Latest posts

• PsExec'ing the right way and why zero trust is mandatory In this blogpost, we'll see how the PsExec.exe binary works, how we can use it as redteamers to improve remote commande execution and how to protect against it.
  Feb 10, 2025 - 20 min read
• Dumping LSA secrets, a story about task decoralation In this blogpost we'll see how task decorrelation can be abused to bypass EDR's detection mecanisms during internal assessments
  Jul 2, 2024 - 11 min read
• From Windows drivers to a almost fully working EDR In this article we will see how Windows drivers work, how to create one and, in the end, we will develope a custom EDR that will rely on kernel callback functions, static analysis and API hooking.
  Jan 31, 2024 - 39 min read
• [FR] Conférence à LeHack23: Du driver Windows à l'EDR Rediffusion de la conférence du driver Windows à l'EDR.
  Jan 8, 2024 - 1 min read