Blog

• An Introduction to Chrome Exploitation - Maglev Edition Jun 5

• Bypassing Intel CET with Counterfeit Objects Sep 22
• IRQLs Close Encounters of the Rootkit Kind Jan 3

• Work Items & System Worker Threads - 'Practical Reverse Engineering' solutions - Part 3 Mar 10
• System Threads and their elusiveness. 'Practical Reverse Engineering' solutions - Part 2 Feb 11
• Linked List in the Kernel: 'Practical Reverse Engineering' solutions - Part 1 Jan 1

• Kernel exploitation: weaponizing CVE-2020-17382 MSI Ambient Link driver Sep 24
• Silencing the EDR. How to disable process, threads and image-loading detection callbacks. Jul 15
• Distrusting the patch: a run through my first LPE 0-day, from command injection to path traversal May 21
• The universal antidebugger, x64 revamped Apr 10
• heappo: a WinDBG extension for heap tracing Mar 24
• Uncovering Mimikatz 'msv' and collecting credentials through PyKD Jan 20

• Evading WinDefender ATP credential-theft: a hit after a hit-and-miss start Dec 2
• Monitoring linux system-calls the right way Nov 18
• Windows Kernel Shellcodes - a compendium Jul 6
• Converting win shellcode from msfvenom to FASM Jun 13
• Injecting shellcode into x64 ELF binaries May 18
• Baffling objdump Apr 17
• Practical Binary Analysis - Chapter 5 - CTF walkthrough level 7 Mar 31
• Practical Binary Analysis - Chapter 5 - CTF walkthrough level 6 Mar 25
• Custom base64 alphabet encoder/decoder Jan 21

• Detecting VMware on 64-bit systems Dec 5