.NET Heap Objects

This post is meant to be read in conjunction with my whitepaper, Acquiring .NET Objects from the Managed Heap located here, and I will be discussing how to find any object on the CLR heap in .NET both both...

Read More


Shellcode Techniques in C++

Recently I wrote a piece of malware for a memory forensics course I was teaching at Southern Oregon University. My intention was to write a sample that correlated with the back end of the courses, GUI artifacts, persistence the...

Read More


Shellcode in .NET - How the PEB Changes

Shellcode commonly uses a method to resolve Windows API functions by traversing through the Portable Environment Block (PEB) to find Kernel32’s base address. This is done so shellcode remains position independent while still having the ability to call LoadLibraryA and...

Read More


Windows x64 Shellcode

Recently I have been rewriting several pieces of shellcode that I have implemented for x86 Windows into x64 and have had a hard time finding resources online that aided in my endeavors. I wanted to write a blog post (my...

Read More