S12 - 0x12Dark Development·12h agoWord Based Shellcode EncodingWelcome to a new Medium post. Today, I’d like to share an interesting technique that allows shellcode to be encoded as a sequence of…
S12 - 0x12Dark Development·5d ago0x12DarkSandbox: Test Your Offensive PayloadsWelcome to this new Medium post. Today, I’m excited to introduce my most ambitious project to date: 0x12DarkSandbox, a dedicated detonation…A response icon1A response icon1
S12 - 0x12Dark Development·Jun 2Bring Your Own RWX Region DLL (BYORWXDLL)Welcome to this new Medium post, today we are exploring a technique I call Bring Your Own RWX Region DLL (BYORWXDLL), inspired by the…
S12 - 0x12Dark Development·May 31Sysprep.exe UAC Bypass via AppID HijackWelcome to this new Medium post, today we will see another UAC bypass technique through Sysprep.exe approaching the AppID Hijack technique!
S12 - 0x12Dark Development·May 28Eventvwr.exe UAC Bypass via mscfileWelcome to this new Medium post. Today, we’ll take a look at one of the most popular UAC bypass techniques in Windows and explore how it…
S12 - 0x12Dark Development·May 26UAC Bypass via ComputerDefaults.exeWelcome to this new Medium post, this week we will look at a series of three basic but always useful well documented UAC Bypasses in…A response icon1A response icon1
S12 - 0x12Dark Development·May 24Remote PEB Walking: Enumerating Loaded ModulesWelcome to this new Medium post, today we are enumerating remote modules walking the PEB, a stealthy way to do it instead of relay on the…
S12 - 0x12Dark Development·May 21Primitive Process Injection: APC TandemWelcome to this new Medium post. Today I want to show you an interesting injection technique that chains several of the primitives we have…
S12 - 0x12Dark Development·May 19Remote Process Read Primitive via NtCreateThreadEx Exit CodeWelcome to this new Medium post, today we’ll explore a clever technique to read arbitrary memory from a remote process without ever calling…
S12 - 0x12Dark Development·May 17Detecting EDR Inline Hooks in ntdll.dllWelcome to this new Medium post, today we’ll explore a technique to detect which functions inside ntdll.dll have been patched by an EDR or…
