Writing rootkits is fun and you should do it. The only unfun part is the constant BSODs and the slow kernel debugging to find out why RAX is returning 0 when it shouldn't be. Also here's an obligatory AI generated image of a "rootkit"

Analyzing a piece of #malware that's executing shellcode but not calling something like CreateRemoteThread? It could be using one of the many APIs available that can execute shellcode via a callback such as EnumCalendarInfoA(). Keep an eye out for the ptr being included as an arg

Wrote my first static #malware unpacker in python today. I've written many config extractors but writing automated unpackers always hurt my head. But today I can check that off my early RE career goals.

So I was trying to figure out for like an hour why my implant was serving a STATUS_ACCESS_DENIED error. It turns out I forgot to include GENERIC_WRITE in my CreateFile()...

AI editing is pretty wild. I don't even own sunglasses.