Abusing Accessibility Features as a persistence mechanism.
Malicious LNK files.
Some notes on finding malicious Scheduled Tasks.
I was writing some PowerShell scripts to scan disks for certain types of malware and realized that Get-ChildItem was kind of slow. I googled around and found this site which demonstrated using robocopy.exe and dir as faster alternatives to Get-ChildItem. Here were the results I had searching for LNK files on my disk using both …
All about cron persistence
REVIEW: RED TEAM Operator: Windows Evasion Course by SEKTOR7 Institute.
Quick and dirty example of process enumeration using CreateToolhelp32Snapshot
Find malware running from temporary directories using procfs.
Find masquerading processes using procfs.
Using procfs For Forensics and Incident Response.
A quick overview of triage data acquisition in the context of attack/defend CTFs.
Accessing Alternate Data Streams on VMDK Images on Linux.