Demystifying the “SVCHOST.EXE” Process and Its Command Line Options
Understanding the “svchost.exe” process and its command line options
Windows 10 Services - batcmd.com
Per-user services in Windows 10 and Windows Server - Windows Application Management
Learn about per-user services, how to change the template service Startup Type, and manage per-user services through Group Policy and security templates.
Persisting in svchost.exe with a Service DLL
WTFBins
WTF, Bin?! This project aims to catalogue benign applications that exhibit suspicious behavior. These binaries can emit noise and false positives in threat hunting and automated detections. By cataloguing them here, the hope is to allow defenders to improve their detection rules and threat hunting queries.
WTFBins
WTF, Bin?! This project aims to catalogue benign applications that exhibit suspicious behavior. These binaries can emit noise and false positives in threat hunting and automated detections. By cataloguing them here, the hope is to allow defenders to improve their detection rules and threat hunting queries.
Hunting for GetSystem commands in offensive security tools
Here's how to hunt for GetSystem commands, which employ privilege escalation tactics to grant adversaries access to a victim’s SYSTEM account.
MOF-tastic tricks or how to use MOF and powershell together
An extension of the last post, Embedding Powershell into Office Documents , I will be demonstrating that by using Managed Object Formats (MOF) and Powershell, we can attempt a few tricks to leverag…
Beyond good ol’ Run key, Part 28
Beyond good ol’ Run key, Part 36
Beyond good ol’ Run key, Part 5
Hijacking DLLs in Windows
DLL Hijacking is a popular technique for executing malicious payloads. This post lists nearly 300 executables vulnerable to relative path DLL Hijacking on Windows 10 (1909), and shows how with a few lines of VBScript some of the DLL hijacks can be executed with elevated privileges, bypassing UAC.
DLL SideLoading Teams and OneDrive
Cyble Analyzes how Threat Actors are leveraging Microsoft applications and DLL Sideloading to deliver Cobalt Strike Beacons
Hijacking DLLs in Windows
DLL Hijacking is a popular technique for executing malicious payloads. This post lists nearly 300 executables vulnerable to relative path DLL Hijacking on Windows 10 (1909), and shows how with a few lines of VBScript some of the DLL hijacks can be executed with elevated privileges, bypassing UAC.