Hexacorn

You are browsing the archive for Forensic Riddles.

Beyond good ol’ Run key, Part 74

March 26, 2018 in Anti-Forensics, Autostart (Persistence), Compromise Detection, Forensic Riddles, Incident Response

This is a very obscure persistence mechanism that affects VMWare Tools versions that utilize the vm3dum DLL (‘VMware SVGA 3D Usermode’): c:\Program Files\Common Files\VMware\Drivers\video_wddm\vm3dum.dll When loaded (which happens e.g. when […]

Comments Off on Beyond good ol’ Run key, Part 74

Reusigned Binaries – Living off the signed land, Part 2

January 5, 2018 in Anti-*, Anti-Forensics, Compromise Detection, EDR, Forensic Riddles, Incident Response, Living off the land, Reusigned Binaries

Signed binaries can be used to do a lot of funny, unexpected stuff – today I will cover a simple proxy execution technique that can be used as a possible […]

Comments Off on Reusigned Binaries – Living off the signed land, Part 2

You are browsing the archive for Forensic Riddles.

Beyond good ol’ Run key, Part 74

Reusigned Binaries – Living off the signed land, Part 2

View older posts

Categories