|
Up
|
|
|
|
|
2005-05-30 - Making WMI Queries In C.7z
|
|
|
|
|
2015-08-12 - Stealth Techniques - Hiding Files in the Registry.pdf
|
|
|
|
|
2015-08-20 - Manually Enumerating Process Modules.pdf
|
|
|
|
|
2017-08-12 - Finding handle leaks - user mode duplicate handle in C and CSharp.zip
|
|
|
|
|
2017-08-19 - The Art of Becoming TrustedInstaller.pdf
|
|
|
|
|
2018-10-25 - Playing with the Windows Notification Facility WNF.pdf
|
|
|
|
|
2019-04-07 - Loading and calling VB from CPlusPlus.zip
|
|
|
|
|
2019-07-21 - In-memory execution of VBScript, JavaScript or JScript.txt
|
|
|
|
|
2019-08-17 - Weaponizing Privileged File Writes with the USO Service.7z
|
|
|
|
|
2019-10-11 - An alternate way to execute a binary - NtQueryInformationProcess and the AeDebugProtected key.pdf
|
|
|
|
|
2019-12-02 - Evading WinDefender ATP credential-theft a hit after a hit-and-miss start.pdf
|
|
|
|
|
2020-01-23 - Starting WERSVR from a restricted users.7z
|
|
|
|
|
2020-02-10 - WDExtract - Extracting data from Windows Defender.zip
|
|
|
|
|
2020-02-23 - A stealthier approach to spoofing process command line.pdf
|
|
|
|
|
2020-04-30 - Fax Shell - Using Fax service for system.7z
|
|
|
|
|
2020-04-30 - Faxing Your Way to SYSTEM Part Two.pdf
|
|
|
|
|
2020-05-03 - Fax Service Bind shell abusing Ualapi.7z
|
|
|
|
|
2020-05-10 - The Fake Entry Point Trick.txt
|
|
|
|
|
2020-06-10 - Cmd Hijack - A Command_Argument Confustion with Path Traversal.pdf
|
|
|
|
|
2020-10-12 - In-Process Execute Assembly and MailSlots.pdf
|
|
|
|
|
2020-10-17 - DllBidEntryPoint Abuse.pdf
|
|
|
|
|
2020-12-24 - The worst of the two worlds - Excel meets Outlook.pdf
|
|
|
|
|
2021-04-22 - Binary Data Hiding in VB6 Executables.pdf
|
|
|
|
|
2021-05-05 - Weird Ways to Run Unmanaged Code in NET.pdf
|
|
|
|
|
2021-05-13 - Reshaping Shadow Volumes with IOCTLs.txt
|
|
|
|
|
2021-06-19 - Backstab - Demonstrating how to kill EDR protected processes.zip
|
|
|
|
|
2021-06-20 - Demonstrating How to Dump Chrome Passwords.7z
|
|
|
|
|
2021-07-23 - Modifying MS Office security warnings.PNG
|
|
|
|
|
2021-08-03 - Reading, Writing, and Executing A File WITHOUT A File Path - yarhLoader.c
|
|
|
|
|
2021-10-09 - Trololololobin and other lolololocoasters.pdf
|
|
|
|
|
2021-10-10 - SeManageVolumePrivilege Abuse with FSCTL_SD_GLOBAL_CHANGE.zip
|
|
|
|
|
2021-10-28 - Malicious ZIP Demonstration.zip
|
|
|
|
|
2021-12-07 - Demonstrating USB Propagation.7z
|
|
|
|
|
2021-12-07 - Identifying Antivirus Software by enumerating Minifilter String Names.7z
|
|
|
|
|
2021-12-07 - Programmatically Modifying Boot Configurations - BCDEdit.7z
|
|
|
|
|
2021-12-07 - Weaponizing Windows Virtualization.7z
|
|
|
|
|
2022-01-15 - Programmatically Stopping Windows Defender.7z
|
|
|
|
|
2022-01-15 - Stealing Process Tokens POC.7z
|
|
|
|
|
2022-01-16 - Oobe Setup ErrorHandle.cmd Hijack.pdf
|
|
|
|
|
2022-01-28 - The good the bad and the stomped function.7z
|
|
|
|
|
2022-01-30 - Retrieving the current EIP in C⁄C++.pdf
|
|
|
|
|
2022-01-31 - Abusing the MS Office protocol scheme.pdf
|
|
|
|
|
2022-02-04 - CallRemoteAPI - Call functions in remote processes.pdf
|
|
|
|
|
2022-02-04 - CreateSvcRpc - A custom RPC client to execute programs as the SYSTEM user.pdf
|
