Proof of Concept Explanation Now lets discuss the code before i forget how it works, winternl.h is used to include the Windows Native API functions and types like NTSTATUS. typedef is used to define a data type so that we don’t have to explain it to the compiler again and again. For NtAllocateVirtualMemory, you need … Read more
What is Dynamic API Resolution? Dynamic API Resolution is a technique where Windows API function addresses are resolved at runtime, instead of being imported and declared upfront when the program is compiled or loaded. In simpler terms — rather than saying: “Hey system, I’ll need VirtualProtect and WriteProcessMemory, here’s the list in advance.” You say: … Read more
Introduction AMSI (Anti-Malware Scan Interface) is a Windows feature that allows security solutions to inspect scripts and detect malicious content at runtime. In this post, we’ll explore how to bypass AMSI detection for a known malicious PowerShell command — Invoke-Mimikatz — using Frida to hook and manipulate the AmsiScanBuffer function at runtime. What is AMSI? … Read more