Author: winternl
-
TRunPE
—
by
is a modified process hollowing technique capable of injecting entire PE files. What is process hollowing? Process hollowing or RunPE is a code injection technique which allows for an arbitrary PE file to be run in the context of another, legitimate process. This is perhaps the most popular technique used by in-the-wild malware, and is…
-
ShellcodeStdio
—
by
is an extensible framework for easily writing debuggable, compiler optimized, position-independent, x86 and x64 shellcode for windows platforms. I will be demonstrating how to write optimized, position-independent x86 and x64 shellcode using my ShellcodeStdio framework. Our approach is invaluable in the rapid development of shellcode as ShellcodeStdio maintains distinct advantages over coding in pure assembly.…