|
Up
|
|
|
|
|
2019-06-19 - Combining Direct System Calls and sRDI.pdf
|
|
|
|
|
2019-07-07 - Calling Syscalls Directly from Visual Studio to Bypass AVs and EDRs.pdf
|
|
|
|
|
2020-05-10 - The Fake Entry Point Trick.txt
|
|
|
|
|
2020-06-20 - Hiding Process Memory via Anti-Forensic Techniques.pdf
|
|
|
|
|
2020-12-31 - Bypassing User-Mode Hooks and Direct Invocation of System Calls for Red Teams.pdf
|
|
|
|
|
2021-01-09 - Heresys Gate Kernel ZwNTDLL Scraping and Work Out Ring 0 to Ring 3 via Worker Factories.pdf
|
|
|
|
|
2021-01-10 - Offensive Windows IPC Internals 1 Named Pipes.pdf
|
|
|
|
|
2021-02-12 - Offensive Windows IPC Internals 2 RPC.pdf
|
|
|
|
|
2021-03-28 - Executing a PE File in Memory.zip
|
|
|
|
|
2021-12-07 - Dynamically Retrieving SYSCALLs - Hells Gate.7z
|
|
|
|
|
2021-12-07 - Identifying Antivirus Software by enumerating Minifilter String Names.7z
|
|
|
|
|
2022-02-04 - AppLocker bypass by hash caching misuse.pdf
|
|
|
|
|
2022-02-04 - JmpNoCall.pdf
|
|
|
|
|
2022-03-11 - AV and EDR Evasion Using Direct System Calls.pdf
|
|
|
|
|
2022-04-03 - NtdllPipe - Using cmd.exe to retrieve a clean version of ntdll.dll.pdf
|
|
|
|
|
2022-04-09 - Demonstrating API Hooking in Rust.rar
|
|
|
|
|
2022-04-11 - Demonstrating Copying Data To A GPU - GpuMemoryAbuse.cpp
|
|
|
|
|
2022-04-19 - Resolving System Service Numbers using the Exception Directory.pdf
|
|
|
|
|
2022-04-22 - Bypassing LSA Protection in Userland.pdf
|
|
|
|
|
2022-04-23 - Bypassing PESieve and Moneta The easy way.pdf
|
|
|
|
|
2022-05-05 - A very simple and alternative PID finder.pdf
|
|
|
|
|
2022-05-24 - Gargoyle x64 - DeepSleep.zip
|
|
|
|
|
2022-06-14 - Demonstrating inline syscalls in Cplusplus.zip
|
|
|
|
|
2022-06-17 - Demonstrating Thread Stack Spoofing.zip
|
|
|
|
|
2022-06-26 - Protecting the Heap - Encryption and Hooks.pdf
|
|
|
|
|
2022-06-30 - CallStack Spoofer Demonstration.zip
|
|
|
|
|
2022-06-30 - Spoofing Call Stacks To Confuse EDRs.pdf
|
|
|
|
|
2022-07-05 - Vulpes - Obfuscating Memory Regions with Timers.pdf
|
|
|
|
|
2022-08-02 - Fourteen Ways to Read the PID for the Local Security Authority Subsystem Service LSASS.pdf
|
|
|
|
|
2022-08-04 - API Resolving Obfuscation via Veh.zip
|
|
|
|
|
2022-08-07 - Tampering With Windows Syscalls.zip
|
|
|
|
|
2022-08-08 - Manual Implementation of BlockDLLs and ACG.cpp
|
|
|
|
|
2022-08-16 - Demonstrating inline function importing in Cplusplus.zip
|
|
|
|
|
2022-09-26 - Sacrificing Suspended Processes.7z
|
|
|
|
|
2022-10-18 - Changing memory protection using APC.pdf
|
|
|
|
|
2022-10-31 - Heavens Gate in CSharp.7z
|
|
|
|
|
2022-10-31 - Resolving syscalls in CSharp.7z
|
|
|
|
|
2022-11-22 - x64 return address spoofing.7z
|
|
|
|
|
2022-12-04 - SilentMoonWalk - Demonstrating call stack spoofing.zip
|
|
|
|
|
2022-12-08 - Hooking System Calls in Windows 11 22H2 like Avast Antivirus. Research, analysis and bypass.pdf
|
|
|
|
|
2023-02-07 - Demonstrating Unhooking NTDLL from Disk.7z
|
|
|
|
|
2023-02-07 - Demonstrating Unhooking NTDLL from KnownDlls.7z
|
|
|
|
|
2023-02-07 - Demonstrating Unhooking NTDLL from Remote Server.7z
|
|
|
|
|
2023-02-07 - Demonstrating Unhooking NTDLL from Suspended Process.7z
|
|
|
|
|
2023-04-17 - An in-depth look at the Golang Windows calls.pdf
|
|
|
|
|
2023-04-25 - Demonstrating stack encryption.zip
|
|
|
|
|
2023-08-16 - Understanding Syscalls Direct and Indirect and Cobalt Strike Implementation.pdf
|
|
|
|
|
2023-10-09 - Demonstrating Sleep Obfuscation - KrakenMask.7z
|
|
|
|
|
2024-02-28 - MutationGate.7z
|
|
|
|