Windows
Uncovering RPC Servers through Windows API Analysis
IntroHave you ever tried to reverse a simple Win32 API? If not, let’s look at one together today! This article serves as a hand-holding walkthrough and documents in detail how I analyzed ...
Patch Tuesday, October 2023 Edition
Microsoft today issued security updates for more than 100 newly-discovered vulnerabilities in its Windows operating system and related software, including four flaws that are already being exploited. In addition, Apple recently released ...
ZenRAT Targets Windows Users with Fake Bitwarden Site
Hackers are using a bogus download page for Bitwarden’s password manager solution to target Windows users with a new remote access trojan (RAT) that’s designed to steal credentials and a range of ...
Shadow Wizard Registry Gang: Structured Registry Querying
Why Do We Need New Tooling for Registry Collection?The Windows registry, an intricate database storing settings for both the operating system and the applications that run on it, is a treasure trove ...
Introducing Windows Notification Facility’s (WNF) Code Integrity
By Yarden Shafir, Senior Security Engineer WNF (Windows Notification Facility) is an undocumented notification mechanism that allows communication inside processes, between processes, or between user mode processes and kernel drivers. Similar to ...
Exploring Impersonation through the Named Pipe Filesystem Driver
IntroductionImpersonation happens often natively in Windows, however, adversaries also use it to run code in the context of another user. Recently I was researching named pipe impersonation which naturally led me digging ...
Rust in Windows — it’s Official — Safe and Fast
40-year-old code: Starting with ancient, vulnerable legacy, Redmond team is rewriting chunks in the trendy secure language ...
Hacks at Pwn2Own Vancouver 2023
An impressive array of hacks were demonstrated at the first day of the Pwn2Own conference in Vancouver: On the first day of Pwn2Own Vancouver 2023, security researchers successfully demoed Tesla Model 3, ...
The Defender’s Guide to Windows Services
It’s dangerous to find malicious services alone! Take this!Authors: Luke Paine & Jonathan JohnsonIntroductionThis is the second installment of the Defender’s Guide series. In keeping with the theme, we are discussing Windows Services, the ...
Mitigating the North Korean Cybersecurity Threat
Cybersecurity firm Kaspersky recently published an analysis that detailed how a North Korean threat actor, which it called the BlueNoroff group, is stealing cryptocurrency by bypassing the “Mark of the Web” flag ...