Fluxsec.red Blog

Fluxsec.red Blog https://fluxsec.red/ RSS feed for fluxsec.red blog posts Sat, 26 Apr 2025 12:00:00 GMT Sat, 26 Apr 2025 12:00:00 GMT Hells Gate Rust - EDR Evasion with syscalls https://fluxsec.red/rust-edr-evasion-hells-gate https://fluxsec.red/rust-edr-evasion-hells-gate Sun, 02 Feb 2025 15:39:47 GMT DLL Injection EDR Evasion 1: Hiding an elephant in the closet https://fluxsec.red/dll-injection-edr-evasion-1 https://fluxsec.red/dll-injection-edr-evasion-1 Sun, 02 Feb 2025 15:39:47 GMT Remote process DLL injection in Rust https://fluxsec.red/remote-process-dll-injection https://fluxsec.red/remote-process-dll-injection Mon, 01 Apr 2024 18:59:33 GMT Building a DLL in Rust https://fluxsec.red/rust-dll-windows-api https://fluxsec.red/rust-dll-windows-api Thu, 21 Mar 2024 19:17:53 GMT Introduction to the Windows API in Rust with a DLL Loader https://fluxsec.red/winapi-rust-intro https://fluxsec.red/winapi-rust-intro Wed, 20 Mar 2024 17:10:02 GMT How I developed a markdown blog in Go and HTMX https://fluxsec.red/how-I-developed-a-markdown-blog-with-go-and-HTMX https://fluxsec.red/how-I-developed-a-markdown-blog-with-go-and-HTMX Mon, 25 Dec 2023 07:52:52 GMT Reflective DLL injection and bootstrapping in C https://fluxsec.red/reflective-dll-injection-in-c https://fluxsec.red/reflective-dll-injection-in-c Fri, 06 Jan 2023 19:08:52 GMT Clipboard Hex Dumper Tool https://fluxsec.red/chx-copy-hex-dumper https://fluxsec.red/chx-copy-hex-dumper Mon, 22 Apr 2024 19:14:26 GMT Str Crypter - Payload string encryption with Rust https://fluxsec.red/str-crypter https://fluxsec.red/str-crypter Sun, 06 Oct 2024 16:40:11 GMT Export Resolver https://fluxsec.red/export-resolver https://fluxsec.red/export-resolver Tue, 04 Jun 2024 18:05:03 GMT EDR Evasion ETW patching in Rust https://fluxsec.red/etw-patching-rust https://fluxsec.red/etw-patching-rust Sun, 02 Feb 2025 15:39:47 GMT Intro and plan for the Sanctum EDR https://fluxsec.red/sanctum-edr-intro https://fluxsec.red/sanctum-edr-intro Fri, 07 Feb 2025 07:48:49 GMT EDR Evasion APC Queue Injection in Rust https://fluxsec.red/apc-queue-injection-rust https://fluxsec.red/apc-queue-injection-rust Sun, 02 Feb 2025 15:39:47 GMT Rust DLL Search Order Hijacking https://fluxsec.red/rust-dll-search-order-hijacking https://fluxsec.red/rust-dll-search-order-hijacking Sun, 06 Oct 2024 14:14:54 GMT Creating a Windows Driver in Rust https://fluxsec.red/rust-windows-driver https://fluxsec.red/rust-windows-driver Sun, 20 Oct 2024 00:33:11 GMT Configuring a Rust Windows driver https://fluxsec.red/rust-windows-driver-configuration https://fluxsec.red/rust-windows-driver-configuration Sun, 20 Oct 2024 10:12:43 GMT Building the Driver Object https://fluxsec.red/rust-windows-driver-object https://fluxsec.red/rust-windows-driver-object Sun, 03 Nov 2024 09:29:18 GMT Error logging https://fluxsec.red/logging-errors-in-rust https://fluxsec.red/logging-errors-in-rust Tue, 10 Dec 2024 22:27:43 GMT Windows Driver IRQL and acquiring a Driver Mutex https://fluxsec.red/windows-rust-driver-irql-driver-mutex https://fluxsec.red/windows-rust-driver-irql-driver-mutex Fri, 20 Dec 2024 20:17:19 GMT wdk-mutex: An idiomatic mutex for Rust Windows Kernel Drivers https://fluxsec.red/wdk-mutex-windows-driver-mutex https://fluxsec.red/wdk-mutex-windows-driver-mutex Mon, 08 Jan 2024 19:53:12 GMT Theory: EDR Syscall hooking and