-
Thread Hijacking Iceberg: Deep Dive into Phantom Call & RtlRemoteCall
Phantom Call What is phantom call? It is a combination of thread hijacking and calling interesting APIs on a newly crafted stack in the context of hijacked thread in a more stable way. A quick summary of the technique X64 stack alignment Our target Straight to business, lets take a look at our target. A…
-
The Stack Series: Return Address Spoofing on x64
introduction The stack of a process has the potential to give away the true nature of the running program in the memory. Hence it is one of the monitored entities by the security solutions. When a program executes any interesting functions like InternetConnectA, security systems may initiate a stack check to find out if there…