Source Byte

This blog post covers a brief overview of Processes, Threads, Fibers, Jobs and their components on Windows and how the Windows API can be used to work with them.

479 views‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌$ᴘ3ᴅʏʟ1, edited 15:00

Source Byte

Offensive Windows IPC Internals 3: ALPC

https://csandker.io/2022/05/24/Offensive-Windows-IPC-3-ALPC.html

#windows_internals , #ALPC

631 viewsAnastasia 🐞, edited 15:06

Source Byte

Debugging and Reversing ALPC

https://csandker.io/2022/05/29/Debugging-And-Reversing-ALPC.html

#windows_internals , #reversing , #debugging , #ALPC

553 viewsAnastasia 🐞, 15:08

Source Byte

Exploring malicious Windows drivers (Part 1): Introduction to the kernel and drivers

https://blog.talosintelligence.com/exploring-malicious-windows-drivers-part-1-introduction-to-the-kernel-and-drivers/

#malware_dev , #windows_internals
———
@islemolecule_source

👍2

703 viewsAnastasia 🐞, edited 15:47

Source Byte

A universal EDR bypass built in Windows 10

While studying internals of a mechanism used by all EDR software to get information about processes activities on Windows, we came across a way for malicious processes to disable the generation of some security events related to process interactions. This technique could be used to evade EDR software while performing malicious operations such as process memory dumping, code injection or process hollowing.

https://www.riskinsight-wavestone.com/en/2023/10/a-universal-edr-bypass-built-in-windows-10/

#EDR , #windows_internals

1.58K viewsAnastasia 🐞, 04:54

About

Blog

Apps

Platform