Malware

2026.06.05 Writing an x64 Inline Hook by Hand (Without Reaching for MinHook)
How x64 inline hooks actually work, when to use a 5-byte relative jump versus a 14-byte absolute trampoline, why displaced instructions break when you copy them naively, …
windows reversing hooking internals malware
2026.04.26 Process Injection Without the Obvious Thread: Early Bird APC and Beyond
Why CreateRemoteThread+LoadLibraryA is immediately detectable, how Early Bird APC avoids the worst of the telemetry, and the injection techniques that push further into …
windows malware injection evasion internals