Many notorious hacker groups (e.g. North Korea’s Lazarus) use the BYOVD attack to gain access to kernel space and implement complex advanced persistent threats (APTs). The same technique is employed by the creators of the Terminator tool and various encryptor operators. This paper discusses BYOVD operating principles and why this attack has become so popular nowadays.

In the course of a pentesting audit, you can capture an image from a security camera and attach it to your report – just to please the customer. No doubt, such pictures are impressive, but what can be the real impact of attacks targeting cameras? Today I will show how to run a shell on a camera, gain a foothold on it, and use it for proxying.

A long time ago, in the early days of my journey to Linux kernel rootkits, I came across a Phrack article describing a rootkit detection technique implemented for i386. The article wasn’t new and referred to a vintage Linux kernel dated 2003. Something in that paper caught my attention, although much remained unclear… Ultimately, I decided to implement the anti-rootkit concept described in it for modern systems.

This article discusses Threadless Injection: a technique making it possible to make injections into third-party processes. At the time of writing, it effectively worked on Windows 11 23H2 x64 running on a virtual machine isolated from the network with OS security features enabled.

Kali Linux is extremely popular among pentesters. However, if you penetrate into a network using default settings of this distribution, it would create much noise on the air, which won’t go unnoticed. This article discusses Kali hardening and explains how to make Linux as silent as possible.

One of the main priorities for hackers is to hide the execution of their malicious code. This article explains how to start processes using the Process Ghosting technique and discusses operation principles of malware detection systems.

The modern TCP/IP protocol stack includes plenty of tunneling protocols. Normally, they are used to expand production networks and build infrastructure. But in this research, I will use them as pentesting tools.