Category Archives: windows

Shellcode: Windows on ARM64 / AArch64

Posted on September 16, 2024 by odzhan

Introduction Back in October 2018, I wanted to write ARM assembly on Windows. All I could acquire then was a Surface tablet running Windows RT that was released sometime in October 2012. Windows RT (now deprecated) was a version of … Continue reading

Posted in arm, assembly, shellcode, windows | Tagged , , , | Leave a comment

Delegated NT DLL

Posted on February 13, 2024 by odzhan

Introduction redplait and Adam/Hexacorn already documented this in 2017 and 2018 respectively, so it’s not a new discovery. Officially available since RedStone 2 released in April 2017, redplait states it was introduced with insider build 15007 released in January 2017. … Continue reading

Posted in data structures, security, windows | Tagged , , , , , , , , | Leave a comment

WOW64 Callback Table (FinFisher)

Posted on April 19, 2023 by odzhan

Introduction Ken Johnson (otherwise known as Skywing) first talked about the KiUserExceptionDispatcher back in 2007 . Since then, scattered around the internet are various posts talking about it, but for some reason nobody demonstrating how to use it. It’s been … Continue reading

Posted in assembly, data structures, programming, security, windows | Tagged , , | 1 Comment

MiniDumpWriteDump via COM+ Services DLL

Posted on August 30, 2019 by odzhan

Introduction This will be a very quick code-oriented post about a DLL function exported by comsvcs.dll that I was unable to find any reference to online. UPDATE: Memory Dump Analysis Anthology Volume 1 that was published in 2008 by Dmitry … Continue reading

Posted in windows | Tagged , , , | Leave a comment

Shellcode: In-Memory Execution of JavaScript, VBScript, JScript and XSL

Posted on July 21, 2019 by odzhan

Introduction A DynaCall() Function for Win32 was published in the August 1998 edition of Dr.Dobbs Journal. The author, Ton Plooy, provided a function in C that allows an interpreted language such as VBScript to call external DLL functions via a … Continue reading

Posted in assembly, programming, security, shellcode, windows | Tagged , , , , , , , | Leave a comment

Shellcode: In-Memory Execution of DLL

Posted on June 24, 2019 by odzhan

Introduction In March 2002, the infamous group 29A published their sixth e-zine. One of the articles titled In-Memory PE EXE Execution by Z0MBiE demonstrated how to manually load and run a Portable Executable entirely from memory. The InMem client provided … Continue reading

Posted in assembly, injection, programming, security, shellcode, windows | Tagged , , , | 4 Comments

Shellcode: Loading .NET Assemblies From Memory

Posted on May 10, 2019 by odzhan

Introduction The dot net Framework can be found on almost every device running Microsoft Windows. It is popular among professionals involved in both attacking (Red Team) and defending (Blue Team) a Windows-based device. In 2015, the Antimalware Scan Interface (AMSI) … Continue reading

Posted in assembly, encryption, malware, programming, security, shellcode, windows | Tagged , , , , , , | 2 Comments

How the L0pht (probably) optimized attack against the LanMan hash.

Posted on February 2, 2019 by odzhan

Introduction Data Encryption Standard The LanMan Algorithm Brute Force Attack Version 1 Precomputing Key Schedules 1 Version 2 Using Macros For The Key Schedule Algorithm Initial and Final Permutation Skipping Rounds Version 3 Precomputing Key Schedules 2 Version 4 Results … Continue reading

Posted in cryptography, passwords, programming, security, windows | Tagged , , , , | 1 Comment