10-06 - CET Updates - CET on Xanax.pdf
|
247 KiB |
|
|
|
2020-10-10 - A Deep Dive Into RUNDLL32EXE.pdf
|
279 KiB |
|
|
|
2020-11-09 - DPWs are the new DPCs Deferred Procedure Waits in Windows 10 21H1.pdf
|
1.1 MiB |
|
|
|
2020-12-31 - Antivirus Artifacts III.pdf
|
344 KiB |
|
|
|
2021-01-09 - CET Updates - Dynamic Address Ranges.pdf
|
198 KiB |
|
|
|
2021-01-10 - Offensive Windows IPC Internals 1 Named Pipes.pdf
|
579 KiB |
|
|
|
2021-01-12 - tagSOleTlsData and the COM concurrency model for the current thread.pdf
|
618 KiB |
|
|
|
2021-01-20 - Process on a diet anti-debug using job objects.pdf
|
93 KiB |
|
|
|
2021-02-12 - Offensive Windows IPC Internals 2 RPC.pdf
|
682 KiB |
|
|
|
2021-02-13 - x64 Deep Dive.pdf
|
923 KiB |
|
|
|
2021-04-20 - Thread and Process State Change.pdf
|
300 KiB |
|
|
|
2021-05-24 - IO Rings When One IO Operation is Not Enough.pdf
|
739 KiB |
|
|
|
2021-10-09 - IoRing vs io_uring a comparison of Windows and Linux implementations.pdf
|
122 KiB |
|
|
|
2021-11-15 - Design issues of modern EDRs bypassing ETW-based solutions.pdf
|
10 MiB |
|
|
|
2021-12-01 - Writing a simple 16 bit VM in less than 125 lines of C.pdf
|
1.3 MiB |
|
|
|
2022-01-04 - Exploring Token Members Part 1.pdf
|
680 KiB |
|
|
|
2022-01-09 - Understanding Windows Structured Exception Handling Part 1 – The Basics.pdf
|
350 KiB |
|
|
|
2022-01-15 - Modifying the EPROCESS structure.7z
|
6.0 KiB |
|
|
|
2022-01-16 - Notes on Windows MS-CXH and MS-CXH-FULL handlers.pdf
|
116 KiB |
|
|
|
2022-01-16 - Understanding Windows Structured Exception Handling Part 2 – Digging Deeper.pdf
|
260 KiB |
|
|
|
2022-01-22 - Understanding Windows Structured Exception Handling Part 3 – Under The Hood.pdf
|
468 KiB |
|
|
|
2022-01-23 - Understanding Windows Structured Exception Handling Part 4 – Pseudo __try and __except.pdf
|
167 KiB |
|
|
|
2022-02-16 - Exploring Token Members Part 2.pdf
|
223 KiB |
|
|
|
2022-02-17 - The magic behind wlrmdrexe.pdf
|
175 KiB |
|
|
|
2022-02-25 - LogNT32 - Part 2 - Return-address hijacking implemented to improve efficiency.pdf
|
216 KiB |
|
|
|
2022-03-14 - Reversing Common Obfuscation Techniques.pdf
|
413 KiB |
|
|
|
2022-04-29 - One Year to IO Ring What Changed.pdf
|
1.9 MiB |
|
|
|
2022-05-02 - g_CiOptions in a Virtualized World.pdf
|
569 KiB |
|
|
|
2022-05-05 - Studying Next Generation Malware - NightHawks Attempt At Obfuscate and Sleep.pdf
|
106 KiB |
|
|
|
2022-06-08 - Inside Get-AuthenticodeSignature.pdf
|
1.3 MiB |
|
|
|
2022-07-05 - WMI Internals Part 1 - Understanding the Basics.pdf
|
1.0 MiB |
|
|
|
2022-07-26 - Understanding DISM - Servicing Stack Interaction.pdf
|
223 KiB |
|
|
|
2022-08-02 - Inside Windows Defender System Guard Runtime Monitor.pdf
|
431 KiB |
|
|
|
2022-08-05 - Exploring the Windows Search Application Cache.zip
|
5.8 KiB |
|
|
|
2022-08-16 - Demonstrating inline function importing in Cplusplus.zip
|
15 KiB |
|
|
|
2022-08-16 - Understanding a New Mitigation Module Tampering Protection.pdf
|
1.9 MiB |
|
|
|
2022-09-05 - Inside the Windows Cache Manager.pdf
|
685 KiB |
|
|
|
2022-09-16 - Dissecting Windows Section Objects.pdf
|
1.3 MiB |
|
|
|
2022-09-26 - Sacrificing Suspended Processes.7z
|
2.2 MiB |
|
|
|
2022-09-28 - MS Help 2 Primer.pdf
|
264 KiB |
|
|
|
2022-10-20 - SharedMemUtils - A simple tool to automatically find vulnerabilities in shared memory objects.pdf
|
464 KiB |
|
|
|
2022-11-19 - An Exercise in Dynamic Analysis.pdf
|
3.7 MiB |
|
|
|
2022-12-18 - Diving into Intel Killer bloatware part 1.pdf
|
1.4 MiB |
|
|
|
2023-01-04 - Investigating Filter Communication Ports.pdf
|
1.0 MiB |
|
|
|
2023-02-01 - Weird things I learned while writing an x86 emulator.pdf
|
181 KiB |
|
|
|
