{"version":1,"pages":[{"id":"mYfaxuPPmm6cmesEXcJB","title":"About me","pathname":"/main","siteSpaceId":"sitesp_4IswZ","emoji":"2139","description":"","breadcrumbs":[{"label":"Home","emoji":"1f3e1"}]},{"id":"AmpOUNRi4ZOWMzkMpuYK","title":"Windows Research","pathname":"/main/research/windows-research","siteSpaceId":"sitesp_4IswZ","emoji":"1fa9f","description":"","breadcrumbs":[{"label":"Research","emoji":"1f52c"}]},{"id":"Z2iRE2t222XzJjn1UguC","title":"The dusk of g_CiOptions: circumventing DSE with VBS enabled","pathname":"/main/research/windows-research/the-dusk-of-g_cioptions-circumventing-dse-with-vbs-enabled","siteSpaceId":"sitesp_4IswZ","description":"In this article, we will explore the concept of bypassing Driver Signature Enforcement (DSE) in the Virtualization Based Security (VBS) era with only a write-what-where exploit primitive.","breadcrumbs":[{"label":"Research","emoji":"1f52c"},{"label":"Windows Research","emoji":"1fa9f"}]},{"id":"6jeKoRHHdyGYAfCzUXO7","title":"ProxyAlloc: evading NtAllocateVirtualMemory detection ft. Elastic Defend & Binary Ninja","pathname":"/main/research/windows-research/proxyalloc-evading-ntallocatevirtualmemory-detection-ft.-elastic-defend-and-binary-ninja","siteSpaceId":"sitesp_4IswZ","description":"In this article, we will explore a method for in-process shellcode execution evasion. This method is specifically designed to avoid the detection of NtAllocateVirtualMemory calls from unsigned DLLs.","breadcrumbs":[{"label":"Research","emoji":"1f52c"},{"label":"Windows Research","emoji":"1fa9f"}]},{"id":"C9NEVj00JwEE8yXh21BJ","title":"Offset-free DSE bypass across Windows 11 & 10: utilising ntkrnlmp.pdb","pathname":"/main/research/windows-research/offset-free-dse-bypass-across-windows-11-and-10-utilising-ntkrnlmp.pdb","siteSpaceId":"sitesp_4IswZ","description":"Parsing ntkrnlmp.pdb on the target to eliminate the need for static offsetting and thus safely and dynamically bypassing driver signature enforcement across multiple Windows 10 & 11 versions.","breadcrumbs":[{"label":"Research","emoji":"1f52c"},{"label":"Windows Research","emoji":"1fa9f"}]},{"id":"uhApSNdpmsU57OEYgaiB","title":"macOS Research","pathname":"/main/research/macos-research","siteSpaceId":"sitesp_4IswZ","emoji":"1f34f","description":"","breadcrumbs":[{"label":"Research","emoji":"1f52c"}]},{"id":"g6MyMQbLyhXGPT8gPX9V","title":"Reverse Engineering and Demystifying *OS Private Frameworks","pathname":"/main/research/macos-research/reverse-engineering-and-demystifying-os-private-frameworks","siteSpaceId":"sitesp_4IswZ","description":"","breadcrumbs":[{"label":"Research","emoji":"1f52c"},{"label":"macOS Research","emoji":"1f34f"}]},{"id":"hWyKX3DlF6ZjUxOIlvgQ","title":"Objective-C .dylib Reverse Engineering \"gigavaxxed\" with Binary Ninja & LLDB","pathname":"/main/research/macos-research/objective-c-.dylib-reverse-engineering-gigavaxxed-with-binary-ninja-and-lldb","siteSpaceId":"sitesp_4IswZ","description":"","breadcrumbs":[{"label":"Research","emoji":"1f52c"},{"label":"macOS Research","emoji":"1f34f"}]}]}