Operational Security (OPSEC) Basic Guide for Windows Users
I. Introduction This is one in a series of my articles on the configuration operations and how to use Windows to keep your computer and…
Category: Zerosalarium
OPSEC Basic: Virtualization Technology
I. Introduction This time, I will introduce the use of virtualization technology to mitigate potential threat models when using suspicious software and tools. By…
OPSEC Basic Awareness. Blend into the background
I. Introduction Typically, how do you choose your Username and set your PC name? Some people use their real names, while others opt for a…
Look before you leap: PE File Digital Signature
I. Introduction When using a computer with the Windows operating system, downloading and running executable files occurs frequently. But how can you be sure that…
LOLBIN / LOLBAS – WinGet execute PowerShell script
I. Introduction In this article, I will provide a brief overview of the Windows Package Manager – WinGet. Following that, I will demonstrate how to…
Simple way to Turn Off / Disable Windows Defender
I. Introduction I will guide you through two methods on how to stop Defender that I have tested and successfully worked with the latest…
Silver Bullet for High Processor Usage Issues
I. Introduction Is your computer as hot as a frying pan full of boiling oil due to high CPU consumption issues? Have you searched the…
BYOVD to the next level. Blind EDR with Windows Symbolic Link
I. INTRODUCTION In this article, I will introduce you to a completely new method of exploiting the BYOVD technique. I have discovered that by using…
Path masquerading: Hide in plain sight
I. INTRODUCTION With low privileges as a normal user, how will you fly under the radar of Endpoint Detection and Response (EDR)? EDR evasion techniques…
Out of sight, out of mind with Windows Long File Names
I. INTRODUCTION One of the very important issues that red teamers and pentester always have to consider is how to keep their payloads low profile.…
Windows Process Command Line Spoofing Through Symbolic Link
I. INTRODUCTION Endpoint Detection & Response (EDR) systems often use the ProcessParameters field of the Process Environment Block (PEB) to retrieve information about the path…
Countering EDRs With The Backing Of Protected Process Light (PPL)
I. INTRO Important or sensitive processes of modern Windows operating systems are now protected by the Protected Process Light (PPL) feature. You might be…