Grzegorz TworekWindows object permissions as a backdoorAs the typical cyberattack kill chain follows the well-known schema, the response should follow it. This is also true in the “Local…8 min read·Feb 27, 2021----
Grzegorz TworekPersistence with Windows ServicesWhen it comes to hacking, Windows Services are priceless due to couple of factors:11 min read·Dec 9, 2019----
Grzegorz TworekCleaning NTFS artifacts with FSCTL_CLEAN_VOLUME_METADATABuilt-in, undocumented NTFS features allow you to cleanup forensic traces.3 min read·Nov 2, 2019----
Grzegorz TworekGPO ForensicsGPO (Group Policy Object) is one of the most useful features of the Windows ecosystem. Simply saying, GPO allows an admin to create a set…4 min read·Sep 28, 2019----
Grzegorz TworekUsing UEFI to inject executable files into BitLocker protected drivesInjecting a file into encrypted partition sounds tempting… And there is a way to do this!3 min read·Sep 9, 2019----
Grzegorz TworekI’ve got the powerEnabling SeBackupPrivilege to make cmd.exe run on steroids3 min read·Aug 13, 2019--1--1
Grzegorz TworekBad parentingForensics value of parent-child process statistics5 min read·Jul 11, 2019----