Introduction Webshells, a deceptively simple yet powerful tool in the hands of cyber adversaries, pose a critical threat to web servers and the data they hold. These malicious scripts infiltrate vulnerable web applications, providing unauthorised remote access to attackers. In this technical blog, we will explore the inner workings of common webshells such as PHP-based […]
I bought myself a server to expand my development as the war between gaming and personal development was finally over and you guess it, games won. Instead of simply copying from virtual machines over, I decided to build my lab again from the ground up using new tools and endpoints. This blog will be split […]
Introduction Process injection is a common tactic employed by malicious actors to inject code into a legitimate process, allowing them to evade detection and execute their malicious payloads. In this blog, we will delve into the top 10 Windows process injection techniques used by adversaries. For each technique, we will provide C++ code demonstrating the […]
Introduction In the relentless battlefield of cybersecurity, malicious adversaries often resort to advanced techniques to evade detection. One such insidious strategy involves hiding within Windows memory, where they can maintain stealth and perpetrate their malevolent activities undetected. In this blog, we will delve into the realm of memory forensics and explore how cyber security analysts […]
IntroductionIn the realm of computer forensics, detecting and investigating malicious activities is a paramount challenge. Event Tracing for Windows (ETW) serves as a powerful arsenal for digital investigators, allowing them to log crucial events and unravel suspicious behaviors. In this blog, we will explore how to utilize Logman, a command-line tool for managing ETW sessions, […]
Introduction In the ever-evolving landscape of cyber threats, adversaries continuously hone their tactics to infiltrate and exploit vulnerable systems. Among these advanced threats lurks “ScareCrow,” a stealthy and highly sophisticated malware that targets corporate networks and critical infrastructure. Unlike conventional malware, ScareCrow deploys sophisticated evasion techniques, making it a formidable adversary for even the most […]