#WindowsInternals — Search

No JavaScript? That's cool, but you'll need to disable Turbo mode as it uses JavaScript in the client.

Just dropped a deep dive on reversing ICMLuaUtil and uncovering the lesser-known CallCustomActionDll path for elevated DLL execution. #ReverseEngineering #WindowsInternals #UACBypass

Hermes Tool @Hermes_tooll · 3d

From Zero to SYSTEM: Building PrintSpoofer from Scratch #PrintSpoofer #PrivilegeEscalation #WindowsInternals #MalwareDevelopment #EvasionTechniques bl4ckarch.github.io/posts/PrintSpo…

330

reverseame @reverseame · 3d

From Zero to SYSTEM: Building PrintSpoofer from Scratch #PrintSpoofer #PrivilegeEscalation #WindowsInternals #MalwareDevelopment #EvasionTechniques bl4ckarch.github.io/posts/PrintSpo…

1.6K

TechHackDaily @TechHackDaily_ · 4d

PROCESS HOLLOWING EXPLAINED Process hollowing lets malware hide inside a legitimate process. Understand each step to detect it in memory forensics. #MalwareAnalysis #ProcessHollowing #WindowsInternals #DFIR #ThreatHunting

reRoot @0x6970 · Mar 11

Windows API Arsenal — Updated 📚 256 APIs 🚥 Copy Signature 😮 31 Nt native APIs with syscall numbers 📌 Shareable links 🔍 Recent searches saved locally [Use Desktop for Optimal View] 👉 blog.fautl.com/api-list #ReverseEngineering #windowsinternals

3.5K

Adrián Díaz @s4dbrd · Mar 6

New post: deep dive into BEDaisy.sys, BattlEye’s kernel anti-cheat driver used in PUBG, R6 Siege, Escape from Tarkov, and more. WinDbg output + annotated IDA pseudocode included. s4dbrd.github.io/posts/reversin… #ReverseEngineering #WindowsInternals #AntiCheat

190

11K

Nikhil @Ox4d5a · Mar 4

Windows Internals Part7: Exploring IO Stack Location youtu.be/phGoHc_KuqM #infosec #cybersecurity #windowsinternals

1.3K

Nikhil @Ox4d5a · Mar 4

Windows Internals Part6: Exploring IO Request Packet IRP youtu.be/QK-79WFmpmI #infosec #cybersecurity #windowsinternals

989

Nikhil @Ox4d5a · Mar 4

Windows Internals Part5: Exploring DEVICE_OBJECT youtu.be/peYYfa7d0Zc #infosec #cybersecurity #windowsinternals

3.1K

Nikhil @Ox4d5a · Mar 4

Windows Internals Part4: Create & Close Dispatch Routines youtu.be/tWphAhOVZjU #infosec #cybersecurity #windowsinternals

1.4K

Nikhil @Ox4d5a · Mar 4

Windows Internals Part3: Creating Device Objects & Symbolic Links youtu.be/Ku550js2jQc #infosec #cybersecurity #windowsinternals

3.2K

Nikhil @Ox4d5a · Mar 4

Windows Internals Part2: Exploring DRIVER_OBJECT structure youtu.be/qbKV6UK5QCI #infosec #cybersecurity #windowsinternals

2.7K

ugo @anenejoshua2 · Mar 1

Replying to @anenejoshua2

these are the 5 keys to the city: Computer Management (compmgmt): The Master Dashboard. It’s where you schedule automated tasks, check the "security tapes" (Event Viewer), and manage your hard drive partitions. #WindowsInternals #ITSupport #SystemsAdministration #CareerGrowth

flux @0xfluxsec · Feb 19

Sharing for those who haven’t seen this announcement! Should be a great stream with the legend @zodiacon! EDR internals and Rust, say no more, take my money!! youtube.com/live/HtyQZBLzK… #cyber #blueteam #windowsinternals #redteam #cybersecurity #infosec #winternals

6.5K

Exploit Pack @Exploit_Pack · Feb 15

If you're interested in Windows kernel exploitation, there is a new technical post live on our blog exploitpack.com/blogs/news/byp… #WindowsInternals #KernelExploitation #CyberSecurity #VBS #HVCI #ReverseEngineering #ExploitDevelopment #MalwareAnalysis #RedTeam #WindowsKernel #InfoSec

387

GHOST.OF.UCHIHA @MarvelMatrix1 · Feb 13

Replying to @MarvelMatrix1

Enumeration is not just a red team technique It’s a defensive necessity. Knowing what “normal” looks like is the foundation of detecting abnormal behavior. Before using advanced tools, master the built-in ones. #CyberSecurity #WindowsInternals #BlueTeam #RedTeam #EthicalHacking

Shlomi Boutnaru @boutnaru · Feb 2

Ever wonder who’s actually behind that "Are you sure?" screen that pops up when you try to install something? Meet "consent.exe", the gatekeeper of your Windows administrative privileges. medium.com/@boutnaru/the-… #WindowsInternals #Security #UAC #TechDeepDive #DFIR

The Windows Process Journey — “consent.exe” (Consent UI for Administrative Applications)

“consent.exe” is the “Consent UI for Administrative Applications” which is called as part of a UAC (User Account Control) flow…

From medium.com

399

Shlomi Boutnaru @boutnaru · Jan 30

Meet the master architect of Windows sessions: smss.exe 🏗️ From initializing environment variables to launching CSRSS and Winlogon, it’s the first user-mode process to join the party. 🔗 medium.com/@boutnaru/the-… #WindowsInternals #Security #OSArchitecture #DFIR #Forensics

The Windows Process Journey — smss.exe (Session Manager Subsystem)

“smss.exe” is the first user-mode process which is executed from %SystemRoot%\System32\smss.exe and it’s part of Windows since Windows NT…

From medium.com

DbgMan ^_^ @0XDbgMan · Jan 30

- Downgrading ci.dll and exploiting Windows Update (as demonstrated in a DEFCON session) - Bypassing DES - Bypassing Elastic and ETW-TI using a C2 - bypass EDR , MDE , win def #Maldev #ExploitDevelopment #WindowsInternals #DEFCON #EDR #BYOVD #evasion #ReverseEngineer #Redteam

609