C

Lately I’ve been poking around at Windows internals and writing low level code. This morning I thought I’d try to bypass Window’s Defender and try to get a low score on Virus Total. One trick I’ve been playing with is writing shellcode to the Windows registry to keep things “fileless.” It’s not super fancy, but it’s kind of neat. I combined that with indirect syscalls and some cryptographic routines to get Windows Defender to chill out....

Elfland Lately I’ve been thinking about Linux internals and malware. In this blog post, we’re going to hark about the ELFs. Just as Windows has its own executable format, so too does Linux. If we look at the source code1 to the Executable and Linkable Format specification in elf.h, we can see the definition of the ELF header and some of its core machinery to get an idea of how it works....