Reverse engineering 2 July 2021 Remote debugging windows kernel driver(without symbols) using windbg In this post we are going to learn few tips and tricks to debug a Windows kernel driver without symbols in windbg.
Windows OS 5 August 2020 Fixing DLL exports for DLL hijacking(DLL proxy) In this post we will discuss ways to export functions from your dll for dll hijacking. Exporting functions | Dll Proxy
Featured Windows OS 31 July 2020 Mitigate and Detect Local Privilege Escalation cause due to Symbolic Links In this post we will discuss ways to mitigate symbolic links based Local privilege escalation exploits. We are also going to develop our own protection against these attacks.
Tutorial 10 June 2020 Developing and Installing your first Kernel driver in Windows 10(under 10 min) Windows kernel development is painful to follow after lots of changes in driver handling by windows. In this article I will help you with developing and installing your driver in less than 10 minutes in windows 10.
Exploit Development 28 April 2020 Breaking Antivirus: Arbitrary file deletion using Symbolic link A newly discovered symbolic link attack in many antivirus can cause arbitrary file deletion. In this blog, we will be discussing how to create the exploit and mitigate it.
Featured Exploit Development 16 April 2020 Understanding and Exploiting Symbolic links in Windows - Symlink Attack EOP Symbolic link can be abused to cause elevation of privilege or arbitrary write/delete. In this article we are going to understand symlink and will learn how to exploit/abuse them.
Malware 26 December 2019 Malware analysis interview questions with detailed answers (Part 4) In this part we will discuss advance as well as miscellaneous questions for malware analysis interview. Even if you are already an experienced researcher, still these questions can be helpful for learning some new stuff.
Malware 18 September 2018 Malware analysis interview questions with detailed answers (Part 3) Here are few more important questions with detailed answers for malware analysis interview. Topic covers in this part is Dynamic analysis, static analysis and debugging.
Featured Exploit Development 7 September 2018 Exploiting buffer overflow in Windows application through TextBox using only Alphanumeric payload Lets look at how to exploit seh based buffer overflow in WIndows GUI application that have input restrictions of supporting only ascii characters as input.
Malware 6 August 2018 Malware analysis interview questions with detailed answers (Part 2) Here are few more important questions with detailed answers for malware analysis interview. Topic covers in this part is OS concepts, Programming, Assembly language and Dynamic analysis.
Malware 3 August 2018 Malware analysis interview questions with detailed answers (Part 1) Here is a series of important questions with detailed answers for malware analysis interviews. These question can be helpful for both candidates and interviewers.
Featured Malware 5 July 2018 Deep dive into Tofsee spambot(Win32:Tofsee-J) malware dropper-2 In this part we will do the static analysis of dropper of tofsee .Tofsee is a spambot categorie of malware used to send spam messages, click fraud to different smtp mail server.
Malware 3 July 2018 Deep dive into Tofsee spambot(Win32:Tofsee-J) malware dropper-1 Tofsee is a spambot categorie of malware used to send spam messages, click fraud to different smtp mail server. In this part we will do the dynamic analysis of dropper of tofsee.
Featured Rootkits 13 June 2018 Understanding Windows DKOM(Direct Kernel Object Manipulation) techniques(Part 1-EPROCESS) Windows uses different Objects structures for different purposes like io-management, process management etc. These structures are vulnerable to different attacks which we will going to discuss in this series.