Ghost Hunting, my approach to detection https://fluxsec.red/edr-syscall-hooking https://fluxsec.red/edr-syscall-hooking Tue, 16 Jan 2024 19:01:37 GMT Implementing syscall hooks in Rust https://fluxsec.red/implementing-syscall-hooking-rust https://fluxsec.red/implementing-syscall-hooking-rust Tue, 16 Jan 2024 22:45:52 GMT Communicating from the hooked syscall https://fluxsec.red/communicating-from-hooked-syscall-rust https://fluxsec.red/communicating-from-hooked-syscall-rust Fri, 19 Jan 2024 21:42:52 GMT Rust Windows Strings WinAPI Programming MSDN Cheatsheet https://fluxsec.red/rust-windows-strings-winapi-programming-msdn-cheatsheet https://fluxsec.red/rust-windows-strings-winapi-programming-msdn-cheatsheet Tue, 06 Feb 2024 09:47:43 GMT Ghost hunting OpenProcess https://fluxsec.red/ghost-hunting-open-process https://fluxsec.red/ghost-hunting-open-process Thu, 25 Jan 2024 12:37:49 GMT Hooking VirtualAllocEx https://fluxsec.red/edr-hooking-virtual-alloc-ex-rust-malware https://fluxsec.red/edr-hooking-virtual-alloc-ex-rust-malware Fri, 26 Jan 2024 14:29:19 GMT Mitigating broadcast spoofs with Ghost Hunting https://fluxsec.red/mitigating-broadcast-spoofing-rust-sanctum-edr-ghost-hunting https://fluxsec.red/mitigating-broadcast-spoofing-rust-sanctum-edr-ghost-hunting Tue, 30 Jan 2024 19:34:43 GMT Creating a Protected Process Light in Rust for Sanctum EDR https://fluxsec.red/creating-a-ppl-protected-process-light-in-rust-windows https://fluxsec.red/creating-a-ppl-protected-process-light-in-rust-windows Thu, 01 Feb 2024 15:38:22 GMT Reading Event Tracing for Windows Threat Intelligence https://fluxsec.red/event-tracing-for-windows-threat-intelligence-rust-consumer https://fluxsec.red/event-tracing-for-windows-threat-intelligence-rust-consumer Sun, 02 Feb 2025 15:39:47 GMT Improving the Ghost Hunting implementation for flexibility and speed https://fluxsec.red/improving-the-ghost-hunting-implementation-for-flexibility https://fluxsec.red/improving-the-ghost-hunting-implementation-for-flexibility Thu, 06 Feb 2025 23:05:18 GMT Monitoring NTDLL for in memory patching https://fluxsec.red/monitoring-ntdll-for-memory-patching-etw-hacking-bypass-in-rust-EDR https://fluxsec.red/monitoring-ntdll-for-memory-patching-etw-hacking-bypass-in-rust-EDR Sun, 02 Mar 2025 13:42:53 GMT Reverse engineering undocumented Windows Kernel features to work with the EDR https://fluxsec.red/reverse-engineering-windows-11-kernel https://fluxsec.red/reverse-engineering-windows-11-kernel Tue, 04 Mar 2025 18:28:19 GMT Full spectrum Event Tracing for Windows detection in the kernel against rootkits https://fluxsec.red/full-spectrum-event-tracing-for-windows-detection-in-the-kernel-against-rootkits https://fluxsec.red/full-spectrum-event-tracing-for-windows-detection-in-the-kernel-against-rootkits Sun, 30 Mar 2025 17:21:42 GMT Real-time Ransomware Detection Strategy https://fluxsec.red/considering-ransomware-edr-defence-strategy https://fluxsec.red/considering-ransomware-edr-defence-strategy Sun, 06 Apr 2025 19:02:23 GMT Making improvements to the EDR DLL injection https://fluxsec.red/improving-edr-dll-injection-kernel-callback https://fluxsec.red/improving-edr-dll-injection-kernel-callback Wed, 23 Apr 2025 17:17:46 GMT Making improvements to the EDR DLL injection https://fluxsec.red/early-bird-apc-queue-injection https://fluxsec.red/early-bird-apc-queue-injection Sun, 27 Apr 2025 17:56:12 GMT Alt Syscalls for Windows 11 https://fluxsec.red/alt-syscalls-for-windows-11 https://fluxsec.red/alt-syscalls-for-windows-11 Sun, 11 May 2025 18:37:14 GMT Rust OPSEC for Malware Development https://fluxsec.red/rust-opsec-malware-development https://fluxsec.red/rust-opsec-malware-development Sat, 31 May 2025 12:15:18 GMT Inside DCHSpy: Analysing Iranian APT MuddyWater free VPN mobile spyware https://fluxsec.red/analysing-Iranian-APT-MuddyWater-mobile-spyware-free-vpn-comodo https://fluxsec.red/analysing-Iranian-APT-MuddyWater-mobile-spyware-free-vpn-comodo Mon, 21 Jul 2025 21:59:22 GMT Hells Hollow: A new SSDT Hooking technique https://fluxsec.red/hells-hollow-a-new-SSDT-hooking-technique-with-alt-syscalls-rootkit https://fluxsec.red/hells-hollow-a-new-SSDT-hooking-technique-with-alt-syscalls-rootkit Mon, 28 Jul 2025 19:57:18 GMT Improving consistency with EDR DLL Injection via APCs https://fluxsec.red/improving-EDR-via-windows-driver-apc-injection-rust https://fluxsec.red/improving-EDR-via-windows-driver-apc-injection-rust Sun, 12 Oct 2025 14:10:51 GMT Timestomping a PE compile timestamp - adversary tradecraft and detection https://fluxsec.red/timestomping-pe-compile-time https://fluxsec.red/timestomping-pe-compile-time Sun, 26 Oct 2025 09:02:59 GMT Using Ghidriff to look at heap buffer overflow example https://fluxsec.red/using-ghidriff-to-examine-heap-buffer-overflow https://fluxsec.red/using-ghidriff-to-examine-heap-buffer-overflow Sat, 01 Nov 2025 11:58:07 Z Disassembly notes https://fluxsec.red/disassembly-notes https://fluxsec.red/disassembly-notes Sat, 15 Nov 2025 08:36:17 Z Creating a local self signed certificate for localhost testing of Wyrm C2 https://fluxsec.red/wyrm-c2-localhost-self-signed-certificate-windows https://fluxsec.red/wyrm-c2-localhost-self-signed-certificate-windows Mon, 17 Nov 2025 19:09:12 Z Creating a framework in Wyrm C2 to easily configure custom exports of an implant https://fluxsec.red/creating-implant-dll-exports-wyrm-c2 https://fluxsec.red/creating-implant-dll-exports-wyrm-c2 Sun, 23 Nov 2025 15:12:45 Z Vectored Exception Handling Squared https://fluxsec.red/vectored-exception-handling-squared-rust https://fluxsec.red/vectored-exception-handling-squared-rust Sat, 27 Dec 2025 19:09:45 Z Detecting Vectored Exception Handling Squared in an EDR https://fluxsec.red/detecting-vectored-exception-handling-malware-rust-edr-windows-kernel https://fluxsec.red/detecting-vectored-exception-handling-malware-rust-edr-windows-kernel Sun, 11 Jan 2026 13:40:45 Z Creating a Rust VBS Enclave DLL running in VTL1 https://fluxsec.red/creating-a-rust-application-running-in-vtl1 https://fluxsec.red/creating-a-rust-application-running-in-vtl1 Thu, 15 Jan 2026 19:15:45 Z Introducing System Call Integrity Layer https://fluxsec.red/introducing-system-call-integrity-layer https://fluxsec.red/introducing-system-call-integrity-layer Sat, 17 Jan 2026 13:59:15 Z Starting point for simple ransomware detection https://fluxsec.red/simple-ransomware-detection-sanctum-minifilter https://fluxsec.red/simple-ransomware-detection-sanctum-minifilter Sun, 8 Feb 2026 53:40:00 Z Crimes against NTDLL - Implementing Early Cascade Injection https://fluxsec.red/implementing-early-cascade-injection-rust https://fluxsec.red/implementing-early-cascade-injection-rust Sat, 14 Mar 2026 12:50:00 Z https://fluxsec.red/disassembly-notes