Hi Brother I am writting this short tutorial just to share a bit basic on how the malware evade the memory scanning. This is not
Category: Malware
Windows API Hooking
Hi Friend Reading some article on how the EDR able to hook its API into windows API to detect the malicious interaction between application and
Basic File Information Query (NtQueryInformationFile)
Hi Guys, I would like to share a small chunk of code to get the basic file information. This code is the basic and the
Less Detectable with PPID Spoofing
Hi Friends, Another small code that allow you to be less detectable on injecting your malware. I found the code from ired.team is very direct
Hiding Process Cmdline Argument
Hi Developer, Another trick that I want to share with you on making your malicious process is less suspicious. Many EDRs use the cmdline parameter
Less suspicious with module stomping
Hi Friends, I would like to continue on sharing a simple tutorial on making your payload injection less supicious to AV detection. As a common
Cyber Security Architect | Red/Blue Teaming | Exploit/Malware Analysis 