Unpacking VMProtect is rather straightforward and there are many ways in which it is documented for userland processes -

A few months ago, while hunting for vulnerable drivers to abuse for BYOVD on operations, I stumbled upon a repository of

In Part II of this series, we looked at how we could be hiding our rootkit’s thread from the eyes of a vigilant anti-roo

At the end of Part I of this Series, we ended up with a small anti-rootkit driver, that was able to detect malicious dri

While some blog posts exist that talk about developing offensive drivers and rootkits, the only ones that I found, which

Recently I wanted to learn a bit more about the .NET Common Intermediate Language (CIL). The CIL is basically the equiva

If you are into rootkits and offensive windows kernel driver development, you have probably watched the talk Close Encou

I like esoteric programming topics, such as outsider languages or using obscure techniques to achieve some sort of goal.

This is a blog I wrote for a former employer on how to evade memory scanners when using reflectively loaded .NET for pos

If you are a penetration tester, you probably dealt with and abused windows access tokens before, e.g. to get SYSTEM pri