|
You are here |
oldboy21.github.io | ||
| | | | |
blog.quarkslab.com
|
|
| | | | | [AI summary] The blog post discusses the implementation of a hooking mechanism for Go programs, focusing on the challenges of intercepting function calls and managing concurrency issues. The approach involves modifying the execution flow of Go functions by inserting custom assembly code to handle stack pivoting, ABI switching, and register saving. This allows for the integration of C functions within Go code while addressing platform-specific limitations and concurrency problems. The post highlights the complexity of working with Go's internal structures and the benefits of using Go for hooking, as it simplifies the manipulation of Go types and data structures. | |
| | | | |
modexp.wordpress.com
|
|
| | | | | Introduction Quick post about Windows System calls that I forgot about working on after the release of Dumpert by Cn33liz last year, which is described in this post. Typically, EDR and AV set hooks on Win32 API or NT wrapper functions to detect and mitigate against malicious activity. Dumpert attempts to bypass any user-level hooks... | |
| | | | |
redops.at
|
|
| | | | | ||
| | | | |
thewover.github.io
|
|
| | | TLDR: Presenting DInvoke, a new API in SharpSploit that acts as a dynamic replacement for PInvoke. Using it, we show how to dynamically invoke unmanaged code from memory or disk while avoiding API Hooking and suspicious imports. | ||