GhouLSec[Misc Series #6] Windbg Remote DebuggingHow to debug user-mode code with Windbg using remote debugging.Sep 15Sep 15
GhouLSec[Misc Series #5] How Windows CMD and PowerShell Execute a File?This blog will note down some mechanism that Windows implemented to select an application to open a file.May 22May 22
GhouLSec[Misc Series #4] Forensics on EDRSilencer EventsHere are some of the indicators that we can go for if the EDR telemetry data flow has been “blocked” due to any security events.Jan 4Jan 4
GhouLSec[Mal Series #26] Quick Analysis on Maldoc in PDFQuick analysis on maldoc in PDF from JPCert blog. Some interesting artifcats were found in this case also.Sep 1, 2023Sep 1, 2023
GhouLSec[Mal Series #25] The spawn of conhost.exePersonal findings on conhost.exe 0xffffffff -ForceV1May 30, 2023May 30, 2023
GhouLSec[Misc Series #3] Vuln ProcExp 16.32Analysis on how does the vulnerable version of ProcExp driver terminate a process.May 11, 2023May 11, 2023
GhouLSec[Misc Series #2] Debug trick with Image File Execution Options (IFEO)Debug file once it launched with Image File Execution Options (IFEO)Jan 13, 2023Jan 13, 2023
GhouLSec[RedDev #5] Rundll32 COM Hijack executor in C++Simple explanation on how does the COM executed via rundll32 with switch -sta / -localserverDec 20, 2022Dec 20, 2022
GhouLSec[Vuln Series #1] CLFS Vulnerability AnalysisThe sample most probably related to CVE-2022-24521 which is related to CLFS parsing bug.Nov 10, 2022Nov 10, 2022