malware development / edr evasion

Its a blog

Technical musings on interesting topics including malware development, EDR evasion, Windows internals, hacker shenanigans, and maybe a manifesto or two.

All Posts About

research areas

What gets covered

Malware Development

Loaders, implants, execution primitives, and offensive tooling written with implementation detail.

EDR Evasion

Detection-aware tradecraft, telemetry pressure points, call-stack hygiene, and bypass constraints.

Windows Internals

PE loading, NT APIs, process memory, thread behavior, and the machinery techniques depend on.

featured research

View archive →

Jun 4, 2026

pool-proxy-ng: Clean Call Stacks Through the Thread Pool

Multi-gadget pool proxy system in Zig — route arbitrary Win32 API calls through the thread pool with gadget-based return address masking. No implant code on the stack, ever.

zigedr-evasionresearchwindows-internalsred-team

Read article →