Welcome to UnHaxed█

Vidar stealer opens its WinMain with two obfuscation tricks stacked on top of each other. Neither is new, but combined they make IDA produce completely wrong output, but luckily it's just 2 minutes to understand and fix.

Static analysis tools struggle with self-modifying code. This post explores how FPU instructions can be used to recover the instruction pointer for runtime payload unpacking.

Implementing accurate darts scoring using vector registers and conditional branches.

Modern EDR systems flag threads starting in unbacked memory. This post demonstrates how to use ROP gadgets in legitimate DLLs to execute shellcode.

Let's tear apart a real-world, obfuscated CVE-2017-11882 exploit that uses dynamic encryption, shellcode obfuscation, and some clever evasion techniques to deliver its payload.

A deep dive into x86-64 assembly programming: implementing the Collatz Conjecture with performance optimizations.

A hands-on walkthrough of writing your first x64 assembly programs with MASM. Just console output using the C runtime and Windows API.

Proofpoint researchers uncovered a malware campaign delivering a payload named after 'Voldemort' the malware that must not be named! Let's dive into how we can use Dumpulator and IDA scripting to reveal its secrets.