Limpid.Security – WindowsTechs.com

Heap spray blocked by EDR

Posted on July 27, 2018 by Limpid.Security

Assuming the application is vulnerable would a process crash if it was a subject for a heap spray attack and the attack is blocked by the EDR?

Continue reading Heap spray blocked by EDR→

What is the main risk of allowing services to logon as NT AUTHORITY\SYSTEM?

Posted on March 8, 2018 by Limpid.Security

Many enterprises run service on production servers as SYSTEM without considering the risk that might arise from this configuration, what is the biggest risk associated with it? and how would attackers exploit this kind of configuration?

… Continue reading What is the main risk of allowing services to logon as NT AUTHORITY\SYSTEM?→

Kernel32.dll , Kernelbase.dll and Malware

Posted on February 26, 2018 by Limpid.Security

I noticed that the same malware will export CreateProcessInternalW from kernel32.dll in Windows 7 and KernelBase.dll in Windows 10. Why is it exporting the same function from different DLLs?

Continue reading Kernel32.dll , Kernelbase.dll and Malware→

Windows Failed Logon Type 2 by A Remote Computer Account!

Posted on February 17, 2018 by Limpid.Security

I woke up to a creepy Windows event where the Server B used the Computer account$ of Server A to log on to Server B (itself).

The logon type is 2 and the destination process is of course “lsass.exe”

Why would a computer acc… Continue reading Windows Failed Logon Type 2 by A Remote Computer Account!→