Universal Plug and Play (UPnP) is a set of networking protocols that simplifies the process of connecting devices on a network. While its primary purpose is to streamline device discovery and communication, UPnP plays a significant role in enhancing the online gaming experience. This article delves into what UPnP is, how it works, and its Read More …
Tag: malware
AuKill EDR Post
Summary AuKill is a malicious software, often used by ransomware groups, designed to disable endpoint detection and response (EDR) security solutions on a system, essentially allowing attackers to bypass security measures before deploying ransomware by terminating EDR processes using a vulnerable, outdated driver like the Process Explorer driver from Sysinternals; effectively “killing” the EDR functionality. Key points about Read More …
Hook Chain EDR Kill
Summary Every binary loaded into WIndows, has a list of needed functions and processes in order for it to function properly. THink of a browser, it will use a Windows DLL to resolved the hostname to the IPv4 address and so forth. This Table can be hijacked, so instead of pointing to the appropriate function Read More …
Windows Stuff from GREM Exam
Here are some of the Windows API things that I have on older flashcards that I am adding to this site. Yes. flashcards. I used them to pass my GREM exam from SANS. GetAsychKeyState GetProcAddress Memory Registers EIP