2023-02-06 - Diving Deeper Into Pre-created Computer Accounts.pdf
|
2.0 MiB |
|
|
|
2023-03-16 - Minimal Executables.pdf
|
419 KiB |
|
|
|
2023-04-11 - Stepping Insyde System Management Mode.pdf
|
627 KiB |
|
|
|
2023-04-17 - An in-depth look at the Golang Windows calls.pdf
|
1004 KiB |
|
|
|
2023-04-18 - Diving into Intel Killer bloatware part 2.pdf
|
542 KiB |
|
|
|
2023-04-19 - WOW64 Callback Table - FinFisher.pdf
|
388 KiB |
|
|
|
2023-05-03 - Exploring Impersonation through the Named Pipe Filesystem Driver.pdf
|
1.1 MiB |
|
|
|
2023-06-09 - Finding and exploiting process killer drivers with LOL for 3000 dollars.7z
|
1.1 MiB |
|
|
|
2023-07-25 - Prefetch - The Little Snitch That Tells on You.pdf
|
1.7 MiB |
|
|
|
2023-08-13 - LAPS 2.0 Internals.pdf
|
3.3 MiB |
|
|
|
2023-08-23 - Demystifying DLL Hijacking Understanding the Intricate World of Dynamic Link Library Attacks.pdf
|
208 KiB |
|
|
|
2023-09-06 - How to Troll an AV.7z
|
4.8 KiB |
|
|
|
2023-09-12 - Peeling back the curtain with call stacks.pdf
|
7.3 MiB |
|
|
|
2023-09-20 - Windows Authentication - Credential Providers - Part 1.pdf
|
1.4 MiB |
|
|
|
2023-10-04 - Windows Authentication - Credential Providers - Part 2.pdf
|
2.3 MiB |
|
|
|
2023-10-05 - Windows Authentication - Credential Providers - Part 2.pdf
|
1.8 MiB |
|
|
|
2023-11-12 - How to dig into the CLR.pdf
|
1.2 MiB |
|
|
|
2023-11-22 - ETW internals for security research and forensics.7z
|
442 KiB |
|
|
|
2023-12-21 - InsightEngineering - Advanced Windows Debugging.zip
|
34 MiB |
|
|
|
2023-12-26 - A little known secret of runonceexe 32-bit.pdf
|
64 KiB |
|
|
|
2023-12-27 - A little known secret of regsvr32exe take two.pdf
|
76 KiB |
|
|
|
2024-01-06 - A little known secret of fondue dot exe.pdf
|
63 KiB |
|
|
|
2024-01-15 - Undocumented DISM properties.7z
|
298 KiB |
|
|
|
2024-02-08 - Deep Dive Into Exploiting Windows Thread Pools.7z
|
336 KiB |
|
|
|
2024-02-09 - Sudo On Windows - Quick Rundown.pdf
|
145 KiB |
|
|
|
2024-02-12 - Why Windows cant follow WSL symlinks.pdf
|
632 KiB |
|
|
|
2024-02-16 - Beyond Process and Object Callbacks - An Unconventional Method.pdf
|
4.0 MiB |
|
|
|
2024-02-27 - What is Regedt32.EXE.7z
|
186 KiB |
|
|
|
2024-03-03 - A Trip Down Memory Lane - A history of AV evasion.pdf
|
2.9 MiB |
|
|
|
2024-03-28 - CveEventWrite notes.png
|
39 KiB |
|
|
|
2024-04-12 - Understanding ETW Patching.pdf
|
877 KiB |
|
|
|
2024-04-17 - Reconstructing Executables Part 1 Between Files and Memory.pdf
|
308 KiB |
|
|
|
2024-06-06 - A fully functional NtCreateProcess mimicking Windows.zip
|
57 KiB |
|
|
|
2024-06-28 - An unexpected journey into Microsoft Defender's signature world.pdf
|
3.3 MiB |
|
|
|
2024-08-30 - Evil MSI A story about vulnerabilities in MSI Files.pdf
|
3.8 MiB |
|
|
|
2024-09-12 - Proof of Concept - Transforming an EXE or DLL to Shellcode.7z
|
5.8 KiB |
|
|
|
2024-09-28 - Notes on unprivileged access to Bitlocker.zip
|
425 KiB |
|
|
|
2024-11-09 - Structured Storage and Compound Files.pdf
|
248 KiB |
|
|
|
2024-11-14 - ETW Forensics - Why use Event Tracing for Windows over EventLog.pdf
|
2.1 MiB |
|
|
|
2024-12-19 - The Windows Registry Adventure 5 - The regf file format.pdf
|
2.6 MiB |
|
|
|
2024-12-24 - Constructing a Win32 Control Handler in MASM.pdf
|
287 KiB |
|
|
|
2025-01-23 - I hate you COM - Pitfalls of COM activation.pdf
|
1.6 MiB |
|
|
|
2025-07-16 - Under the Hood of AFD.sys - Investigating Undocumented Interfaces.pdf
|
913 KiB |
|
|
|
2025-07-31 - Notes on RAM_DISK_CONTEXT.png
|
110 KiB |
|
|
|
2025-08-11 - Notes on SYSTEMTIME.png
|
86 KiB |
|
|
|
2025-09-04 - Investigating a Mysteriously Malformed AuthenticodeSignature.pdf
|
2.2 MiB |
|
|
|
Thumbs.db
|
42 KiB |
|
|
