Introduction If you're reading this, then you've probably wanted to call some internal ntdll function that isn't exported and easily callable, right? If no, then let me explain what I mean. If we start the Visual Studio Command Prompt, we can use the dumpbin command to display ...

LVM + LUKS LVM is software that uses physical devices as physical volumes (PVs) in storage pools called volume group (VG). Physical volumes can be a partition, whole SATA hard drive grouped as JBOD, RAID systems, iSCSI, Fibre Channel, eSATA, etc [1]. Whenever we decide we want to enable the LVM ...

Introduction Note: all the code examples can be found on my Github profile under visual-studio-projects accessible here: https://github.com/proteansec .** ** In this tutorial, we'll take a look at the DLL injections by using the SetWindowsHookEx method. I haven't found a good blog post on the subject, which ...

Introduction Note: all the code examples can be found on my Github profile under visual-studio-projects accessible here: https://github.com/proteansec. In this tutorial, we'll take a look at various methods that we can use to inject a DLL into the process' address space. For injecting a DLL into ...

Introduction Note: all the code examples can be found on my Github profile under visual-studio-projects accessible here: https://github.com/proteansec. ** ** In this tutorial, we'll talk about how to inject a custom DLL into the process's address space by using the CreateRemoteThread function call. The CreateRemoteThread function creates ...

ASP.NET Configuration Options The most important configurations in the web.config file will be described in this section: The authentication tag is used at the application level and is used to identify the client. There are four authentication modes we can choose from when setting this element. Those ...

Introduction In the previous article we've seen that whether we're using the int 0x2e interrupt or sysenter instruction, the same method in kernel is being used. We also identified that the KiSystemService is being called in both cases. In this article, we'll take a look at the ...

Introduction You've probably heard about Windbg before, right? It's a Windows debugger written by Microsoft that's used by developers and hackers for debugging the OS. We won't go into the process of installing the Windbg debugger, since it's fairly easy to do. When we install ...

Let's present the whole PE file structure with the picture below (taken from [5]): At the beginning there's a DOS header, which is an MS-DOS compatible executable that always consists of exactly 100 bytes that outputs an error message such as "This program cannot be run in DOS ...

You can take a look at the previous article before reading this one. If you already understand the basics of IAT table, then you can skip the first article, but otherwise you should read that before continuing below. Presenting the Example Import Directory Let's use the !dh command to ...