|
|
|
|
2022-02-04 - EmbedExeLnk - Embedding an EXE inside a LNK with automatic execution.pdf
|
|
|
|
|
2022-02-04 - JmpNoCall.pdf
|
|
|
|
|
2022-02-06 - HijackFileHandle - Hijack a file in a remote process without code injection.pdf
|
|
|
|
|
2022-02-08 - StackScraper - Capturing sensitive data using real-time stack scanning against a remote.pdf
|
|
|
|
|
2022-02-14 - Abusing Exceptions for Code Execution Part 1.pdf
|
|
|
|
|
2022-02-16 - wlrmdr.exe LOLBIN.7z
|
|
|
|
|
2022-03-30 - EventPipe - An IPC method to transfer binary data between processes using event objects.pdf
|
|
|
|
|
2022-04-02 - CreateSvcRpc - A custom RPC client to execute programs as the SYSTEM user.pdf
|
|
|
|
|
2022-04-02 - Unmanaged Code Execution with .NET Dynamic PInvoke.pdf
|
|
|
|
|
2022-04-03 - FveApiDLL Abuse Demonstration.7z
|
|
|
|
|
2022-04-03 - NtdllPipe - Using cmd.exe to retrieve a clean version of ntdll.dll.pdf
|
|
|
|
|
2022-04-18 - Token Manipulation in Rust Demonation.zip
|
|
|
|
|
2022-04-18 - UACMe.zip
|
|
|
|
|
2022-04-19 - Dumping passwords using KRShowKeyMgr.PNG
|
|
|
|
|
2022-04-19 - Resolving System Service Numbers using the Exception Directory.pdf
|
|
|
|
|
2022-04-30 - Programmatically Hiding Windows Snapshots.7z
|
|
|
|
|
2022-05-05 - A very simple and alternative PID finder.pdf
|
|
|
|
|
2022-05-09 - Spawning IE on Windows 11.PNG
|
|
|
|
|
2022-05-10 - Making NtCreateUserProcess Work.pdf
|
|
|
|
|
2022-05-27 - Nls Code Injection Through The Registry.zip
|
|
|
|
|
2022-05-31 - Crashing Windows by Abusing NtRaiseHardError.PNG
|
|
|
|
|
2022-06-22 - Extracting Whitelisted Paths from Windows Defender ASR Rules.pdf
|
|
|
|
|
2022-07-13 - Bluffy the AV Slayer.pdf
|
|
|
|
|
2022-07-29 - Running Exploit As Protected Process Light From Userland.pdf
|
|
|
|
|
2022-08-04 - API Resolving Obfuscation via Veh.zip
|
|
|
|
|
2022-08-05 - Backdooring Office Structures Part 1 The Oldschool.pdf
|
|
|
|
|
2022-08-08 - Backdooring Office Structures Part 2 Payload Crumbs In Custom Parts.pdf
|
|
|
|
|
2022-08-08 - Manual Implementation of BlockDLLs and ACG.cpp
|
|
|
|
|
2022-08-19 - Bypassing AppLocker by abusing HashInfo.pdf
|
|
|
|
|
2022-09-27 - Constrained Language Mode Bypass When __PSLockDownPolicy Is Used.pdf
|
|
|
|
|
2022-10-07 - Short term snapshot deletion via ExecuteScheduledSPPCreation.7z
|
|
|
|
|
2022-10-11 - Abusing the Windows Power Management API.7z
|
|
|
|
|
2022-10-13 - Random Number Generation using IOCTL.txt
|
|
|
|
|
2022-10-18 - Changing memory protection using APC.pdf
|
|
|
|
|
2022-10-31 - Heavens Gate in CSharp.7z
|
|
|
|
|
2022-12-07 - Programmatically Deleting Shadow Volumes - Xaoc.7z
|
|
|
|
|
2022-12-23 - Simple PE Loader.7z
|
|
|
|
|
2023-02-03 - Windows Domain Controller NTDSUTIL activate instance abuse.PNG
|
|
|
|
|
2023-02-07 - Demonstrating Unhooking NTDLL from Disk.7z
|
|
|
|
|
2023-02-07 - Demonstrating Unhooking NTDLL from KnownDlls.7z
|
|
|
|
|
2023-02-07 - Demonstrating Unhooking NTDLL from Remote Server.7z
|
|
|
|
|
2023-02-07 - Demonstrating Unhooking NTDLL from Suspended Process.7z
|
|
|
|
|
2023-03-19 - Different ways to create a process.html
|
|
|
|
|
2023-05-02 - Preventing application creation by IFEO keys.png
|
|
|
|
|
