10 docs tagged with "foundation"

Collection of evasion tricks for anti-analysis and bypassing automated sandbox analysis. Works particularly well against platforms like VirusTotal

Simply put, DLL hijacking refers to tricking a legitimate application into loading an arbitrary DLL. There are various approaches to achieving this, and we will go over some of these in this article.

In this article we will go over the basic concept of process injection; what it consists of and a few examples.

Manual implementation of GetModuleHandle and GetProcAddress via a PEB walk and PE parsing.

On Windows, performing any meaningful action that interacts with system resources requires going through the Windows API (or invoking system calls directly). But what really happens under-the-hood when you do that?

What is a thread?

Background

This article covers the fundamentals of virtual memory and paging in Windows

The Windows operating system is a complex multi-layered system consisting of several interconnected components with different purposes and rules, forming an unified system. The layered components speak to each other to achieve objectives, working in a hierarchical fashion. Components lower in the stack of layers have more control.

Going over the different components of the Windows OS, showing the full picture of Windows internals.