GhouLSec – Medium

GhouLSec

[Misc Series #6] Windbg Remote Debugging

How to debug user-mode code with Windbg using remote debugging.

Sep 15, 2024

[Misc Series #6] Windbg Remote Debugging

Sep 15, 2024

[Misc Series #5] How Windows CMD and PowerShell Execute a File?

This blog will note down some mechanism that Windows implemented to select an application to open a file.

May 22, 2024

[Misc Series #5] How Windows CMD and PowerShell Execute a File?

May 22, 2024

[Misc Series #4] Forensics on EDRSilencer Events

Here are some of the indicators that we can go for if the EDR telemetry data flow has been “blocked” due to any security events.

Jan 4, 2024

[Misc Series #4] Forensics on EDRSilencer Events

Jan 4, 2024

[Mal Series #26] Quick Analysis on Maldoc in PDF

Quick analysis on maldoc in PDF from JPCert blog. Some interesting artifcats were found in this case also.

Sep 1, 2023

[Mal Series #26] Quick Analysis on Maldoc in PDF

Sep 1, 2023

[Mal Series #25] The spawn of conhost.exe

Personal findings on conhost.exe 0xffffffff -ForceV1

May 30, 2023

May 30, 2023

[Misc Series #3] Vuln ProcExp 16.32

Analysis on how does the vulnerable version of ProcExp driver terminate a process.

May 11, 2023

[Misc Series #3] Vuln ProcExp 16.32

May 11, 2023

[Mal Series #24] Qakbot BB12 DLL Analysis 2023

Qakbot BB12 analysis

Mar 5, 2023

[Mal Series #24] Qakbot BB12 DLL Analysis 2023

Mar 5, 2023

[Misc Series #2] Debug trick with Image File Execution Options (IFEO)

Debug file once it launched with Image File Execution Options (IFEO)

Jan 13, 2023

[Misc Series #2] Debug trick with Image File Execution Options (IFEO)

Jan 13, 2023

[RedDev #5] Rundll32 COM Hijack executor in C++

Simple explanation on how does the COM executed via rundll32 with switch -sta / -localserver

Dec 20, 2022

[RedDev #5] Rundll32 COM Hijack executor in C++

Dec 20, 2022

[Vuln Series #1] CLFS Vulnerability Analysis

The sample most probably related to CVE-2022-24521 which is related to CLFS parsing bug.

Nov 10, 2022

[Vuln Series #1] CLFS Vulnerability Analysis

Nov 10, 2022

GhouLSec

GhouLSec

Typical memes addict🐒from Malaysia. GitHub: https://github.com/ghoulgy 🍕Support my work: https://www.buymeacoffee.com/GhoulSec

Following

Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams