GhouLSec[Misc Series #4] Forensics on EDRSilencer EventsHere are some of the indicators that we can go for if the EDR telemetry data flow has been “blocked” due to any security events.5 min read·Jan 4, 2024----
GhouLSec[Mal Series #26] Quick Analysis on Maldoc in PDFQuick analysis on maldoc in PDF from JPCert blog. Some interesting artifcats were found in this case also.4 min read·Sep 1, 2023----
GhouLSec[Mal Series #25] The spawn of conhost.exePersonal findings on conhost.exe 0xffffffff -ForceV13 min read·May 30, 2023----
GhouLSec[Misc Series #3] Vuln ProcExp 16.32Analysis on how does the vulnerable version of ProcExp driver terminate a process.4 min read·May 11, 2023----
GhouLSec[Mal Series #24] Qakbot BB12 DLL Analysis 2023Qakbot BB12 analysis18 min read·Mar 5, 2023--1--1
GhouLSec[Misc Series #2] Debug trick with Image File Execution Options (IFEO)Debug file once it launched with Image File Execution Options (IFEO)2 min read·Jan 13, 2023----
GhouLSec[RedDev #5] Rundll32 COM Hijack executor in C++Simple explanation on how does the COM executed via rundll32 with switch -sta / -localserver6 min read·Dec 20, 2022----
GhouLSec[Vuln Series #1] CLFS Vulnerability AnalysisThe sample most probably related to CVE-2022-24521 which is related to CLFS parsing bug.6 min read·Nov 10, 2022----
GhouLSec[Mal Series #23] Malware Loader — BumblebeeSome of the function for the analyzed sample is similar with the one mentioned in SentinelOne blog. The difference might be additional…4 min read·Jun 4, 2022----
GhouLSec[CTF Series #12] Mini Linux Forensics — MUS22Digital forensic challenge by cyberdefenders.org4 min read·May 16, 2022----