Abusing A Built-In Kernel-Level Shellcode Decoder In Windows

Posted on 2024-11-08: https://cirosec.de/en/news/abusing-microsoft-warbird-for-shellcode-execution/

To reiterate, Microsoft decided that it would be safer to offer a kernel-level API for the decryption and allocation of code, rather than allowing the process itself to decrypt its encrypted code, which should be enough to raise some eyebrows.

lol. good article. originally discovered via https://infosec.exchange/@fre/113441573649659211