Ghostly Hollowing Crypter: Evading AV and EDRIn this post, we’ll explore a technique that combines process ghosting with crypter-style obfuscation to bypass modern antivirus (AV) and…1d ago1d ago
Ghost Files for Inter Process CommunicationWelcome to this new Medium post. Today, we’re going to explore a creative way for processes to share data: using ghost files.4d ago4d ago
Temporary Driver InjectionWelcome to this new Medium post, in malware development, there are times when we want to load a kernel-mode driver without leaving too many…Jun 4Jun 4
Essential Windows Evasion TechniquesWelcome to this new post. Today, I will explain the must-have techniques that every malware developer needs to implement in their malware…Jun 2Jun 2
Introduction to Ghost FilesIn the world of malware development and advanced evasion techniques, one of the clever tricks you can use is called “ghost files.” This…May 29May 29
Ghostly HollowingWelcome to this new Medium post, we’ll take a closer look at the Ghostly Hollowing process injection technique a lesser-known but powerful…May 26May 26
ETW Event Injection via Guard PagesEvent Tracing for Windows (ETW) is a built-in Windows system for logging kernel and application events (like process starts, file access…May 22May 22
ETW InterceptorWelcome to this new Medium post! Today, I’ll show you my latest project as part of our ETW Evasion Toolkit. The ETW Interceptor is a C++…May 15May 15
