Combining PPID Spoofing, Module Stomping, RC4 encryption, and native NT API enumeration into a single injection framework — built from scratch to understand how modern evasion techniques work under the hood.
Six chambers, six encryption/obfuscation methods. A CTF-style tool for practicing Ghidra analysis and decryption routine writing — from XOR to AES-256 CBC to UUID obfuscation.
Manual PE backdooring from scratch: code cave injection, new section addition, XOR evasion, and Adaptix C2 beacon delivery inside a legitimate PuTTY binary.
Deep dive into the Windows PE file format and runtime process inspection via PEB walking — parsing headers, import/export tables, and the loader module list.