Posts in category Windows Security

SX 4th Meetup – Defeating publi...

SX 4th Meetup – Defeating public exploit protections (EMET v5.2 and more)

In this awesome presentation, Raghav Pande explained the concept of public protections and showed how public exploit mitigation toolkits are not enough to protect from a targeted attack as well as how easy it is to evade all public protections.   Presentation:    

SX 4th Meetup – Exposing the se...

SX 4th Meetup – Exposing the secrets of Windows credential provider

In this awesome presentation, Subrat Sarkar explained the concepts of Windows logon mechanism, Windows Logon architecture, Windows credential provider and showed how an attacker can take advantage of credential provider to steal Windows password in plain text and how to find and mitigate this issue.   Presentation:    

PE File Overview

PE File Overview

PE stand for Portable Executable that is native file format for Win32. Portable Executable file format is universal across all win32 platform. All Win32 executables like Control Panel Applets (.CPL ), 32bit DLLs, COM files, .NET executables and also NT’s kernel mode drivers. Note that VxDs(virtual device drivers)  and 16 bit DLLs not use PE […]

Shellshock- the Destroyer

Shellshock- the Destroyer

Shellshock – the latest vulnerability that was disclosed on 24 September 2014. Shellshock is also known as BASH Bug or Bashdoor. Firstly the original bug discovered by Stéphane Chazelas on 12 September 2014 and suggested the name “bashdoor” to it. Common Vulnerabilities and Exposures (CVE) identifier assigned to it is CVE-2014-6271. This bug exploit worldwide […]

Session 4 – Assembly Programming Basi...

Session 4 – Assembly Programming Basics

When we analyse malwares we don’t have the source code. So in order to understand their logics we have to debug binaries (i.e. compiled form of source code like .exe, .dll etc.). In debugging we need to understand assembly of the program to build a high level logic. In short without assembly language you can’t […]

Session 3 – Windows PE File Format Ba...

Session 3 – Windows PE File Format Basics

This session is one of the most important session of the entire course. PE file format is the windows executable file format and a very good understanding of it will allow you to understand more advanced concepts of packers, loaders etc. Check the reference section for additional papers and books.  

Session 2 – Introduction to Windows I...

Session 2 – Introduction to Windows Internals

This presentation will cover some must have things about windows internals. This session is very important so carefully read all the slides and reference links.