WinDiff - Browse and compare exports, debug symbols and debug types of PEs between Windows versions. WinDiff is a streamlined revamp of ntdiff, wired directly to Winbindex to fetch Windows updates and PEs automatically. App: windiff.vercel.app Repo: github.com/ergrelet/windi…

Ransomware Tracker ransomware.live/#/recentvictims

Event Tracing for Windows (ETW) is crucial for modern EDR solutions. But what do you really know about its internal workings? Dive into ETW to discover useful attack targets and forensic information. blog.trailofbits.com/2023/11/22/etw…

Unmasking the Dark Art of Vectored Exception Handling: Bypassing XDR and EDR in the Evolving CyberThreat Landscape - Donato Onofri reddit.com/r/netsec/comme…

Excellent series on Sliver C2 framework usage and internals Credits Alessandro Iandoli Part 1: security.humanativaspa.it/customizing-sl… Part 2: security.humanativaspa.it/customizing-sl… Part 3: security.humanativaspa.it/customizing-sl… #cybersecurity #secops

Do you want to install WinDBG on Windows Server 2022 using a PowerShell code snippet you can just paste into a terminal and press enter? I've got you covered, and it can even launch WinDBG once it is done! Grab Install-WinDbg.ps1 now: gist.github.com/awakecoding/43…

I try an avoid this hellsite, but I did a quick dive into sudo in Windows and here are my initial findings. tiraniddo.dev/2024/02/sudo-o… The main take away is, writing Rust won't save you from logical bugs :)

New blog post is up, unveiling malware behavior trends (TTPs) from a dataset of more than 100K malware samples using Elastic behavior detections (mapped to MITRE) and ES|QL for the analysis. elastic.co/security-labs/… samples gist.github.com/Samirbous/eebe…

first chapter of two, stay tuned 🤠 sillywa.re/posts/flower-d…

My new blog post for Hunt & Hackett is out! 🥳 It describes how it's possible to create a novel forensic tool that can reconstruct (malicious) executables on Windows without relying on collecting files or parsing attacker-controlled process memory. huntandhackett.com/blog/reconstru…

I rarely rank my own sessions but I have to say this must be one of my alltime favorites❤️ #zerotrust #disobey #minecraft #tailscale youtu.be/CAX5ymw_PWo?si…

I published a step by step guide on using Windows event logs to hunt for malware trying to steal sensitive data from browsers e.g. cookies, passwords etc. security.googleblog.com/2024/04/detect… #DFIR Hope it's useful!

Without further ado - here is EtwInspector! This is a C++ tool to help users interact with ETW providers. This tool supports the enumeration of providers, their events, and capture events. github.com/jsecurity101/E…

#Microsoft says on their new blog article: "most people run as full admin on their devices"!!! This is maybe #1 #Windows security problem. Do your daily tasks as a normal user and use a separate admin account only when really needed! microsoft.com/en-us/security…

process-cloning : The Definitive Guide To Process Cloning on Windows : github.com/huntandhackett…

New blog post by sigma core team member Thomas Patzke Introducing the long awaited feature Sigma correlations. blog.sigmahq.io/introducing-si…

A good read! - ProcessInjectionTechniques offensive-panda.github.io/ProcessInjecti…

Microsoft's Threat-Intelligence ETW provider now supports events to identify token impersonation attacks. I wrote a blog on these events and how Microsoft is surfacing them: jsecurity101.medium.com/behind-the-mas…

Thread Execution Hijacking is one of the well-known methods that can be used to run implanted code. In this blog we introduce a new injection method, that is based on this classic technique, but much stealthier - Waiting Thread Hijacking. Read More : research.checkpoint.com/2025/waiting-t…

I taught Copilot to analyze Windows Crash Dumps - it's amazing. svnscha.de/posts/ai-meets…