Red & Lonesome | RWXStoned

My Beacon 2025 Talk on User-Defined Reflective Loader

A friendly intro to Cobalt Strike's UDRL

Posted on November 19, 2025

I had the pleasure of giving this talk a London Beacon 2025 conference earlier this year and here are the slides: [Read More]

My x33fcon 2025 Talk on Code Injection

Taming the Windows Loader for Stealthy Injection

Posted on September 9, 2025

This is the link to my x33fcon 2025 Talk this year: Taming the Windows Loader for Stealthy Injection [Read More]

Making the Debugging of UDRLs (a bit) Easier

a simple addition to the UDRL-VS framework to enable the logging of debug strings in your loader at runtime

Posted on July 6, 2025

The introduction of this Visual Studio project as a template for building Cobalt Strike UDRL has come with a lot of little gimmicks aimed at making your life a bit easier as a malware developer. Developing Position Independant Code (PIC)... [Read More]

How is my Browser blocking RWX execution ?

reviewing an EDR-like mechanism implemented by a popular browser

Posted on January 4, 2025

EDIT January 10, 2025 [Read More]

Introducing GimmeShelter.py

a situational awareness Python script to help you find where to put your beacons

Posted on December 6, 2024

GimmeShelter.py is a lightweight Python script which will help you get a good view of what a Windows environment looks like, and highlight opportunities for hiding/running malware from unusual modules, or memory setups. [Read More]