Guillaume Ross – WindowsTechs.com

Windows Registry & Osquery: The Easy Way to Ensure Users are Secured

Posted on January 24, 2019 by Guillaume Ross

The Windows registry is full of information, and with the proper tools, can be a gold mine for attackers and defenders alike. Attackers look to find specific configurations, credentials, or any information that can help them further attack systems… Continue reading Windows Registry & Osquery: The Easy Way to Ensure Users are Secured→

One Year Later: Ensuring Windows is Protected from Meltdown+Spectre

Posted on January 10, 2019 by Guillaume Ross

2018: The year of speculative execution bugs
A year ago, in January 2018, three hardware vulnerabilities known as Meltdown, Spectre Variant 1, and Spectre Variant 2 were disclosed to the public.
Although disclosure was supposed to occur on January… Continue reading One Year Later: Ensuring Windows is Protected from Meltdown+Spectre→

Hunting for Evil Launch Daemons – Identifying Suspicious Behavior with Osquery

Posted on December 18, 2018 by Guillaume Ross

Last week, Malwarebytes posted an article highlighting new malware discovered by John Lambert (Microsoft), Patrick Wardle (Objective-See and Digita Security) and Adam Thomas (Malwarebytes), and sure enough, persistence using launchd is still a com… Continue reading Hunting for Evil Launch Daemons – Identifying Suspicious Behavior with Osquery→

Vulnerabilities in SSD Encryption: Using osquery to Identify Vulnerable Windows Machines

Posted on November 12, 2018 by Guillaume Ross

Dark Reading and Forbes, among various other sources, have recently reported that Windows computers using the hardware encryption feature of many different types of solid-state drives (SSDs) are vulnerable to attacks that defeat it completely… Continue reading Vulnerabilities in SSD Encryption: Using osquery to Identify Vulnerable Windows Machines→