In the last blog post, we learned about two common hooking methods (IRP Hooking and SSDT Hooking) and two different injection techniques from the kernel to the user mode for both shellcode and DLL (APC and CreateThread) with code snippets and examples from Nidhogg. In this blog post , we will write a simple driver that is capable of bypassing AMSI to demonstrate patching usermode memory from the k...