-
First of all, thank you very much for this publication!
I couldn't resist playing around with it but I found some inconsistencies/issues/side-effects when using `CiValidateFileObject` against a cus…
-
© 2020 Dell Inc. or its subsidiaries. All Rights Reserved. Legal Notices | Privacy Statement
RSA Conference logo, RSA, Dell, EMC, Dell EMC and other trademarks are trademarks of Dell Inc. or its su…
-
For added security on untrusted or semi-trusted machines (like at the workplace or a family computer), do you guys think that encrypting the key list would be reasonable? Like AES-encrypting all data …
-
[tags]anti-malware,malware-analysis,malware-detection,memory-forensics,pe-sieve[/tags]
[short_descr]Scans processes to detect and dump potentially malicious implants.[/short_descr]
[link] https://git…
-
Playing with your $I30 parsing in MFTECMD.
From my understanding, would it be a stretch to add a full path or parent path column and provide the MFT like you have with the $J?
Also - since the tim…
-
1.this rootkit cannot make success on my centos7(3.10.0-862.el7.x86_64)
2.I recently tried to create HIDS,i consult some infomation(actually i am a rootkit rookie),I noticed that Linux audit is ver…
-
**The problem you're addressing (if any)**
Considerable information about the history of disposable VM usage, as well as some contents of data from inside disposable VM leaks into the filesystem of d…
-
@flowchartsman
Currently there is a logic issue that would ensure the user's freedom could be compromised. checkExe("shutdown") is executed in the shutdownNow() function. If shutdown is not execut…
-
At the moment one can't import or export private keys. I don't know how good idea is this in a deterministic wallet, but I think it would be okay after a warning that the seed won't contain the import…
-
```
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=537385
The "hash spec" reported in the luksDump output should be changeable
for an existing volume. After all, it should apply only to existing
sl…