# Research - [Windows Research](https://blog.cryptoplague.net/main/research/windows-research.md) - [The dusk of g\_CiOptions: circumventing DSE with VBS enabled](https://blog.cryptoplague.net/main/research/windows-research/the-dusk-of-g_cioptions-circumventing-dse-with-vbs-enabled.md): In this article, we will explore the concept of bypassing Driver Signature Enforcement (DSE) in the Virtualization Based Security (VBS) era with only a write-what-where exploit primitive. - [ProxyAlloc: evading NtAllocateVirtualMemory detection ft. Elastic Defend & Binary Ninja](https://blog.cryptoplague.net/main/research/windows-research/proxyalloc-evading-ntallocatevirtualmemory-detection-ft.-elastic-defend-and-binary-ninja.md): In this article, we will explore a method for in-process shellcode execution evasion. This method is specifically designed to avoid the detection of NtAllocateVirtualMemory calls from unsigned DLLs. - [Offset-free DSE bypass across Windows 11 & 10: utilising ntkrnlmp.pdb](https://blog.cryptoplague.net/main/research/windows-research/offset-free-dse-bypass-across-windows-11-and-10-utilising-ntkrnlmp.pdb.md): Parsing ntkrnlmp.pdb on the target to eliminate the need for static offsetting and thus safely and dynamically bypassing driver signature enforcement across multiple Windows 10 & 11 versions. - [macOS Research](https://blog.cryptoplague.net/main/research/macos-research.md) - [Reverse Engineering and Demystifying \*OS Private Frameworks](https://blog.cryptoplague.net/main/research/macos-research/reverse-engineering-and-demystifying-os-private-frameworks.md) - [Objective-C .dylib Reverse Engineering "gigavaxxed" with Binary Ninja & LLDB](https://blog.cryptoplague.net/main/research/macos-research/objective-c-.dylib-reverse-engineering-gigavaxxed-with-binary-ninja-and-lldb.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://blog.cryptoplague.net/main/research.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.