I recently released ThievingFox, a collection of post-exploitation tools to gather credentials from various password managers and Windows utilities. You can find my blogpost about it: blog.slowerzs.net/posts/thieving… And the Github repo of the tool: github.com/Slowerzs/Thiev…

I wrote a blogpost on injecting code into a PPL process on Windows 11, without abusing any vulnerable driver. blog.slowerzs.net/posts/pplsyste…

Ever wondered how CryptProtectMemory with the CRYPTPROTECTMEMORY_SAME_PROCESS flag worked, or if encrypted blobs could be decrypted without code injection ? I wrote a blogpost about it: blog.slowerzs.net/posts/cryptdec…

Think HVCI and kCET mean the end of kernel code execution? I wrote a blogpost exploring an alternative way to execute a kernel payload! :) blog.slowerzs.net/posts/keyjumpe…