analyze.py - IDA Pro 9.X Python for automated call chain analysis
runner.ps1 - PowerShell batch runner for mass binary analysis
download-all-versions.ps1 - Download historical binary versions + PDBs

https://github.com/daaximus/ida-reach/

This blog contains my own research collected from the internet, along with ideas from other blogs and studies. While many parts are written in my own words, the Most sections were copied directly from external sources because they were already very well written and clearly expressed. This blog is mainly for sharing my personal notes and learning journey.

Wanna bypass chrome ABE? Read this and let the ideas flow

The definitive red team guide to understanding and bypassing Windows security controls: Windows Defender (static + AMSI + behavioral), AppLocker, WDAC, SmartScreen, ASR Rules, Credential Guard (VBS/LSAIso), Sysmon, PPL, and a comprehensive EDR deep-dive covering kernel callbacks, ETW-TI, API hooks, BYOVD, EDRKillShifter, EDRSilencer, sleep obfuscation, call stack spoofing, process injection, and the complete EDR kill chain. Every bypass mapped to MITRE ATT&CK.

Focus is on real detection primitives like:
PsSetCreateProcessNotifyRoutine(Ex) for process lifecycle monitoring

PsSetLoadImageNotifyRoutine for image/DLL tracking

ObRegisterCallbacks for process/thread handle filtering

kernel → user-mode communication via IOCTL + agent design

TL;DR: Two command injection vulnerabilities exist in the Windows Explorer “Open PowerShell window here” context menu due to improper quoting and command injection through user-controlled folder paths. By creating folders with crafted names (e.g., folder; calc), an attacker can trigger arbitrary PowerShell command execution when a user uses Shift + Right-Click → Open PowerShell window here. One variant affects modern Windows 11 builds, while another existed since Windows 10 1703 (2017).

Let me keep it short… use uncommon stuff for static

(here is my conference ┐⁠(⁠ ⁠∵⁠ ⁠)⁠┌)
chain things smart to get past behavior detection.