Automating MS-RPC research shows how NtObjectManager, dynamic RPC clients, fuzzing, canary tracing, ProcMon and Neo4j can map interfaces, test procedures, find crashes and uncover coercion-style Windows bugs.
DLL Sideloading & Proxying for Advance Red Team Engagements
A practical look at DLL sideloading and proxying: how attackers abuse trusted Windows executables to load malicious DLLs while keeping the app running normally.
No More Hardcoded Kernel Offsets: Turning Microsoft PDB Symbols into a Runtime BYOVD Superpower
A Windows kernel research technique that uses Microsoft PDB symbols to resolve offsets dynamically, avoiding hardcoded values and manual WinDBG work across builds.
Shadow SSDT Hijacking: Achieving Kernel Code Execution via Read-Write Primitives
The article shows how Shadow SSDT hijacking can turn kernel read/write primitives into transient kernel code execution by redirecting a GUI syscall path through win32k and restoring it afterward.
Patchless AMSI Bypass via Page Guard Exceptions
The article shows a patchless AMSI bypass using Page Guard exceptions and VEH to intercept AmsiScanBuffer, force an early clean return, and avoid direct code patching.
Evading Antivirus: Bypassing Windows Defender with Tenebris-Gate
The article presents Tenebris-Gate as a layered Windows Defender evasion framework using shellcode encryption, API hashing, anti-debugging, sandbox delays, syscall tricks, and careful memory handling.
Internal NTDLL Functions for Shellcode Execution
The article tests a shellcode execution trick using a private NTDLL function as an indirect call gadget, but notes it may offer limited stealth and can still be detected by mature EDRs.
How Kernel Anti-Cheats Work: A Deep Dive into Modern Game Protection
The article explains how kernel anti-cheats monitor games from Ring 0 using callbacks, handle filtering, memory scans, driver checks, anti-debugging, VM detection, and hardware fingerprinting.