- WinRM Reflective DLLs and Aggressor Scripts
- Greta: Windows Crypto, and Recursive Keying
- Exploring DLL Loads, Links, and Execution
- When Environmental Keying meets DPAPI
- Jumping to conclusions
- Deep Diving Process Injection
- Three ways of using MSBuild to beat CrowdStrike
- Instancing and multi-threaded Malware
- Dynamically resolving hashed-NTAPI Calls
- Cobalt Strike PowerShell Execution
- Common Language Runtime #3: Finalising the CLR Harness
- Common Language Runtime #2: In Memory Execution
- Common Language Runtime #1: An Introduction