https://klezvirus.github.io/Just a noob with a passion for what runs under the hood. 2026-03-19T12:48:36+01:00 klezVirus https://klezvirus.github.io/ Jekyll © 2026 klezVirus /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png 2026-03-16T10:00:00+01:00 2026-03-19T12:47:27+01:00 https://klezvirus.github.io/posts/Byoud/ klezVirus

Foreword This is the third and final installment in a series of posts on stack spoofing research that I presented at Black Hat Europe 2025. The first two posts covered Stack Moonwalking++ and Callback Hell, which explored techniques for spoofing call stacks in pre-CET environments. However, Intel CET (Control-flow Enforcement Technology) fundamentally breaks those approaches. The shadow stack...

2025-12-21T23:00:00+01:00 2025-12-22T12:03:23+01:00 https://klezvirus.github.io/posts/Callback-Hell/ klezVirus

Foreword Once upon a time, my friend Athanasios Tserpelis, aka trickster0, decided to give me a call with a great problem on his hands: I’m using TpAllocWork + TpPostWork to execute an arbitrary function, but I’m not fully sure how to recover the return value. Any ideas? That question reminded me of some experiments I was working on previously, but had set aside out of laziness. I deci...

2025-12-15T12:40:00+01:00 2025-12-21T22:45:49+01:00 https://klezvirus.github.io/posts/Moonwalk-plus-plus/ klezVirus

TL;DR As detection strategies increasingly emphasize call stack telemetry and validation, adversaries are adapting with more sophisticated evasion techniques. Building on our prior work with Stack Moonwalk and the Eclipse detection algorithm, this research introduces a new “way” of leveraging moonwalking that extend beyond basic desynchronization. In this article, we’ll present a PoC to ext...

2025-07-31T17:30:00+02:00 2025-08-01T13:16:59+02:00 https://klezvirus.github.io/posts/Welcome/ klezVirus

Welcome! As of July 31, 2025, I’ve completely restyled this blog to make it more accessible, more readable, and hopefully more useful to anyone diving into the weird and wonderful corners of cybersecurity. I am Alessandro (aka klezVirus), and I’m a curious mind with a deep love for Windows internals, AI, and distributed systems. I’m not here to pretend I have all the answers — I’m still learn...

2022-12-08T20:00:00+01:00 2025-08-01T12:22:40+02:00 https://klezvirus.github.io/posts/Stackmoonwalk/ klezVirus

TL;DR With the evolution of cyber defence products, we’ve seen in the Red Teaming and Malware Development community a rise in advanced memory evasion techniques, which aim to bypass the detection of malicious code by concealing their presence while they reside in the memory of a target process. Among these techniques, we can find the so-called “Stack Spoofing”, which is a technique that allo...