so.cl

Rascals are always sociable, and the chief sign that a man has any nobility in his character is the little pleasure he takes in others company. Arthur Schopenhauer


When I’ve firstly seen the technique behind the Shellcode execution through Microsoft Windows Callbacks, I thought it was pure magic. But then, digging a little bit on it, I figured out that it was just brilliant ! Nowadays this technique is quite used in underground communities to inject shellcode into running processes so I decided to write a blog post to make clear to cybersecurity analysts how to deal with it. The takeaway of the day is: Don’t trust your callback function anymore! Running Shellcode Through Windows Callbacks