https://noahheraud.com/A blog by Noah Heraud 2026-03-13T19:13:29+01:00 Noah Heraud https://noahheraud.com/ Jekyll © 2026 Noah Heraud /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png 2026-02-24T19:00:00+01:00 2026-03-10T11:02:31+01:00 https://noahheraud.com/posts/ClrDeOxide/ Noah Heraud

→ PoC-ClrDeOxide + clroxide fork The problem with “standard” execute-assembly The classic approach, used by most C2s to this day, is AppDomain.Load(byte[]). In COM vtable terms, this is Load_3. Simple, effective, and… yet fully instrumented by AMSI. When you call Load_3, AMSI gets a direct look at your assembly bytes before CLR even touches them. Any AMSI provider (Defender, third-party ED...

2025-11-12T11:56:03+01:00 2025-11-12T11:56:03+01:00 https://noahheraud.com/posts/Maldev-Series-3-Payload-Obfuscation/ Noah Heraud

Hello, this is the third episode of the Maldev Series and today we’re gonna talk about payload obfuscation. So we’ve gained a fundamental understanding of payload encryption. Obfuscation is another “tool” we can use to stay unpredictable. The obfuscation can be used to reduce the entropy of an encrypted payload to avoid detection. I’m gonna cover that at the end of this article. Some of thes...

2025-10-24T10:30:11+02:00 2025-10-24T10:40:54+02:00 https://noahheraud.com/posts/Zephyr-Prolab-Again-Not-a-Review-HackTheBox/ Noah Heraud

Introduction After completing Dante, I jumped straight into Zephyr, the final prolab needed for my CPTS certification. This prolab was intense and definitely stepped up the difficulty from Dante. Flex time So many reviews I won’t provide a detailed review, plenty of others already did that. This is a challenging Active Directory-focused lab with realistic enterprise scenarios. Perfect fo...

2025-10-22T12:36:03+02:00 2025-10-22T16:12:09+02:00 https://noahheraud.com/posts/LAIN-BREAKCORE-A-Tale-of-Firmware-Emulation-and-Wasted-Hours/ Noah Heraud

A Note on ECW and Fair Play I need to address something that left a bitter taste after this competition. While the technical challenges at ECW were interesting and well-designed, I was extremely disappointed to discover that several participants engaged in flag hoarding, despite this being explicitly prohibited in the competition rules. This behavior is not just unsportsmanlike. It fundamenta...

2025-10-01T12:56:03+02:00 2025-11-12T23:52:01+01:00 https://noahheraud.com/posts/Maldev-Series-2-Bypass-Defender/ Noah Heraud

Hello guys, this is the episode 2 of the maldev series. Today we are evading Windows Defender, already. Why starting at the middle? In this episode I will assume that you read the first one. So if it’s not the case, go read it, right now! Let’s evade Maybe you think you need to know many things, bypass IAT, doing indirect syscall in order to bypass Defender? You are far from the reality,...