My First Dive into EPROCESS: ProcessSelfDelete research
Exploring the EPROCESS structure on Windows 11 24H2, with a focus on the mysterious ProcessSelfDelete flag, how it’s activated, its effects on process termin...
Recent Posts
Revisiting CVE-2023-21768
Exploiting a subtle kernel vulnerability in AFD.sys by leveraging I/O Rings to build arbitrary read and write primitives for reliable privilege escalation on...
Virtualization Tactics in Red Team Operations
Leveraging Windows Sandbox and QEMU virtualization to safely deploy payloads, conduct penetration tests, and enhance red team operational stealth
Stealthy Webshells: Leveraging Native Functions in PHP, ASPX and Java
Exploring stealthy webshell techniques in PHP, ASPX, and Java to bypass security measures and maintain persistence
Evading Event Tracing for Windows (ETW)-Based Detections
Evading Event Tracing for Windows (ETW)-based detections with methods such as patching, tampering and session hijacking
Custom Shellcode Creation in x64
Investigating custom shellcode creation on x64 Windows architectures, also understanding the calling convention in order to obtain a reverse shell