🛠 Basics of PE32+ ( 64bit portable executable ) format ~ malwareid.in/unpack/unpacki… Learn basics of the 64bit executable format on windows and how it differs from 32bit . 🎂 Bonus ~ Includes code to parse headers in a PE 64bit file

Are stack expansion and stack guard not present in the 64-bit version of Windows kernel? Stack Guard is not set in RtlCreateUserStack while creating the stack for a new thread #windowskernel #kernel

"What Every Malware Analyst Should Know About PE Relocations" ~ malwareid.in/unpack/unpacki… 🔍 A new blog post for an in-depth look at Portable Executable (PE) relocations. From malware loading essentials to kernel routine reverse engineering, it's a journey every malware analyst

➡️ New Blog Post ! ➡️ ➡️ Learn in-depth about the Export Address Table and how forwarders are used in DLLs."➡️ Export Address Table , Export Forwarding and DLL side-loading ~ malwareid.in/unpack/unpacki… follow Malware ID #CyberSecurity #infosecurity #infosec

It's finally out: from a Windows driver to a fully functionnal driver. In this blogpost we'll go through the history of EDR's, how they used to work, how they work now and how we can build a fully functionnal one. Last step is a chall, bypass MyDumbEDR sensepost.com/blog/2024/sens…

Thanks for the 500+ stars folks! github.com/DebugPrivilege…

Analysing Windows Malware on Apple Mac M1/M2 ( Windows 11 ARM ) - Part I ~ int0xcc.svbtle.com/apple-m2-or-wi… #malware #infosec

Analysing Windows Malware on Apple Mac M1/M2 ( Windows 11 ARM ) Part II ~ int0xcc.svbtle.com/analysing-wind…

Curious what Windows Internals tricks rootkits have leveraged throughout their history to achieve the necessary goals of concealing malicious activities, I've published a pdf with a breakdown of these tricks. It covers the following rootkit families. artemonsecurity.blogspot.com/2024/06/window…

🛠️ Mind Map for analyzing encryption algorithms by reverse engineering

Just Carry A Ladder: – Why Your EDR Let Pikabot Jump Through vmray.com/just-carry-a-l… #malware #cybersecurity #EDR