In this article we will delve into a technique used by malware to spoof the arguments sent to a process. EDRs use the command line to detect some malicious parameters and raise alerts, so being abl...

PPID Spoofing Parent Process ID Spoofing is a obfuscation technique used to modify the PPID of a process and tampering the relationship between two processes. Security tools often look for abn...

Early Bird Injection (APC Injection) Asynchronous Procedure Calls (APC) Injection is an alternative to inject code without having to create another thread. What is an APC From Microsoft docume...

Process Injection: Process Hollowing In this post we are going to study another process injection sub-technique called Process Hollowing. If you have a clear understanding of the structure of a PE...

Reflected DLL Injection In my last post, I explained what was a DLL and how attackers can inject malicious Dlls in the context of other processes and make them execute the malicious code. Howeve...

PE file format My next objective is to explore how DLL and Reflective DLL injections work. However, before getting there, it is important to take a step back and understand what a PE file is and h...

Process Injection is a technique (T1005 in the MITRE ATT&CK framework) used by attackers to execute arbitrary code in the address space of another process. With this technique, they can gain ...

KERBEROS: From 0 to Hero Kerberos is not only the three headed dog that protect the hell entrance, but also an authentication protocol that uses secret-key cryptography to allow time-limited tic...

DevOping 5: AWS This is not intended to be a guide. I’m sure that everything explained here can be done in a better/easier/more efficient way. Here, I will explain the whole learning process an...

Devoping 4: Docker This is not intended to be a guide. I’m sure that everything explained here can be done in a better/easier/more efficient way. Here, I will explain the whole learning process...