A walkthrough of “APC Tandem”, a stealth Windows process-injection technique that replaces WriteProcessMemory, CreateRemoteThread and VirtualAllocEx with a chain of less-watched primitives — thread description smuggling, paired GetThreadDescription/RtlMoveMemory APCs, and a Special User APC for execution.
A structured walkthrough of how virtual memory really works on modern operating systems — from contiguous allocation and external fragmentation to paging, page tables, demand paging, stack and heap layout, mmap and copy-on-write. Based on and credited to “Fundamental of Virtual Memory” on the Melatoni blog (nghiant3223.github.io).
A practical, security-engineering view of the essential iOS hardening steps every iPhone user — and especially high-risk targets — should apply: Lockdown Mode, Advanced Data Protection, attack-surface reduction, deep reboots, and detection with tooling like iVerify. Based on and credited to “Essential iOS Hardening Steps” by Officer’s Notes, published on Medium (Technology Hits).
The Akita Inu is a national treasure of Japan and a symbol of loyalty and courage. Discover the history, character, care, and unique traits of this remarkable breed.
External PCIe DMA cheats are hard because the cheat code runs on another PC. Detection must move to PCIe fingerprints, IOMMU faults, ACS topology, TPM attestation, VBS/HVCI, and layered trust checks.
SYLK is an ancient spreadsheet format, but Excel still supports it. GhostWolf Lab shows how .slk files can carry XLM macros, masquerade as CSV, bypass weak detections, and revive legacy macro abuse.
CVE-2024-32002 turns git clone –recursive into RCE on case-insensitive filesystems. A crafted submodule + symlink can plant a Git hook in .git and execute code before review.
GhostTree abuses NTFS junctions to create recursive, near-endless valid paths. Recursive scanners and EDRs can hang in the maze while malware in the parent folder remains unchecked. Watch junction creation.
DLL proxy loading lets a fake DLL forward every expected export to the real one while running a payload inside a trusted process. This framework automates exports, trampolines, embedding, builds, and testing.
Printers are not harmless office boxes. Misconfigured LDAP, SMTP, SMB or SNMP can leak domain creds, enabling AD enumeration, relay attacks and lateral movement. Treat printers like real network assets.
