Unknown – Page 3 – WindowsTechs.com

Analyzing Ransomware

Posted on October 27, 2025 by Unknown

Not long ago, I ran across this LinkedIn post on analyzing a ransomware executable, which led to thisHexaStrike post. The HexaStrike post covers analyzing an AI-generated ransomware variant, which (to be honest) is not something I’m normally interested… Continue reading Analyzing Ransomware→

Ransomware artifacts

Posted on September 1, 2025 by Unknown

I recently read through this FalconFeeds article on Qilin ransomware; being in DFIR consulting for as long as I have, and given how may ransomware incidents I’ve responded to or dug into, articles with titles like this attract my attention. I do not pr… Continue reading Ransomware artifacts→

RegRipper

Posted on July 3, 2025 by Unknown

The awesome folks over at Cyber Triage recently published their 2025 Guide to Registry Forensic Tools, and being somewhat interested in the Windows Registry, I was very interested to take a look. The article is very well-written, and provides an excell… Continue reading RegRipper→

Hunting Fileless Malware

Posted on June 30, 2025 by Unknown

I ran across Manuel Arrieta’s Hunting Fileless Malware in the Windows Registry article recently, and found it to be an interesting read.Let me start by saying that the term “fileless malware”, for me, is like finger nails dragged down a chalkboard. Par… Continue reading Hunting Fileless Malware→

Program Execution, follow-up pt II

Posted on June 26, 2025 by Unknown

On the heels of my previous post on this topic, it occurred to me that this tendency to incorrectly refer to ShimCache and AmCache artifacts as “evidence of execution” strongly indicates that we’re also not validating program execution. That is to say,… Continue reading Program Execution, follow-up pt II→

I’ve Seen Things, pt II

Posted on June 25, 2025 by Unknown

As a follow-on to my previous post with this title, I wanted to keep the story going; in fact, there are likely to be several more posts in this series, so stay tuned.And hey, I’m not the only one sharing my journey! Check out Josh’s blog, particularly… Continue reading I’ve Seen Things, pt II→

Program Execution, follow-up

Posted on June 25, 2025 by Unknown

Last Nov, I published a blog post titled Program Execution: The ShimCache/AmCache Myth as a means of documenting, yet again and in one place, the meaning of the artifacts. I did this because I kept seeing the “…these artifacts illustrate p… Continue reading Program Execution, follow-up→

I’ve Seen Things

Posted on May 26, 2025 by Unknown

I like the movie “Blade Runner”. I’ve read Philip K. Dick’s “Do Androids Dream of Electric Sheep”, on which the movie is based. So what does this have to do with anything? Well, I’ve been around the industry for some time. I’ve added an… Continue reading I’ve Seen Things→

Know Your Tools

Posted on March 20, 2025 by Unknown

In 1998, I was in a role where I was leading teams on-site to conduct vulnerability assessments fororganizations. For the technical part of the assessments, we were using ISS’s Internet Scanner product, which was a commercial scanner. Several years pri… Continue reading Know Your Tools→

WMI

Posted on March 17, 2025 by Unknown

The folks over at CyberTriage recently shared a complete guide to WMI; it’s billed as a “complete guide to WMI malware”, and it covers a great deal more than just malware. They cover examples of discovery and enumeration, as well as execution, but what… Continue reading WMI→