bohops
Abusing .NET Core CLR Diagnostic Features (+ CVE-2023-33127)
No Alloc, No Problem: Leveraging Program Entry Points for Process Injection
Investigating .NET CLR Usage Log Tampering Techniques For EDR Evasion (Part 2)
Unmanaged Code Execution with .NET Dynamic PInvoke
Analyzing and Detecting a VMTools Persistence Technique
CVE-2021-0090: Intel Driver & Support Assistant (DSA) Elevation of Privilege (EoP)
Abusing and Detecting LOLBIN Usage of .NET Development Mode Features
Investigating .NET CLR Usage Log Tampering Techniques For EDR Evasion
Exploring the WDAC Microsoft Recommended Block Rules (Part II): Wfc.exe, Fsi.exe, and FsiAnyCpu.exe
Exploring the WDAC Microsoft Recommended Block Rules: VisualUiaVerifyNative