Good morning! In today’s blog I’m going to introduce one of my favorite topics in all of computer science, programming, and low-level computing, hypervisors. In this case, the Windows hypervisor, H...

Good morning! In today’s blog post, we’re going one step further than in the previous post Windows Kernel Pool Internals (which I recommend reading to understand some of the concepts discussed here...

Good morning! In today’s blog post we’re going to dive into a topic that has interested me for quite some time, the Windows kernel pool. It’s a topic that tends to have “scarce” documentation onlin...

Good morning! Today we’re going to take a very detailed look at how a junk code generator called ETG (Executable Trash Generator) works. It was created by Z0MBiE (29a) and is designed for 32-bit ar...

Good morning! In today’s blog we’re going to talk about one of the most powerful protections for Windows: PatchGuard, also known as KPP (Kernel Patch Protection). I’ll divide this blog into severa...

Good morning! As we saw in last week’s blog post, the use of NtQuerySystemInformation() to bypass kASLR and the changes introduced in version 24H2 have effectively taken away that convenient method...

Good morning! Today’s blog won’t be too long, but that doesn’t mean it’s not important. Perhaps one of the oldest mitigations implemented in all software is ASLR (Address Space Layout Randomizatio...

Good morning, in this blog post we’re going to take a deep dive into the SMEP mitigation or Supervisor Mode Execution Prevention. This is a security feature present in modern Intel processors (star...

Let’s kick off the blog with the foundation and starting point of all our exploits: the code we want to inject — the shellcode. For the POCs of these three techniques, we need to load the shellcod...

Hello, World! My name is Carlos, and I am a Security Researcher focused on Windows exploitation and Intel architecture, particularly low-level concepts. My objective with this blog is to explain ...