GhouLSec – Medium

GhouLSec

[Misc Series #6] Windbg Remote Debugging

How to debug user-mode code with Windbg using remote debugging.

Sep 15

[Misc Series #6] Windbg Remote Debugging

Sep 15

[Misc Series #5] How Windows CMD and PowerShell Execute a File?

This blog will note down some mechanism that Windows implemented to select an application to open a file.

May 22

[Misc Series #5] How Windows CMD and PowerShell Execute a File?

May 22

[Misc Series #4] Forensics on EDRSilencer Events

Here are some of the indicators that we can go for if the EDR telemetry data flow has been “blocked” due to any security events.

Jan 4

[Misc Series #4] Forensics on EDRSilencer Events

Jan 4

[Mal Series #26] Quick Analysis on Maldoc in PDF

Quick analysis on maldoc in PDF from JPCert blog. Some interesting artifcats were found in this case also.

Sep 1, 2023

[Mal Series #26] Quick Analysis on Maldoc in PDF

Sep 1, 2023

[Mal Series #25] The spawn of conhost.exe

Personal findings on conhost.exe 0xffffffff -ForceV1

May 30, 2023

May 30, 2023

[Misc Series #3] Vuln ProcExp 16.32

Analysis on how does the vulnerable version of ProcExp driver terminate a process.

May 11, 2023

[Misc Series #3] Vuln ProcExp 16.32

May 11, 2023

[Mal Series #24] Qakbot BB12 DLL Analysis 2023

Qakbot BB12 analysis

Mar 5, 2023

[Mal Series #24] Qakbot BB12 DLL Analysis 2023

Mar 5, 2023

[Misc Series #2] Debug trick with Image File Execution Options (IFEO)

Debug file once it launched with Image File Execution Options (IFEO)

Jan 13, 2023

[Misc Series #2] Debug trick with Image File Execution Options (IFEO)

Jan 13, 2023

[RedDev #5] Rundll32 COM Hijack executor in C++

Simple explanation on how does the COM executed via rundll32 with switch -sta / -localserver

Dec 20, 2022

[RedDev #5] Rundll32 COM Hijack executor in C++

Dec 20, 2022

[Vuln Series #1] CLFS Vulnerability Analysis

The sample most probably related to CVE-2022-24521 which is related to CLFS parsing bug.

Nov 10, 2022

[Vuln Series #1] CLFS Vulnerability Analysis

Nov 10, 2022

GhouLSec

GhouLSec

Typical memes addict🐒from Malaysia. GitHub: https://github.com/ghoulgy 🍕Support my work: https://www.buymeacoffee.com/GhoulSec

Following

Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams