Windows Architecture A processor inside a machine running the Windows operating system can operate under two different modes: User mode and kernel mode. Applications run in user mode, and operating...

Introduction Security solutions use several techniques to detect malicious software. It’s important for one to understand what techniques security solutions use to detect or classify software as be...

Exploit common misconfigurations on Jenkins, a widely used automation server. Jenkins is utilized during DevOps integration and continuous development pipelines. It allows developers to automat...

export IP=10.10.6.167 Inital Scan nmap -sC -sV -vvv -T5 $IP Discovered open port 80/tcp on 10.10.6.167 Discovered open port 139/tcp on 10.10.6.167 Discovered open port 445/tcp on 10.10.6.167 ...

Introduction When referencing the Windows documentation for a structure, one may encounter several reserved members within the structure. These reserved members are often presented as arrays of BY...

Introduction Process enumeration can be used alongside process injection, to identify a target process and perform injection by utilising CreateToolHelp32Snapshot. We can perform process enumerati...

Kryptina Ransomware-as-a-Service (RaaS) Kryptina is a Ransomware-as-a-Service (RaaS) that was identified in December 2024, designed to target Linux systems. The ransomware was observed in undergro...

Exploring Process Enumeration with NtQuerySystemInformation Understanding how to enumerate processes in a system is crucial. One method to achieve this is through the use of NtQuerySystemInformati...

Exploring Thread Hijacking: Local Thread Enumeration Thread hijacking is one of the most used techniques in malware development that permits code execution in an existing running thread. Conventio...

Thread Hijacking: Local Thread Creation Introduction Thread Execution Hijacking is a covert method that enables a payload to run without initiating a new thread. This technique involves pausing a...