Think HVCI and kCET mean the end of kernel code execution? I wrote a blogpost exploring an alternative way to execute a kernel payload! :).

Ever wondered how CryptProtectMemory with the CRYPTPROTECTMEMORY_SAME_PROCESS flag worked, or if encrypted blobs could be decrypted without code injection ? I wrote a blogpost about it:

I wrote a blogpost on injecting code into a PPL process on Windows 11, without abusing any vulnerable driver.

I recently released ThievingFox, a collection of post-exploitation tools to gather credentials from various password managers and Windows utilities. You can find my blogpost about it: And the Github repo of the tool: