Malware sandbox evasion in x64 assembly by checking ram size - Part 2
Implementing sandbox evasion via GlobalMemoryStatusEx in x64 assembly, including how to manually calculate C struct sizes and pass pointers on the stack.
Malware sandbox evasion in x64 assembly by checking ram size - Part 1
Implementing the malware sandbox evasion technique of checking RAM size using GetPhysicallyInstalledSystemMemory, converted from C to x64 Windows assembly.
String anti-virus evasion in x64 assembly (Part 2)
How to hide API call strings from antivirus detection using LoadLibrary and GetProcAddress for runtime DLL loading, with a full x64 assembly implementation.
String anti-virus evasion in x64 assembly (Part 1)
How to hide strings from antivirus detection by placing them on the stack instead of the .data segment, demonstrated in C and x64 Windows assembly.
Converting a malware dropper to x64 assembly
Practical lessons from converting a C malware dropper to x64 Windows assembly, covering shadow spaces, calling conventions, and memory segments.