research library

Technical dossiers for detection-aware offensive engineering.

Browse long-form research, lab observations, and implementation notes across malware development, EDR evasion, Windows internals, and Zig tooling.

EDR Evasion

1

edr-evasion / hooking / reverse-engineering

Zig Malware Development

1

zig / malware-dev / tooling

Windows Internals

1

windows-internals / research

Offensive Engineering

1

red-team / offensive-security

edr-evasionred-teamresearchwindows-internalszig

featured dossier

Recommended starting point

zig 10 min

pool-proxy-ng: Clean Call Stacks Through the Thread Pool

Multi-gadget pool proxy system in Zig — route arbitrary Win32 API calls through the thread pool with gadget-based return address masking. No implant code on the stack, ever.

zig edr-evasion research windows-internals red-team
dossier read →

complete archive

All research notes

No additional research notes yet.