From Windows drivers to a almost fully working EDR
In this article we will see how Windows drivers work, how to create one and, in the end, we will develope a custom EDR that will rely on kernel callback functions, static analysis and API hooking.
Jan 31, 2024
-
39 min read
Protected Users, you thought you were safe uh?
This article shows that the Protected Users protections do not apply correctly to the RID500 account of an Active Directory.
Mar 28, 2023
-
7 min read