The article explains how attackers exploit a vulnerable signed driver (BYOVD) to obtain a kernel read/write primitive. It shows how unsafe IOCTL handlers allow manipulating kernel memory and abusing driver functionality for offensive operations.
Physical Network Sniffing: Capturing Ethernet Traffic with Simple Alligator Clips
The article demonstrates how Ethernet traffic can be passively intercepted at the physical layer using simple tools like alligator clips attached to network cables. It highlights risks of exposed wiring and shows how attackers can capture unencrypted traffic.
Windows Defender ACL Blocking: A Silent Technique With Serious Impact
The article analyzes a technique that disables Microsoft Defender by modifying file ACLs to block security services from accessing critical system DLLs. This silent method prevents Defender from starting without triggering obvious alerts.
Understanding CPU Cache Hierarchy: Why Modern Processors Use Multiple Cache Levels
The article explains why modern CPUs use multiple cache levels (L1, L2, L3) instead of a single large cache. It discusses the trade-off between cache size and latency and shows how a cache hierarchy balances speed, capacity, and efficiency.
Malware and cryptography 44 – encrypt/decrypt payload via Discrete Fourier Transform. Simple C example.
Demonstration how malware can encrypt and decrypt payloads using the Discrete Fourier Transform (DFT). It provides a simple C example showing how mathematical transforms can hide shellcode and help evade static signature-based detection.
Defeating a 40-year-old copy protection dongle
Reverse engineering a vintage hardware copy-protection dongle used by 1980s enterprise software. By analyzing the DOS program and emulator environment, the author discovered the dongle check and bypassed it with a tiny patch.
Bypassing Detections with Command-Line Obfuscation
How attackers can bypass AV and EDR detections by obfuscating command-line arguments. By exploiting parsing quirks in executables, small changes to parameters can hide malicious intent while the command still executes normally.
Investigating Windows File System Artifacts Under C:\Windows
The article explores forensic artifacts stored under the C:\Windows directory in Windows 10 and 11. It explains how system files and OS-generated traces can reveal executed programs, user activity, and potential data exfiltration during forensic investigations.
Reversing BEDaisy.sys: Static Analysis of BattlEye’s Kernel Anti-Cheat Driver
The article analyzes the Windows kernel driver BEDaisy.sys, used by BattlEye anti-cheat. Through static reverse engineering, it explores driver architecture, APC usage, hardware fingerprinting, import handling, and detection mechanisms used to monitor system activity.
Windows Local Privilege Escalation through the bitpixie Vulnerability
The article explains the Bitpixie vulnerability in Windows Boot Manager that allows attackers to bypass BitLocker encryption. By abusing a PXE soft reboot flaw, the BitLocker key remains in memory, enabling extraction of the VMK and potential privilege escalation.