Experimenting with Object Initializers in Windows – See PG-compliance Disclaimer*| Reverse Engineering
Overview In this article, I wanted to introduce a fun approach to performing functions similar to those enabled by Windows Object Callbacks but through an alternative means (experimentally). It’s well known that anti-malware, anti-cheat, and generic monitoring tools on Windows systems often use these callbacks. However, their usability is limited to parties with signed modules, […]| Reverse Engineering
Abuse the HalPrivateDispatchTable to hook SYSCALL system-wide while maintain compliance with PatchGuard on Windows 10 and 11.| Reverse Engineering
Walkthrough of detecting VMware through ACPI checks in user mode, and mitigating the checks in VMware.| Reverse Engineering
The first implementation heavy article covering the details of x86 paging, MTRR configuration, VPID/PCID, and initializing an EPT hierarchy.| Reverse Engineering
EPT, EPTP Switching, Page Hooks, and much more are covered in this 5 part series over hypervisor development. The various examples are tested throughout.| Reverse Engineering
Takes a third-party crackme and teaches assembly while reverse engineering the target application. Covers data structure analysis, flow validation, and more| Reverse Engineering
Part 1 of the x86_64 assembly crash course for people looking to learn how to reverse engineer, read assembly, and understand how exploits work.| Reverse Engineering
This article covers the technical requirements and details for implementing EPT on Intel based hypervisors.| Reverse Engineering