Hi Developer, Another trick that I want to share with you on making your malicious process is less suspicious. Many EDRs use the cmdline parameter
Category: Reverse Engineering
Less suspicious with module stomping
Hi Friends, I would like to continue on sharing a simple tutorial on making your payload injection less supicious to AV detection. As a common
HellGate Technique on AV Bypass
Hi Friends, Yet another simple tutorial post regarding on how to bypass AV detection during payload injection. As mentioned in my previous post that one
Process unhooking by reading ntdll.dll fresh copy
Hi All, I am going to share a simple code to allow you to unhook AV engine from the NTDLL by overwritting dll loaded into
Classic Payload Injection (CreateRemoteThread)
I am continuing the last post regarding the process enumeration that we can use to find the target process that become the host of our
Basic Windows Process Enumeration
Hi Guys, After taking some times to take some doing many other things, I am finally back writting small tutorial at my blog. If you
Cyber Security Architect | Red/Blue Teaming | Exploit/Malware Analysis 