Nigerald's Blog

Fileless lateral movement with trapped COM objects

Abusing DCOM remoting for fileless lateral movement

Posted on March 25, 2025

Authors: Dylan Tran and Jimmy Bayne (@bohops)Disclaimer: This post was originally published on the IBM Security Blog and has been mirrored here. [Read More]

Tags: Windows Red_Team Lateral_Movement COM

In my last blog post I talked about stack spoofing, a technique used to hide the origin of an API call so as to not point back to our implant in memory. The implementation I went over is a trade-off; at a glance, the stack is clean, but in reality,... [Read More]

Tags: Evasion Windows

Reflective call stack detections and evasions

Call stack spoofing techniques and how to detect them

Posted on October 6, 2023

Authors: Bobby Cooke (@0xboku) and Dylan TranDisclaimer: This post was originally published on the IBM Security Blog and has been mirrored here. [Read More]

Tags: Windows Red_Team Evasion CallStack

An Introduction into Stack Spoofing

And losing my sanity against Elastic

Posted on September 15, 2023

Stack spoofing is a really cool malware technique that isn’t new, but has been receving some more attention recently. The goal of this post is to introduce readers to the concept and dive into two implementations. This post will focus only on call stack spoofing in x64 Windows with “active”... [Read More]

Tags: Pentesting Evasion Windows

An Introduction into Sleep Obfuscation

Using Ekko to sort of bypass Hunt Sleeping Beacons

Posted on April 24, 2023

Sleep obfuscation is a really cool technique that has been around for a bit now. I spent the past few months digging into it and C. As defensive software has become more capable, along with defensive proof of concepts become more advanced, so must the techniques we implement into our... [Read More]