Grzegorz TworekWindows object permissions as a backdoorAs the typical cyberattack kill chain follows the well-known schema, the response should follow it. This is also true in the “Local…Feb 27, 2021Feb 27, 2021
Grzegorz TworekPersistence with Windows ServicesWhen it comes to hacking, Windows Services are priceless due to couple of factors:Dec 9, 2019Dec 9, 2019
Grzegorz TworekCleaning NTFS artifacts with FSCTL_CLEAN_VOLUME_METADATABuilt-in, undocumented NTFS features allow you to cleanup forensic traces.Nov 2, 2019Nov 2, 2019
Grzegorz TworekGPO ForensicsGPO (Group Policy Object) is one of the most useful features of the Windows ecosystem. Simply saying, GPO allows an admin to create a set…Sep 28, 2019Sep 28, 2019
Grzegorz TworekUsing UEFI to inject executable files into BitLocker protected drivesInjecting a file into encrypted partition sounds tempting… And there is a way to do this!Sep 9, 2019Sep 9, 2019
Grzegorz TworekI’ve got the powerEnabling SeBackupPrivilege to make cmd.exe run on steroidsAug 13, 20191Aug 13, 20191
Grzegorz TworekBad parentingForensics value of parent-child process statisticsJul 11, 2019Jul 11, 2019