2023-05-17 - VBA resolving exports in runtime without NtQueryInformationProcess or GetProcAddress.pdf
|
|
|
|
|
2023-06-05 - Abusing undocumented features to spoof PE section headers.pdf
|
|
|
|
|
2023-06-09 - Finding and exploiting process killer drivers with LOL for 3000 dollars.pdf
|
|
|
|
|
2023-07-19 - Escalating Privileges via Third-Party Windows Installers.pdf
|
|
|
|
|
2023-07-23 - Malware via VHD Files, an Excellent Choice.pdf
|
|
|
|
|
2023-07-26 - WSPCoerce - PoC to allow authentication from Windows hosts using MS-WSP.zip
|
|
|
|
|
2023-07-27 - Kerberos UAC Bypass - Abusing Kerberos Tickets for UAC Bypasses.zip
|
|
|
|
|
2023-08-17 - Abusing Windows Filtering Platform for Privilege Escalation.pdf
|
|
|
|
|
2023-08-23 - Demonstrating how IIS decrypts AppPool credentials.7z
|
|
|
|
|
2023-08-28 - Uac bypass via UIPI or Windows Task Manager.txt
|
|
|
|
|
2023-09-14 - Bypassing UAC with SSPI Datagram Contexts.pdf
|
|
|
|
|
2023-10-03 - LPE with MSI Installers.pdf
|
|
|
|
|
2023-11-06 - Running PEs Inline Without a Console.pdf
|
|
|
|
|
2023-12-19 - SignToolEx - code signing with leaked certs and abusing MS detours.zip
|
|
|
|
|
2023-12-24 - Arbitrary Command Execution Via Windows Kit's StandaloneRunner.pdf
|
|
|
|
|
2023-12-29 - Usermode encryption but only LOCALSYSTEM can decrypt.7z
|
|
|
|
|
2023-12-31 - Compression using undocumented RDP APIs.7z
|
|
|
|
|
2024-01-23 - Windows Event Log service DoS.zip
|
|
|
|
|
2024-02-01 - Unmanaged .NET Patching.pdf
|
|
|
|
|
2024-02-02 - GetProcAddress usage via ordinal.7z
|
|
|
|
|
2024-02-08 - Bypassing ApplyOnce limitation in GPO with key removal.7z
|
|
|
|
|
2024-02-08 - Disabling System Event Logs with IDataCollectorSet.7z
|
|
|
|
|
2024-02-08 - Executing CSharp Assemblies from C code.pdf
|
|
|
|
|
2024-02-16 - InflativeLoading.7z
|
|
|
|
|
2024-02-24 - iExpress LOLBINS and Diamond seds.7z
|
|
|
|
|
2024-03-03 - Explorer.exe LOLBIN and persistence.pdf
|
|
|
|
|
2024-03-08- Manipulating Token Attribute structures.7z
|
|
|
|
|
2024-03-15 - Capping process CPU usage.7z
|
|
|
|
|
2024-03-18 - Abusing SeTrustedCredmanAccessPrivilege to dump user creds.zip
|
|
|
|
|
2024-08-04 - Abusing the search-ms URI protocol handler.pdf
|
|
|
|
|
2024-08-08 - Abusing Windows Hello without a severed hand.7z
|
|
|
|
|
2024-08-13 - Abusing AVEDR Exclusions to Evade Detections.pdf
|
|
|
|
|
2024-08-15 - Offline SAM Editing.pdf
|
|
|
|
|
2024-08-19 - DRMBIN - Prevent binaries from running on other machines.zip
|
|
|
|
|
2024-08-31 - Finding open file handles in PS.7z
|
|
|
|
|
2024-09-03 - Rundll32 and Phantom DLL lolbins.7z
|
|
|
|
|
2024-09-04 - Rundll32 and Phantom DLL lolbins, 32-bit version.7z
|
|
|
|
|
2024-10-04 - Notes on xWizard.exe and xWizards.dll.png
|
|
|
|
|
2024-10-22 - Offensive Groovy programming.pdf
|
|
|
|
|
2024-10-22 - Reading BitLocker numerical passwords via API.zip
|
|
|
|
|
2024-10-24 - EmbedPayloadInPng.zip
|
|
|
|
|
2024-10-27 - ExecutePeFromPngViaLNK.zip
|
|
|
|
|
2024-10-30 - EV code signing with pfx in 2024.pdf
|
|
|
|
|
2024-11-09 - Using VBS enclaves for anti-cheat purposes.pdf
|
|
|
|
|
2024-12-13 - Disabling EDRs by File Rename Junctions.zip
|
|
|
|
|
2024-12-20 - Weaponizing WDAC Killing the Dreams of EDR.pdf
|
|
|
|
