Posts by date
2025
I haven’t written posts in a long time, but that does not mean I have not been up to anything. I am planning to get this kickstarted again. Here is a couple things I’ve done this 4 last years and which I’ll be talking about in the near future:
- An eBPF-based rootkit: TripleCross.
- A tainting engine for reversing malware C2 protocols: TaintBlade.
- A new exploitation technique that bypasses modern CFI like Intel CET, Control Flow Guard and LLVM CFI: CFOP. This is also my first paper in my PhD, getting published in Usenix Sec’25.
- A secret side project related to malware ;).
2021
August
- EternalBlue Part 8 - The full picture: Eternalblue, the exploitation.
- EternalBlue Part 7 - Studying exploitation concepts.
- EternalBlue Part 6 - Additional bugs.
- EternalBlue Part 5 - Vulnerability analysis.
- EternalBlue Part 4 - Study of SMB: Transactions and FEAs.
July
- EternalBlue Part 3 - Reverse engineering.
- EternalBlue Part 2 - Initial study of the exploit.
- EternalBlue Part 1- The start of the journey.
May
- Using Return Oriented Programming to bypass DEP/NX.
- Stack-based Buffer Overflow intro - Part 2.
- Stack-based Buffer Overflow intro - Part 1.
Contact me:
h3xduck on Github
h3xduck on Matrix
email on Gmail
h3xduck on Telegram