Good morning! Today we’re going to take a very detailed look at how a junk code generator called ETG (Executable Trash Generator) works. It was created by Z0MBiE (29a) and is designed for 32-bit ar...

Good morning! In today’s blog we’re going to talk about one of the most powerful protections for Windows: PatchGuard, also known as KPP (Kernel Patch Protection). I’ll divide this blog into severa...

Good morning! As we saw in last week’s blog post, the use of NtQuerySystemInformation() to bypass kASLR and the changes introduced in version 24H2 have effectively taken away that convenient method...

Good morning! Today’s blog won’t be too long, but that doesn’t mean it’s not important. Perhaps one of the oldest mitigations implemented in all software is ASLR (Address Space Layout Randomizatio...

Good morning, in this blog post we’re going to take a deep dive into the SMEP mitigation or Supervisor Mode Execution Prevention. This is a security feature present in modern Intel processors (star...

Let’s kick off the blog with the foundation and starting point of all our exploits: the code we want to inject — the shellcode. For the POCs of these three techniques, we need to load the shellcod...

Hello, World! My name is Carlos, and I am a Security Researcher focused on Windows exploitation and Intel architecture, particularly low-level concepts. My objective with this blog is to explain ...