OSEP in 2025 — experience, advice & criticismOSEP is more of a marathon than a race. This post narrates my experience, contains advice for students, and a review of the course.May 41May 41
Windows Process Cloning — How to dump a process without dumping the processThat title isn’t an exagerration or wordplay. There is a way to dump a process without opening a read handle to it. Read on.Apr 12Apr 12
Ghostly Reflective PE Loader — how to make an existing remote process inject a PE in itselfHow to combine reflective DLL injection with Ghostly hollowing to make an existing remote process inject a PE in itself.Mar 11Mar 11
Ghostly Hollowing — probably the most bizarre Windows process injection technique I knowThat title is not an exaggeration. I was looking at remote process injection techniques I could use in my C2 — Hydrangea. That’s when I…Mar 6Mar 6
How to write a local PE Loader from scratch (for educational purposes)This post takes you through the steps to write a custom PE loader that can load and execute a PE from straight from memory.Dec 1, 2024Dec 1, 2024
Certified Red Team Operator (CRTO) in 2024 — My review & tipsYesterday I had successfully passed the CRTO exam. Today I received the above badge in my email. I want to document my whole experience…Nov 24, 20241Nov 24, 20241
Voidgate: how to execute shellcode while keeping it encryptedVoidgate evades AV/EDRs by decrypting and executing only one instruction of encrypted shellcode at a time, before re-encrypting it back.Sep 28, 20241Sep 28, 20241
Using syscalls to bypass User-land EDR hooksThis post discusses direct and indirect syscalls, and showcases how to use this idea to bypass user-land EDR hooks.Sep 17, 2024Sep 17, 2024
A Gentle Introduction to Syscalls in WindowsThis post introduces the concept of syscalls in Windows, and all the relevant prerequisite concepts — System services, SSDTs and SSNs.Sep 17, 2024Sep 17, 2024
API hooking with Detours on WindowsThis is an introduction to the concept of API hooking, and the Detours library to hook WinAPI functions.Sep 8, 2024Sep 8, 2024
