Latest posts

• Dumping LSA secrets, a story about task decoralation In this blogpost we'll see how task decorrelation can be abused to bypass EDR's detection mecanisms during internal assessments
  Jul 2, 2024 - 11 min read
• Guest vs Null session on Windows This article will present the differences between guest and null authentication on Windows and how to exploit them.
  Apr 18, 2024 - 6 min read
• From Windows drivers to a almost fully working EDR In this article we will see how Windows drivers work, how to create one and, in the end, we will develope a custom EDR that will rely on kernel callback functions, static analysis and API hooking.
  Jan 31, 2024 - 39 min read
• [FR] Conférence à LeHack23: Du driver Windows à l'EDR Rediffusion de la conférence du driver Windows à l'EDR.
  Jan 8, 2024 - 1 min read
• Protected Users, you thought you were safe uh? This article shows that the Protected Users protections do not apply correctly to the RID500 account of an Active Directory.
  Mar 28, 2023 - 7 min read

• 1
• 2