Malware Research

Implementing Hell’s Gate in Zig – Part 1

by

Introduction Hello, fellow Zig programming enthusiasts! In this blog post, I’ll walk you through the process of implementing of well-known and classic technique “Hell’s Gate ” —a method for making direct Windows system calls by extracting syscall numbers from ntdll.dll. Hell’s Gate is popular in malware for evading API monitoring, as it used to bypass … Read more

Porting Backdoors – Windows rootkits via RESTful API Service

by

Research Agenda Part1 – porting the backdoor for windows (READY) Part2 – porting the backdoor for Linux/Unix (IN PROGRESS) Part3 – hiding the process (IN PROGRESS) Part4 – provision of techniques (IN PROGRESS) RootKits Definitions According to Greg Hoglund, a rootkit is “a set of programs and code that allows a permanent or consistent, undetectable presence on a … Read more