In my previous article, I talked about some of my work on fixing the bugs within the GCC based Rust compiler backed.| fractalfir.github.io
Locate instantiated PTE by leaking the base address and dynamically using read primitive to retrieve the syscall id.| Boschko Security Blog
With the accelerated release schedule of Windows 10 it's common for new features to be regularly introduced. This is especially true of feat...| www.tiraniddo.dev
Introduction The motivation to bypass user-mode hooks initially began with improving the success rate of process injection. There can be legitimate reasons to perform injection. UI Automation and Active Accessibility will use it...| MDSec
Over the past year, the security community - specifically Red Team Operators and Blue Team Defenders - have seen a massive rise in both public and private utilization of System Calls in windows malware for post-exploitation activities, as well as for the bypassing of EDR or Endpoint Detection and Response.| Jack Hacks
A look at code to parse the PE header and remove API hooks placed by AV/EDR.| www.solomonsklash.io
A small proof of concept Windows shellcode injector using syscalls.| www.solomonsklash.io
Those of you interested in the Windows kernel-mode internals are probably familiar with the syscall tables I maintain on my blog: the 32-bit and 64-bit listings of Windows system calls with their respective IDs in all major versions of the OS, available here (and are also linked to in the menu):| j00ru//vx tech blog
Introduction This is the second post of a series which regards development of malicious software. In this series we will explore and try to implement multiple techniques used by malicious applications to execute code, hide from defenses and persist. Previously, we’ve created basic Metasploit shellcode launcher in C++ and explored basic techniques which helped to lower detection rate of the compiled executable - payload encoding/encryption, binary signing with custom code-signing certificate...| 0xpat.github.io
I first encountered the concept of using direct system calls to bypass user-land API hooking a little more than a year ago when I read a blog post by Cornelis De Pla (@Cn33liz). It is an exce…| Team Hydra
