Windows Defender Memory Scanning Evasion

Evading Windows Defender memory scanning.

Process Injection

CreateRemoteThread Process Injection in C#

Unhooking Event Tracing for Windows

Bypassing ETW userland hooks.

Assembly.Load & AMSI

Bypassing AMSI when using Assembly.Load.

DNS Tunneling

Using the Domain Name System as a Command & Control mechanism.

ICMP Tunneling

Tunneling C2 messages in ICMP traffic.

Use After Free Vulnerabilities

Exploiting use-after-free vulnerabilities.

Heap Exploitation: The House of Force

Tampering with the top chunk size field for an arbitrary write primitive.

Ubuntu 20.04 Heap Exploitation

Exploiting heap corruption on Ubuntu 20.04.

Heap Thread Cache Exploitation

Exploiting heap thread caching on glibc 2.26.

Heap Fastbin Exploitation

Double free exploitation of glibc heap fastbins.

Certificate Based Persistence

Using AD CS certificates to achieve persistence in an Active Directory environment.