|
Up
|
|
|
|
|
2005-05-30 - Making WMI Queries In C.7z
|
|
|
|
|
2011-01-25 - No Loitering - Exploiting Lingering Vulnerabilities in Default COM Objects.pdf
|
|
|
|
|
2014-12-03 - Hooking COM Objects - Intercepting Calls to COM Interfaces.7z
|
|
|
|
|
2015-08-10 - Windows 10HH Symbolic Link Mitigations.pdf
|
|
|
|
|
2016-02-10 - The Definitive Guide on Win32 to NT Path Conversion.pdf
|
|
|
|
|
2017-10-03 - Windows 10 Parallel Loading Breakdown.pdf
|
|
|
|
|
2017-10-06 - An Introduction to Standard and Isolation Minifilters.pdf
|
|
|
|
|
2017-10-15 - Understanding API Set Resolution.7z
|
|
|
|
|
2018-08-07 - Windows Exploitation Tricks Exploiting Arbitrary Object Directory Creation for Local Elevation of Pri.pdf
|
|
|
|
|
2018-08-19 - NTFS Alternate Streams What, When, and How To.7z
|
|
|
|
|
2018-09-09 - Finding Interactive User COM Objects using PowerShell.pdf
|
|
|
|
|
2019-02-15 - Understanding Windows x64 ASM.7z
|
|
|
|
|
2019-08-23 - How the Antimalware Scan Interface AMSI helps you defend against malware.pdf
|
|
|
|
|
2019-11-11 - Antimalware Scan Interface AMSI.pdf
|
|
|
|
|
2019.02.15 - Understand Windows x64 ASM.7z
|
|
|
|
|
2020-02-23 - A stealthier approach to spoofing process command line.pdf
|
|
|
|
|
2020-04-01 - Updating the Undocumented ESTROBJ and STROBJ Structures for Windows 10 x64.pdf
|
|
|
|
|
2020-04-24 - Windows DLL Hijacking Hopefully Clarified.pdf
|
|
|
|
|
2020-05-17 - APC Series User APC API.pdf
|
|
|
|
|
2020-06-03 - APC Series User APC Internals.pdf
|
|
|
|
|
2020-06-28 - APC Series KiUserApcDispatcher and Wow64.pdf
|
|
|
|
|
2020-07-10 - Fs Minifilter Hooking Part 1.pdf
|
|
|
|
|
2020-07-11 - Superfetch - Unknown Spy.pdf
|
|
|
|
|
2020-09-26 - Deep dive into user-mode Asynchronous Procedure Calls in Windows.pdf
|
|
|
|
|
2020-09-26 - Demystifying the SVCHOSTEXE Process and Its Command Line Options.pdf
|
|
|
|
|
2020-10-11 - From a C project through assembly to shellcode.pdf
|
|
|
|
|
2020-11-09 - WOW64Hooks WOW64 Subsystem Internals and Hooking Techniques.pdf
|
|
|
|
|
2021-01-12 - tagSOleTlsData and the COM concurrency model for the current thread.pdf
|
|
|
|
|
2021-12-01 - Writing a simple 16 bit VM in less than 125 lines of C.pdf
|
|
|
|
|
2022-01-04 - Exploring Token Members Part 1.pdf
|
|
|
|
|
2022-01-09 - Understanding Windows Structured Exception Handling Part 1 – The Basics.pdf
|
|
|
|
|
2022-01-12 - Red Canary - Antimalware Scan Interface (AMSI).pdf
|
|
|
|
|
2022-01-16 - Notes on Windows MS-CXH and MS-CXH-FULL handlers.pdf
|
|
|
|
|
2022-01-16 - Understanding Windows Structured Exception Handling Part 2 – Digging Deeper.pdf
|
|
|
|
|
2022-01-22 - Understanding Windows Structured Exception Handling Part 3 – Under The Hood.pdf
|
|
|
|
|
2022-01-23 - Understanding Windows Structured Exception Handling Part 4 – Pseudo __try and __except.pdf
|
|
|
|
|
2022-02-16 - Exploring Token Members Part 2.pdf
|
