The article shows how insecure Windows Named Pipes can enable interception or MITM-style abuse, and presents a Frida-based tool to hook, inspect, modify, and inject pipe traffic across several I/O models.
Windows Defender ACL Blocking: A Silent Technique With Serious Impact
The article analyzes a technique that disables Microsoft Defender by modifying file ACLs to block security services from accessing critical system DLLs. This silent method prevents Defender from starting without triggering obvious alerts.
Looking into Windows Access Masks
Access masks are 32-bit permission values defining what operations a handle or security descriptor allows. The article breaks down standard, specific, and generic rights, explains ACE usage, and shows how Windows enforces access checks internally.