|
Up
|
|
|
|
|
2008-08-06 - Branchless Equivalents of Simple Functions.pdf
|
|
|
|
|
2015-08-10 - Windows 10HH Symbolic Link Mitigations.pdf
|
|
|
|
|
2016-02-10 - The Definitive Guide on Win32 to NT Path Conversion.pdf
|
|
|
|
|
2017-10-03 - Windows 10 Parallel Loading Breakdown.pdf
|
|
|
|
|
2017-10-06 - An Introduction to Standard and Isolation Minifilters.pdf
|
|
|
|
|
2017-10-15 - Understanding API Set Resolution.7z
|
|
|
|
|
2018-08-07 - Windows Exploitation Tricks Exploiting Arbitrary Object Directory Creation for Local Elevation of Pri.pdf
|
|
|
|
|
2018-08-19 - NTFS Alternate Streams What, When, and How To.7z
|
|
|
|
|
2019-02-15 - Understanding Windows x64 ASM.7z
|
|
|
|
|
2019-02-25 - Notes on RtlCloneUserProcess.7z
|
|
|
|
|
2019-04-26 - Hunting for Ghosts in Fileless Attacks.pdf
|
|
|
|
|
2019-08-23 - How the Antimalware Scan Interface AMSI helps you defend against malware.pdf
|
|
|
|
|
2019-12-17 - Calling Local Windows RPC Servers from NET.pdf
|
|
|
|
|
2020-01-02 - Exploiting Flaws in Windbg.pdf
|
|
|
|
|
2020-01-05 - RIP ROP CET Internals in Windows 20H1.pdf
|
|
|
|
|
2020-04-01 - Updating the Undocumented ESTROBJ and STROBJ Structures for Windows 10 x64.pdf
|
|
|
|
|
2020-04-24 - Windows DLL Hijacking Hopefully Clarified.pdf
|
|
|
|
|
2020-05-17 - APC Series User APC API.pdf
|
|
|
|
|
2020-05-27 - Shellcode - Recycling Compression Algorithms for the Z80, 8088, 6502, 8086 and 68K Architectures.pdf
|
|
|
|
|
2020-06-03 - APC Series User APC Internals.pdf
|
|
|
|
|
2020-06-28 - APC Series KiUserApcDispatcher and Wow64.pdf
|
|
|
|
|
2020-07-03 - How to obfuscate strings using CPlusPlus constexpr Or how to do it correctly at compile time.txt
|
|
|
|
|
2020-07-10 - Fs Minifilter Hooking Part 1.pdf
|
|
|
|
|
2020-07-11 - Superfetch - Unknown Spy.pdf
|
|
|
|
|
2020-07-12 - Secure Pool Internals Dynamic KDP Behind The Hood.pdf
|
|
|
|
|
2020-08-03 - Critical Protected DUT Processes in Windows 10.pdf
|
|
|
|
|
2020-09-26 - Deep dive into user-mode Asynchronous Procedure Calls in Windows.pdf
|
|
|
|
|
2020-09-26 - Demystifying the SVCHOSTEXE Process and Its Command Line Options.pdf
|
|
|
|
|
2020-10-06 - CET Updates - CET on Xanax.pdf
|
|
|
|
|
2020-10-10 - A Deep Dive Into RUNDLL32EXE.pdf
|
|
|
|
|
2020-11-09 - DPWs are the new DPCs Deferred Procedure Waits in Windows 10 21H1.pdf
|
|
|
|
|
2020-12-31 - Antivirus Artifacts III.pdf
|
|
|
|
|
2021-01-09 - CET Updates - Dynamic Address Ranges.pdf
|
|
|
|
|
2021-01-10 - Offensive Windows IPC Internals 1 Named Pipes.pdf
|
|
|
|
|
2021-01-12 - tagSOleTlsData and the COM concurrency model for the current thread.pdf
|
|
|
|
|
2021-01-20 - Process on a diet anti-debug using job objects.pdf
|
|
|
|
|
2021-02-12 - Offensive Windows IPC Internals 2 RPC.pdf
|
|
|
|
|
2021-02-13 - x64 Deep Dive.pdf
|
|
|
|
|
2021-04-20 - Thread and Process State Change.pdf
|
|
|
|
|
2021-05-24 - IO Rings When One IO Operation is Not Enough.pdf
|
|
|
|
|
2021-10-09 - IoRing vs io_uring a comparison of Windows and Linux implementations.pdf
|
|
|
|
|
2021-11-15 - Design issues of modern EDRs bypassing ETW-based solutions.pdf
|
|
|
|
|
2021-12-01 - Writing a simple 16 bit VM in less than 125 lines of C.pdf
|
|
|
|
|
2022-01-04 - Exploring Token Members Part 1.pdf
|
|
|
|
|
2022-01-09 - Understanding Windows Structured Exception Handling Part 1 – The Basics.pdf
|
|
|
|
|
2022-01-15 - Modifying the EPROCESS structure.7z
|
|
|
|
|
2022-01-16 - Notes on Windows MS-CXH and MS-CXH-FULL handlers.pdf
|
|
|
|
|
2022-01-16 - Understanding Windows Structured Exception Handling Part 2 – Digging Deeper.pdf
|
|
|
|
|
2022-01-22 - Understanding Windows Structured Exception Handling Part 3 – Under The Hood.pdf
|
|
|
|
|
2022-01-23 - Understanding Windows Structured Exception Handling Part 4 – Pseudo __try and __except.pdf
|
|
|
|
|
2022-02-16 - Exploring Token Members Part 2.pdf
|
|
|
|
|
2022-02-17 - The magic behind wlrmdrexe.pdf
|
|
|
|
|
2022-02-25 - LogNT32 - Part 2 - Return-address hijacking implemented to improve efficiency.pdf
|
|
|
|
|
2022-03-14 - Reversing Common Obfuscation Techniques.pdf
