Heap spray blocked by EDR
Assuming the application is vulnerable would a process crash if it was a subject for a heap spray attack and the attack is blocked by the EDR?
Collaborate Disseminate
Assuming the application is vulnerable would a process crash if it was a subject for a heap spray attack and the attack is blocked by the EDR?
Many enterprises run service on production servers as SYSTEM without considering the risk that might arise from this configuration, what is the biggest risk associated with it? and how would attackers exploit this kind of configuration?
… Continue reading What is the main risk of allowing services to logon as NT AUTHORITY\SYSTEM?
I noticed that the same malware will export CreateProcessInternalW from kernel32.dll in Windows 7 and KernelBase.dll in Windows 10. Why is it exporting the same function from different DLLs?
I woke up to a creepy Windows event where the Server B used the Computer account$ of Server A to log on to Server B (itself).
The logon type is 2 and the destination process is of course “lsass.exe”
Why would a computer acc… Continue reading Windows Failed Logon Type 2 by A Remote Computer Account!