🤖 TL;DR If you save over a file by accident on Windows, and you had System Protection or backups enabled, VSS probably created a shadow copy — a hidden snapshot of your file from earlier. ShadowExplorer gives you an easy, GUI-based way to browse and export those previous versions. No time machine needed 🤗! The
AuthorLi_in
Understanding Process Injection
Process injection is a technique used by attackers to inject malicious code into the memory space of a running process. Unlike process hollowing, which replaces the entire executable image of a process, process injection allows the attacker to run their payload within an existing process without altering its main execution flow. This technique is widely
Understanding Process Hollowing
Process hollowing is a stealthy technique used in malware development where an attacker starts a legitimate process and then replaces its executable code with malicious code. This allows the attacker to run their payload while maintaining the illusion that a trusted application is running. To understand how this works, we need to look at how
EDR internals
Understand how an EDR is built with this wonderful illustration
Guide de bonnes pratiques pour un jeune chef de projet
Points de suivi d’équipe Ces points réguliers permettent de coordonner l’équipe, de s’assurer que tout le monde avance dans la bonne direction, et d’adapter les priorités si nécessaire. Objectifs Conseils Points techniques Ces entretiens personnalisés sont essentiels pour accompagner chaque membre ou sous unité de l’équipe dans ses défis techniques et sa montée en compétence.
Réponse à incident | Elements de language
Par rapport aux traces disponibles –> on a pas identifié d’activité malveillante ou en lien avec l’attaque
