Nowadays it’s very common for threats to use rootkit techniques to hide malicious files on computer hard drive, but it’s not so common to hide actual payload in the Windows Registry and use malicious file as only a loader. The following sample has evolved a bit since we first saw this kind of thing but […]
Many of my security tools are DLLs. If you want to use these tools inside a 64-bit process, you’re stuck, because you can’t use 32-bit DLLs inside a 64-bit process (and vice versa).LoadDLLViaAppInit is a tool I released to load DLLs inside selected processes. If you want to use this 32-bit version of LoadDLLViaAppInit on […]
A Teensy dropper presents itself as a keyboard (HID) to a PC and this is how it can be used to drop files even if you don’t allow removable drives. You can prevent the installation of new HIDs, but this is an issue when you need to replace keyboards or mice. Irongeek has a good […]
Latest Comments