Make a COFFee relax and bypass AMSI
This blog post presents the use of COFF Loaders and COFF objects through a case study implementing AMSI bypass via byte patching
Recent posts
Leveraging the Spring Expression Language (SpEL) injection vulnerability ( a.k.a The Magic SpEL) to get RCE
This post explains the Spring Expression Language injection (SpEL) vulnerability
Win32 reverse shellcode - pt .3 - Constructing the reverse shellcode
This blog post explains how to construct a Win32 reverse TCP shell connection in x86 assembly
Win32 reverse shellcode - pt .2 - locating the Export Directory Table
This blog post explains how to locate the Export Directory Table from the PE file structure
Win32 reverse shellcode - pt .1 - Locating the kernelbase.dll address
This blog post explains how to locate the kernelbase.dll address using winDbg debugger in x86 assembly