DFIR3 Investigating Windows File System Artifacts Under C:\Windows
The article explores forensic artifacts stored under the C:\Windows directory in Windows 10 and 11. It explains how system files and OS-generated…
DFIR3 The article explores forensic artifacts stored under the C:\Windows directory in Windows 10 and 11. It explains how system files and OS-generated…
APC5 The article analyzes the Windows kernel driver BEDaisy.sys, used by BattlEye anti-cheat. Through static reverse engineering, it explores driver architecture, APC usage,…
BitLocker The article explains the Bitpixie vulnerability in Windows Boot Manager that allows attackers to bypass BitLocker encryption. By abusing a PXE soft…
dump8 A analyze the TP-Link Tapo C200 camera firmware by dumping flash via UART and U-Boot, reversing AES-encrypted rootfs headers, and modifying the…
Encryption3 Researchers demonstrated that flash encryption on Espressif ESP32 chips can be broken using side-channel power analysis. By measuring power traces during AES…
Antivirus7 A technique leveraging Windows bind link features to redirect and loop parent folders (like Program Files/ProgramData) so an EDR sees attacker-controlled files…
buffer overflow9 Uses manual Return-Oriented Programming (ROP) to chain existing code fragments and call VirtualAlloc, changing memory permissions to bypass Windows DEP and then…
Debug2 A Windows elevation-of-privilege flaw in the Recall scheduled task let low-privileged users trigger it via WNF and abuse unsafe directory cleanup to…
BSoD9 CVE-2026-2636 Logic bug in Windows’ CLFS driver: calling ReadFile on a .blf log handle pushes CLFS.sys into an unrecoverable state and triggers…
ASM12 Article details exploiting a stack buffer overflow on an STM32H5. It demonstrates basic shellcode injection, then bypassing a non-executable stack (XN/MPU) using…
BitLocker2 SEC Consult found two high-impact vulnerabilities in CryptoPro Secure Disk for BitLocker (
BitLocker4 The article outlines security researcher Pierre-Nicolas Allard-Coutu’s demonstration of attacking a stolen Windows laptop using a PCIe connector to bypass protections like…
Debug6 The article explains how to set up Windows kernel debugging over a network using WinDBG and a host/target configuration. It covers enabling…
Bypassing3 The article explains enhancing RPC Proxy Injection to evade Elastic EDR telemetry by avoiding common API calls like WriteProcessMemory and CreateRemoteThread, using…
Bypassing2 The article “Living off the Process” details a technique to inject and execute shellcode into a remote Windows process by reusing existing…
Antivirus6 The article presents EDR-Freeze, a user-mode tool exploiting Windows Error Reporting to suspend EDR and antivirus processes by abusing MiniDumpWriteDump and WerFaultSecure,…
ASR5 Article demonstrates how lateral movement can still be achieved in a lab with Elastic EDR and Microsoft ASR enabled by modifying payload…