Are we nearly there yet? Walking Half the PEB with VBA
This is really just a variation on a theme, however I thought I’d write a quick post none the less. As previously stated the traditional way to get to AMSI function addresses was through LoadLibrary and then GetProcAddress. Microsoft blacklisted some function names to make using GetProcAddress unavailable which is why my my colleague andContinue reading Are we nearly there yet? Walking Half the PEB with VBA