Process injection is a technique used by attackers to inject malicious code into the memory space of a running process. Unlike process hollowing, which replaces the entire executable image of a process, process injection allows the attacker to run their payload within an existing process without altering its main execution flow. This technique is widely
AuthorLi_in
Understanding Process Hollowing
Process hollowing is a stealthy technique used in malware development where an attacker starts a legitimate process and then replaces its executable code with malicious code. This allows the attacker to run their payload while maintaining the illusion that a trusted application is running. To understand how this works, we need to look at how
EDR internals
Understand how an EDR is built with this wonderful illustration
Guide de bonnes pratiques pour un jeune chef de projet
Points de suivi d’équipe Ces points réguliers permettent de coordonner l’équipe, de s’assurer que tout le monde avance dans la bonne direction, et d’adapter les priorités si nécessaire. Objectifs Conseils Points techniques Ces entretiens personnalisés sont essentiels pour accompagner chaque membre ou sous unité de l’équipe dans ses défis techniques et sa montée en compétence.
Réponse à incident | Elements de language
Par rapport aux traces disponibles –> on a pas identifié d’activité malveillante ou en lien avec l’attaque
🤖 Volatility 2 – Windows | Cheatsheet
An amazing cheatsheet for volatility 2 that contains useful modules and commands for forensic analysis on Windows memory dumps.
Memory Analysis Training Samples
ZEUS Zeus, or Zbot, is a notorious banking Trojan first identified in 2007. Designed to steal sensitive data like banking credentials, it uses techniques such as keylogging, man-in-the-browser attacks, and traffic manipulation. Its modular architecture and a leaked source code in 2011 have led to numerous variants. Stuxnet Stuxnet is a computer worm discovered in