01
whitelotusbootkituefi
WhiteLotus: Walking Through a UEFI Bootkit
A firmware research walk-through of WhiteLotus, a UEFI boot-chain project that follows bootmgfw, winload, and ntoskrnl before Windows fully starts.
RUN
02
lenovo-x230corebootreal-silicon
My Journey for X230 + Coreboot
After finishing the SMM blog, I picked up a Lenovo X230 for the next stage of the project. Until now, most of my experiments had lived inside QEMU. In …
RUN
03
system-management-mode
An In-Depth Look at the System Management Mode of Processors
It’s gonna be hard, I guess.
Introduction Welcome to my journey into the underworld. In this blog, we’ll take an in-depth look at the “god mode” …
RUN
04
Reverse-EngineeringFirmware-ReversingReser-Vector
A Journey For X86 Reset Vector
Introduction Hello folks, and welcome to yet another journey! Today, we are going to dive deep into a processor’s very first breath.
Lately, …
RUN
05
Malware-DevelopmentReverse-EngineeringSSDT-Unhooking
Detecting SSDT Hook with User Mode Program via BYOVD
Introduction Github Link: github.com/0xbekoo/SSDT-Hook-Detector
Welcome to my blog! Today we will dive into a little adventure…
Recently, I …
RUN
06
Reverse-EngineeringPatchGuardReversing-PatchGuard
PatchGuard Analysis - Part 4
Verification Routines This phase is the heart of PatchGuard’s self-defense mechanism. Once PatchGuard is triggered—either by a timer, a DPC, a …
RUN
07
Reverse-EngineeringPatchGuardReversing-PatchGuard
PatchGuard Analysis - Part 3
Triggering a check As we have seen before, the several methods used to setup some contexts. In this section, we will see that how these contexts are …
RUN
08
Reverse-EngineeringPatchGuardReversing-PatchGuard
PatchGuard Analysis - Part 2
Arguments of KiInitPatchGuardContext Now, we can see another Arguments of the function.
Argument 1: DPC Routine Pointer As we have seen before, the …
RUN
09
Reverse-EngineeringPatchGuardReversing-PatchGuard
PatchGuard Analysis - Part 1
This article is dedicated to B. who the dark shadow. Thx for your all help, the dark shadow B.
Introduction Most of us have probably come across …
RUN
10
Reverse-EngineeringWindows-kernelRootkit
Loading Driver from User-Mode Program via SSDT Hooking
Welcome to my blog. In this blog, i will demonstrate SSDT Hooking technique.
In this article, we will examine how SSDT Hooking works, why it is used, …
RUN
11
Reverse-EngineeringSyscallWindows-kernel
Reversing System Call Mechanism in Windows Kernel
Hi everyone! Today we will dive into Syscalls in Windows Kernel. After the information I had for SSDT, this information seemed insufficient to me. …
RUN
12
Reverse-EngineeringFirmware-ReversingIOT-Hacking
ARM Firmware Reverse Engineering
Hello everyone. In this blog we continue with Firmware Reverse Engineering. We will dive into Bare Metal Reversing. If you remember, in our previous …
RUN
13
Reverse-EngineeringFirmware-ReversingIOT-Hacking
Router Firmware Reverse Engineering
Hello there. Welcome to my first blog for Firmware Reverse Engineering. In this post we will reverse the firmware of TP-Link’s Archer AX 21 V4.6 …
RUN
14
Reverse-EngineeringPtraceradare2
Is Valorant Spyware?
Understanding How Anti-Cheat Software Works To begin our exploration, we first need to understand how anti-cheat software works. In general, …
RUN