Sohail SahaVoidgate: how to execute shellcode while keeping it encryptedVoidgate evades AV/EDRs by decrypting and executing only one instruction of encrypted shellcode at a time, before re-encrypting it back.Sep 28Sep 28
Sohail SahaUsing syscalls to bypass User-land EDR hooksThis post discusses direct and indirect syscalls, and showcases how to use this idea to bypass user-land EDR hooks.Sep 17Sep 17
Sohail SahaA Gentle Introduction to Syscalls in WindowsThis post introduces the concept of syscalls in Windows, and all the relevant prerequisite concepts — System services, SSDTs and SSNs.Sep 17Sep 17
Sohail SahaAPI hooking with Detours on WindowsThis is an introduction to the concept of API hooking, and the Detours library to hook WinAPI functions.Sep 8Sep 8
Sohail SahaIPFuscation — using IP addresses to obfuscate your sus payloadsIt’s no news that most anti-malware programs will immediately detect your payload if it’s stored as-is in your malware. To overcome this…Aug 201Aug 201
Sohail SahaMost people on Reddit might not even be peopleThis post is about how I found out a large proportion of Reddit users are actually bots, , and how I tried to fight it and failed.Aug 141Aug 141
Sohail SahaHackTheBox ‘Flippin Bank’ Walkthrough | Introduction to CBC Bit-flipping Attack‘Flippin Bank’ is a crypto challenge on HackTheBox, and I loved it because it showcased a classic CBC bit flipping attack.Jul 13, 2021Jul 13, 2021
Sohail SahaHow to execute an ELF in-memory — Living off the LandSince Linux treats everything as a file, including memory, it is fairly easier to run an ELF executable from memory. Read on to find out…Jun 9, 2021Jun 9, 2021
Sohail SahaHow to run a single-threaded tool on multi threads for speed?‘Make-My-Threads’ is a simple tool that spins up a specified number of concurrent threads and have them execute any specifed command.Feb 16, 2021Feb 16, 2021
Sohail SahapicoCTF — seed-sPRiNG Walkthrough | Going toe-to-toe with TimeThis challenge is different than all the preceding challenges in the picoGym in the sense that unlike the previous ones, this one doesn’t…Jan 28, 2021Jan 28, 2021