Abusing Exceptions for Code Execution, Part 1

A common offensive technique used by operators and malware developers alike has been to execute malicious code at runtime to avoid static detection. Often, methods of achieving runtime execution have focused on placing arbitrary code into executable memory that can then be executed. In this article, we will explore a
A common offensive technique used by operators and malware developers alike has been to execute malicious code at runtime to avoid static detection. Often, methods of achieving runtime execution have focused on placing arbitrary code into executable memory that can then be executed. In this article, we will explore a new approach to executing runtime code that does not rely on finding executable regions of memory, but instead relies on abusing existing trusted memory to execute arbitrary code.

Writing Exploits for Win32 Systems from Scratch, NCC Group Research Blog

Sample Terms of Use Template and Guide - Termly

Blindside: A New Technique for EDR Evasion with Hardware Breakpoints - Cymulate

User Account Control – Overview and Exploitation

101 Landing Page Optimization Tips & Ideas

Do Not Abuse Try Except In Python, by Christopher Tao

Experimental and spontaneous metastasis assays can result in divergence in clonal architecture

Abusing Exceptions for Code Execution, Part 2

mTLS: When certificate authentication is done wrong - The GitHub Blog

Learn how to add Input Validation to a REST API with NestJS and Prisma

Patching Perforce perforations: Critical RCE vulnerability discovered in Perforce Helix Core Server

Remote Code Execution (RCE), Code Injection, Learn AppSec