|
|
|
|
2022-03-14 - Reversing Common Obfuscation Techniques.pdf
|
|
|
|
|
2022-05-05 - Studying Next Generation Malware - NightHawks Attempt At Obfuscate and Sleep.pdf
|
|
|
|
|
2022-06-08 - Inside Get-AuthenticodeSignature.pdf
|
|
|
|
|
2022-07-05 - WMI Internals Part 1 - Understanding the Basics.pdf
|
|
|
|
|
2022-07-26 - Understanding DISM - Servicing Stack Interaction.pdf
|
|
|
|
|
2022-07-29 - Running Exploit As Protected Process Light From Userland.pdf
|
|
|
|
|
2022-08-02 - Inside Windows Defender System Guard Runtime Monitor.pdf
|
|
|
|
|
2022-08-05 - Exploring the Windows Search Application Cache.zip
|
|
|
|
|
2022-09-05 - Inside the Windows Cache Manager.pdf
|
|
|
|
|
2022-09-16 - Dissecting Windows Section Objects.pdf
|
|
|
|
|
2022-09-28 - MS Help 2 Primer.pdf
|
|
|
|
|
2022-10-13 - Random Number Generation using IOCTL.txt
|
|
|
|
|
2022-12-18 - Diving into Intel Killer bloatware part 1.pdf
|
|
|
|
|
2023-02-01 - Weird things I learned while writing an x86 emulator.pdf
|
|
|
|
|
2023-02-06 - Diving Deeper Into Pre-created Computer Accounts.pdf
|
|
|
|
|
2023-03-16 - Minimal Executables.pdf
|
|
|
|
|
2023-04-18 - Diving into Intel Killer bloatware part 2.pdf
|
|
|
|
|
2023-07-25 - Prefetch - The Little Snitch That Tells on You.pdf
|
|
|
|
|
2023-08-13 - LAPS 2.0 Internals.pdf
|
|
|
|
|
2023-08-23 - Demonstrating how IIS decrypts AppPool credentials.7z
|
|
|
|
|
2023-09-10 - GIF Steganography from First Principles.pdf
|
|
|
|
|
2023-09-12 - Peeling back the curtain with call stacks.pdf
|
|
|
|
|
2023-09-15 - An Introduction into Stack Spoofing.pdf
|
|
|
|
|
2023-09-20 - Windows Authentication - Credential Providers - Part 1.pdf
|
|
|
|
|
2023-10-04 - Windows Authentication - Credential Providers - Part 2.pdf
|
|
|
|
|
2023-10-05 - Windows Authentication - Credential Providers - Part 2.pdf
|
|
|
|
|
2023-11-12 - How to dig into the CLR.pdf
|
|
|
|
|
2023-11-22 - ETW internals for security research and forensics.7z
|
|
|
|
|
2023-12-21 - InsightEngineering - Advanced Windows Debugging.zip
|
|
|
|
|
2023-12-26 - A little known secret of runonceexe 32-bit.pdf
|
|
|
|
|
2023-12-27 - A little known secret of regsvr32exe take two.pdf
|
|
|
|
|
2024-01-06 - A little known secret of fondue dot exe.pdf
|
|
|
|
|
2024-01-15 - Undocumented DISM properties.7z
|
|
|
|
|
2024-02-02 - GetProcAddress usage via ordinal.7z
|
|
|
|
|
2024-02-09 - Sudo On Windows - Quick Rundown.pdf
|
|
|
|
|
2024-02-12 - Why Windows cant follow WSL symlinks.pdf
|
|
|
|
|
2024-02-16 - Beyond Process and Object Callbacks - An Unconventional Method.pdf
|
|
|
|
|
2024-02-27 - What is Regedt32.EXE.7z
|
|
|
|
|
2024-03-03 - A Trip Down Memory Lane - A history of AV evasion.pdf
|
|
|
|
|
2024-03-15 - Capping process CPU usage.7z
|
|
|
|
|
2024-08-30 - Evil MSI A story about vulnerabilities in MSI Files.pdf
|
|
|
|
|
2024-08-31 - Finding open file handles in PS.7z
|
|
|
|