eversinc33

Bits about malware, reverse engineering, and the windows kernel.
  • Home
  • About
eversinc33
  • Home
  • About
2025-11-21
Driver Reverse Engineering 101 - Part II: Unpacking a VMProtected Kernel Driver
  • Drivers
  • Kernel
  • Reverse Engineering
  • Unpacking
  • VMProtect
Reverse Engineering Windows Drivers
Unpacking VMProtect is rather straightforward and there are many ways in which it is documented for userland processes -
2025-08-15
Driver Reverse Engineering 101 - Part I: Static Analysis
  • Drivers
  • Reverse Engineering
  • Windows
Reverse Engineering Windows Drivers
A few months ago, while hunting for vulnerable drivers to abuse for BYOVD on operations, I stumbled upon a repository of
2025-02-16
(Anti-)Anti-Rootkit Techniques - Part III: Hijacking Pointers
  • Anti-Rootkit
  • Data Pointer Swap
  • Kernel
  • Rootkit
  • Windows
Windows Kernel Rootkits
In Part II of this series, we looked at how we could be hiding our rootkit’s thread from the eyes of a vigilant anti-roo
2024-09-19
(Anti-)Anti-Rootkit Techniques - Part II: Stomped Drivers and Hidden Threads
  • Anti-Rootkit
  • Kernel
  • PspCidTable
  • Rootkit
  • Windows
Windows Kernel Rootkits
At the end of Part I of this Series, we ended up with a small anti-rootkit driver, that was able to detect malicious dri
2024-03-23
(Anti-)Anti-Rootkit Techniques - Part I: UnKovering mapped rootkits
  • Anti-Rootkit
  • Kernel
  • Manual Mapping
  • Rootkit
  • Windows
Windows Kernel Rootkits
While some blog posts exist that talk about developing offensive drivers and rootkits, the only ones that I found, which
2024-03-11
Automating Deobfuscation of XorStringsNet
  • .NET
  • CIL
  • Deobfuscation
  • Reverse Engineering
Reverse Engineering .NET
Recently I wanted to learn a bit more about the .NET Common Intermediate Language (CIL). The CIL is basically the equiva
2024-02-25
Keylogging in the Windows kernel with undocumented data structures
  • Kernel
  • Keylogging
  • Rootkit
  • Windows
  • gafAsyncKeyState
Windows Kernel Rootkits
If you are into rootkits and offensive windows kernel driver development, you have probably watched the talk Close Encou
2023-03-18
Abusing the GPU for Malware with OpenCL
  • CUDA
  • GPU
  • Malware
  • OpenCL
Malware Development
I like esoteric programming topics, such as outsider languages or using obscure techniques to achieve some sort of goal.
2023-01-10
.NET Assembly Obfuscation for Memory Scanner Evasion
  • .NET
  • Obfuscation
Malware Development
This is a blog I wrote for a former employer on how to evade memory scanners when using reflectively loaded .NET for pos
2022-11-25
Windows Access Tokens: Getting SYSTEM and demystifying Potato Exploits
  • Access Tokens
  • Windows
Malware Development
If you are a penetration tester, you probably dealt with and abused windows access tokens before, e.g. to get SYSTEM pri
1 / 2
Next

eversinc33

Reverse Engineer, Malware Researcher, Windows Kernel Enthusiast

Categories
  • Malware Development
    (4)
  • Reverse Engineering
    (3)
  • .NET
    (1)
  • Windows Drivers
    (2)
  • Windows Kernel
    (4)
  • Rootkits
    (4)
Tags
.NET Access Tokens Anti-Rootkit CIL CUDA Data Pointer Swap Deobfuscation Drivers GPU Kernel Keylogging Malware Manual Mapping Nim Obfuscation OpenCL PspCidTable Reverse Engineering Rootkit Syscalls Unpacking VMProtect Windows gafAsyncKeyState

Powered by Hexo | Theme based on Bamboo | logo by @01Xyris <3