SUBJECT — windows

— see all subjects —

• PL. XXI. Hide From Sandboxes And Emulators A guide on evading detection by Endpoint Protection Platforms (EPP) using the Offline Registry Library in Windows. Jun 19, 2019
• PL. XX. Make Your Dynamic Module Unfreeable (Anti-FreeLibrary) This post discusses techniques to prevent a dynamically loaded module from being unloaded in a target process. Apr 1, 2019
• PL. XIX. Hooking via InstrumentationCallback An exploration of the epilogue hooking method using InstrumentationCallback, including practical examples and pitfalls. Aug 25, 2018
• PL. IX. Abusing WSL for Evasion An exploration of how the Windows Subsystem for Linux (WSL can be exploited for evasion techniques. Feb 18, 2018
• PL. X. Bypass User-Mode Hooks A deep dive into bypassing user-mode hooks by reimplementing ntdll functions, with practical examples and demonstrations. Feb 18, 2018
• PL. VIII. Making a Process Unkillable in Windows OS An exploration of techniques to create unkillable processes within the Windows kernel environment. Feb 7, 2018