|
|
|
|
|
2022-04-29 - One Year to IO Ring What Changed.pdf
|
|
|
|
|
2022-05-02 - g_CiOptions in a Virtualized World.pdf
|
|
|
|
|
2022-05-05 - Studying Next Generation Malware - NightHawks Attempt At Obfuscate and Sleep.pdf
|
|
|
|
|
2022-06-08 - Inside Get-AuthenticodeSignature.pdf
|
|
|
|
|
2022-07-05 - WMI Internals Part 1 - Understanding the Basics.pdf
|
|
|
|
|
2022-07-26 - Understanding DISM - Servicing Stack Interaction.pdf
|
|
|
|
|
2022-08-02 - Inside Windows Defender System Guard Runtime Monitor.pdf
|
|
|
|
|
2022-08-05 - Exploring the Windows Search Application Cache.zip
|
|
|
|
|
2022-08-16 - Demonstrating inline function importing in Cplusplus.zip
|
|
|
|
|
2022-08-16 - Understanding a New Mitigation Module Tampering Protection.pdf
|
|
|
|
|
2022-09-05 - Inside the Windows Cache Manager.pdf
|
|
|
|
|
2022-09-16 - Dissecting Windows Section Objects.pdf
|
|
|
|
|
2022-09-26 - Sacrificing Suspended Processes.7z
|
|
|
|
|
2022-09-28 - MS Help 2 Primer.pdf
|
|
|
|
|
2022-10-20 - SharedMemUtils - A simple tool to automatically find vulnerabilities in shared memory objects.pdf
|
|
|
|
|
2022-11-19 - An Exercise in Dynamic Analysis.pdf
|
|
|
|
|
2022-12-18 - Diving into Intel Killer bloatware part 1.pdf
|
|
|
|
|
2023-01-04 - Investigating Filter Communication Ports.pdf
|
|
|
|
|
2023-02-01 - Weird things I learned while writing an x86 emulator.pdf
|
|
|
|
|
2023-02-06 - Diving Deeper Into Pre-created Computer Accounts.pdf
|
|
|
|
|
2023-03-16 - Minimal Executables.pdf
|
|
|
|
|
2023-04-11 - Stepping Insyde System Management Mode.pdf
|
|
|
|
|
2023-04-17 - An in-depth look at the Golang Windows calls.pdf
|
|
|
|
|
2023-04-18 - Diving into Intel Killer bloatware part 2.pdf
|
|
|
|
|
2023-05-03 - Exploring Impersonation through the Named Pipe Filesystem Driver.pdf
|
|
|
|
|
2023-06-09 - Finding and exploiting process killer drivers with LOL for 3000 dollars.7z
|
|
|
|
|
2023-07-25 - Prefetch - The Little Snitch That Tells on You.pdf
|
|
|
|
|
2023-08-13 - LAPS 2.0 Internals.pdf
|
|
|
|
|
2023-08-23 - Demystifying DLL Hijacking Understanding the Intricate World of Dynamic Link Library Attacks.pdf
|
|
|
|
|
2023-09-06 - How to Troll an AV.7z
|
|
|
|
|
2023-09-12 - Peeling back the curtain with call stacks.pdf
|
|
|
|
|
2023-09-20 - Windows Authentication - Credential Providers - Part 1.pdf
|
|
|
|
|
2023-10-04 - Windows Authentication - Credential Providers - Part 2.pdf
|
|
|
|
|
2023-10-05 - Windows Authentication - Credential Providers - Part 2.pdf
|
|
|
|
|
2023-11-12 - How to dig into the CLR.pdf
|
|
|
|
|
2023-11-22 - ETW internals for security research and forensics.7z
|
|
|
|
|
2023-12-21 - InsightEngineering - Advanced Windows Debugging.zip
|
|
|
|
|
2023-12-26 - A little known secret of runonceexe 32-bit.pdf
|
|
|
|
|
2023-12-27 - A little known secret of regsvr32exe take two.pdf
|
|
|
|
|
2024-01-06 - A little known secret of fondue dot exe.pdf
|
|
|
|
|
2024-01-15 - Undocumented DISM properties.7z
|
|
|
|
|
2024-02-08 - Deep Dive Into Exploiting Windows Thread Pools.7z
|
|
|
|
|
2024-02-09 - Sudo On Windows - Quick Rundown.pdf
|
|
|
|
|
2024-02-12 - Why Windows cant follow WSL symlinks.pdf
|
|
|
|
|
2024-02-16 - Beyond Process and Object Callbacks - An Unconventional Method.pdf
|
|
|
|
|
2024-02-27 - What is Regedt32.EXE.7z
|
|
|
|
|
2024-03-03 - A Trip Down Memory Lane - A history of AV evasion.pdf
|
|
|
|
|
2024-04-12 - Understanding ETW Patching.pdf
|
|
|
|
|
2024-06-28 - An unexpected journey into Microsoft Defender's signature world.pdf
|
|
|
|
|
2024-08-30 - Evil MSI A story about vulnerabilities in MSI Files.pdf
|
|
|
|
|
2024-09-12 - Proof of Concept - Transforming an EXE or DLL to Shellcode.7z
|
|
|
|
|
2024-09-28 - Notes on unprivileged access to Bitlocker.zip
|
|
|
|
|
2024-11-09 - Structured Storage and Compound Files.pdf
|
|
|
|
|
2024-11-14 - ETW Forensics - Why use Event Tracing for Windows over EventLog.pdf
|
|
|
|
|
2024-12-19 - The Windows Registry Adventure 5 - The regf file format.pdf
|
|
|
|
|
2024-12-24 - Constructing a Win32 Control Handler in MASM.pdf
|
|
|
|