Posts

• Apr 20, 2023

  The Definitive Guide to Process Cloning on Windows

• Sep 15, 2022

  Bypassing FileBlockExecutable in Sysmon 14.0: A Lesson In Analyzing Assumptions

• Aug 10, 2022

  Concealed Code Execution, Part 3: Detection.

• Aug 10, 2022

  Concealed Code Execution, Part 2: Code Injection.

• Aug 10, 2022

  Concealed Code Execution, Part 1: Process Tampering.

• May 23, 2021

  Comparing, Discussing, and Bypassing Techniques for Suspending Processes.

• Feb 26, 2021

  Intercepting Program Startup on Windows and Trying to Not Mess Things Up.

• Jan 28, 2020

  How to Make Any Process Work With Transactional NTFS: My First Step to Writing a Sandbox for Windows.

subscribe via RSS