Red & Lonesome | RWXStoned

My x33fcon 2025 Talk on Code Injection

Taming the Windows Loader for Stealthy Injection

Posted on September 9, 2025

This is the link to my x33fcon 2025 Talk this year: Taming the Windows Loader for Stealthy Injection [Read More]

Making the Debugging of UDRLs (a bit) Easier

a simple addition to the UDRL-VS framework to enable the logging of debug strings in your loader at runtime

Posted on July 6, 2025

The introduction of this Visual Studio project as a template for building Cobalt Strike UDRL has come with a lot of little gimmicks aimed at making your life a bit easier as a malware developer. Developing Position Independant Code (PIC)... [Read More]

How is my Browser blocking RWX execution ?

reviewing an EDR-like mechanism implemented by a popular browser

Posted on January 4, 2025

EDIT January 10, 2025 [Read More]

Introducing GimmeShelter.py

a situational awareness Python script to help you find where to put your beacons

Posted on December 6, 2024

GimmeShelter.py is a lightweight Python script which will help you get a good view of what a Windows environment looks like, and highlight opportunities for hiding/running malware from unusual modules, or memory setups. [Read More]

BeaconGate, Sleepmask... customizing Cobalt Strike after 4.10

a quick new Sleep PoC using the latest Cobalt Strike features

Posted on November 13, 2024

Cobalt Strike keeps on evolving and this has serious implications on what happens behind the scenes when your payload runs, and what the resulting IOCs will be. With the growing complexity of the product there has also been a lot... [Read More]