Category: Malware Dev

Using the Windows Filtering Platform to block EDR traffic.

Bypassing DSE using vulnerable drivers.

Examining the PPL Windows security feature.

Exploiting kernel mode drivers to terminate protected processes.

Creating a Windows kernel mode driver to hide and kill processes.

Modifying Kernel data structures to hide processes and elevate privileges.

Executing arbitrary code inside a .NET process.

Creating an APK to gain remote access to an Android 14 device.

Using DLL’s as a persistence mechanism.

Setting up Obfuscator LLVM with Visual Studio 2022.

Converting shellcode to look like a series of IP addresses.

Replacing existing ROR13 function hash names in shellcode to evade signature based detection.