Windows object permissions as a backdoorAs the typical cyberattack kill chain follows the well-known schema, the response should follow it. This is also true in the “Local…Feb 27, 2021Feb 27, 2021
Persistence with Windows ServicesWhen it comes to hacking, Windows Services are priceless due to couple of factors:Dec 9, 2019Dec 9, 2019
Cleaning NTFS artifacts with FSCTL_CLEAN_VOLUME_METADATABuilt-in, undocumented NTFS features allow you to cleanup forensic traces.Nov 2, 2019Nov 2, 2019
GPO ForensicsGPO (Group Policy Object) is one of the most useful features of the Windows ecosystem. Simply saying, GPO allows an admin to create a set…Sep 28, 2019Sep 28, 2019
Using UEFI to inject executable files into BitLocker protected drivesInjecting a file into encrypted partition sounds tempting… And there is a way to do this!Sep 9, 2019Sep 9, 2019
I’ve got the powerEnabling SeBackupPrivilege to make cmd.exe run on steroidsAug 13, 20191Aug 13, 20191
