Category: microsoft

Exploiting Reversing (ER) series: article 05 | Hyper-V (part 01)

The fifth article (57 pages) of the Exploiting Reversing Series (ERS), a step-by-step research series on Windows, macOS, hypervisors and browsers, is available for reading on:

(PDF): https://exploitreversing.com/wp-content/uploads/2025/03/exploit_reversing_05.pdf

I would like to thank Ilfak Guilfanov (@ilfak on X) and Hex-Rays SA (@HexRaysSA on X) for their constant and uninterrupted support, which have helped me write these articles over time.

The best thing in life is people.

I hope you enjoy reading it and have an excellent day.

Alexandre Borges.

(MARCH/12/2025)

Malware Analysis Series (MAS): article 09 | Shellcode

The nineth article (38 pages) of the Malware Analysis Series (MAS), a step-by-step malware analysis and reverse engineering series, is available for reading on:

(PDF): https://exploitreversing.com/wp-content/uploads/2025/01/mas_09-1.pdf

I hope this article helps professionals from cybersecurity communities around the world.

Have an excellent and keep reversing!

Alexandre Borges

(JANUARY/08/2025)

PS: there is a typo on page 07 at the last bullet. Where you read “0x00000095” you must change it to “0x00000099“, as stated at the previous bullet.

Exploiting Reversing (ER) series: article 02 | Windows kernel drivers – part 02

The second article (85 pages) in the Exploiting Reversing (ER) series, a step-by-step vulnerability research series on Windows, macOS, hypervisors and browsers, is available for reading on:

(PDF): https://exploitreversing.com/wp-content/uploads/2024/05/exploit_reversing_02-2.pdf

Happy New Year with happiness, harmony, peace and health to experience all the good times close to your families and friends.

The best thing about this life are the people.

Have an excellent and keep reversing!

Alexandre Borges

(JANUARY/03/2024)

PS: There is a typo on page 72 at the last but one bullet. Where you read “FILE_DEVICE_SECURITY_OPEN was specified for DeviceCharacteristics parameter, as recommended” you should change it to FILE_DEVICE_SECURE_OPEN was specified for DeviceCharacteristics parameter, as recommended”.