Time(less) LAPS: Securing persistent anonymous access to local administrator passwords
The
The
RecoveryMode mechanism in Windows LAPS allows local administrator passwords to be decrypted using remote ‘decryptors’. #windows_internals
#windows_security
#reverse_engineering
#reversing
@ZwLowLevel
HackMag
Time(less) LAPS: Securing persistent anonymous access to local administrator passwords
Tech magazine for cybersecurity specialists
Golden Byte
Time(less) LAPS: Securing persistent anonymous access to local administrator passwords The RecoveryMode mechanism in Windows LAPS allows local administrator passwords to be decrypted using remote ‘decryptors’. #windows_internals #windows_security #rev…
Docs
Windows LAPS overview
Get an overview of Windows Local Administrator Password Solution (Windows LAPS), including key scenarios and setup and management options.
Low Level CO 🇨🇴 pinned «Time(less) LAPS: Securing persistent anonymous access to local administrator passwords The RecoveryMode mechanism in Windows LAPS allows local administrator passwords to be decrypted using remote ‘decryptors’. #windows_internals #windows_security #rev…»
JavaScript, MSBuild, and the Blockchain: Anatomy of the NeoShadow npm Supply-Chain Attack
#malware_analysis
@ZwLowLevel
www.aikido.dev
NeoShadow npm Supply-Chain Attack: JavaScript, MSBuild & Blockchain
A deep technical analysis of the NeoShadow npm supply-chain attack, detailing how JavaScript, MSBuild, and blockchain techniques were combined to compromise developers.
Fibratus
Adversary tradecraft detection, protection, and hunting
Adversary tradecraft detection, protection, and hunting
#cyber_threat_intelligence
#cti
#malware_analysis
@ZwLowLevel
Forwarded from Proxy Bar
Hi everyone! Does anyone know how to get the image base address from a remote process without using NtQueryInformationProcess? If you know, please let me know. Thanks in advance.
Amadey Malware: A Comparative Study of Static Detection vs Memory-Based Detection
#malware_analysis
@ZwLowLevel
Code Before Breach
Amadey Malware: A Comparative Study of Static Detection vs Memory-Based Detection
Using Amadey as a case study, this post compares static signature detection and memory-based detection through structure, evasion difficulty, and YARA usage.
Injecting DLLs in Rust: A Hands-On Guide to Classic Remote Thread Injection
#malware_development
#malwaredev
#maldev
@ZwLowLevel
Medium
Injecting DLLs in Rust: A Hands-On Guide to Classic Remote Thread Injection
DLL injection is a well-known Windows technique that allows one process to load a dynamic-link library (DLL) into another process’s address…
Malicious NPM Packages Deliver NodeCordRAT
#malware_analysis
#cyber_threat_intelligence
#cti
@ZwLowLevel
Zscaler
Malicious NPM Packages Deliver NodeCordRAT | ThreatLabz
ThreatLabz identified malicious NPM packages that deliver NodeCordRAT, which performs credential theft and steals cryptocurrency wallet data.
Low Level CO 🇨🇴 pinned «PatchGuard Peekaboo: Hiding Processes on Systems with PatchGuard in 2026 #windows_internals #windows_kernel #reverse_engineering #reversing @ZwLowLevel »
Tutorial: DLL Sideloading and function proxying with ShellcodePack
#malware_development
#maldev
#malwatedev
@ZwLowLevel
Medium
Tutorial: DLL Sideloading and function proxying with ShellcodePack
DLL sideloading is a technique that allows an attacker to have a legitimate signed application run some malicious code on Windows. It work…
Debugging WinDbg with WinDbg: Fixing a Ctrl-C UI Freeze
https://www.island.io/blog/debugging-windbg-with-windbg-fixing-a-ctrl-c-ui-freeze
https://www.island.io/blog/debugging-windbg-with-windbg-fixing-a-ctrl-c-ui-freeze
#reversing
#reverse_engineering
@ZwLowLevel
Island.io
Fixing the Windows Debugger freeze when copying text
Follow an Island engineer’s deep dive into fixing a years-old Windows Debugger issue - the few-second freeze when copying text from WinDbg.
Clang Hardening Cheat Sheet - Ten Years Later
https://blog.quarkslab.com/clang-hardening-cheat-sheet-ten-years-later.html
https://blog.quarkslab.com/clang-hardening-cheat-sheet-ten-years-later.html
#programming
#overrun
#rop
#memory_protection
@ZwLowLevel
Quarkslab
Clang Hardening Cheat Sheet - Ten Years Later - Quarkslab's blog
Ten years ago, we published a Clang Hardening Cheat Sheet. Since then, both the threat landscape and the Clang toolchain have evolved significantly. This blog post presents the new mitigations available in Clang to improve the security of your applications.