Leveraging Windows GDI and TrueType fonts to covertly stage and execute shellcode. Introduction Fonts are a strange and mostly trusted part of the Windows ecosystem.

MacOS gets a lot of attention for its security features, and rightfully so. Between Gatekeeper, SIP, TCC, and XProtect, it has layers upon layers designed

Abusing macOS resource forks to stash and stage shellcode without touching file contents, changing hashes, or triggering EDR, pure metadata-based stealth. This post dives deep

A deep dive into hiding shellcode in .manifest file, triggering it with GUI events, and evading EDRs without touching a single suspicious API. If you

Breaking the Vault: Exploiting Flaws in Credential Management Systems Credential vaults play a critical role in modern enterprise defense rotating high-value passwords, managing access, and