Philip TsukermaninCybereasonActivation Contexts — A Love StoryTL;DR — Windows loads a version of the Microsoft.Windows.SystemCompatible assembly manifest into every process. Tampering with it lets you…Dec 2, 2019Dec 2, 2019
Philip TsukermaninPhilip TsukermanActivation Contexts — A Love StoryTL;DR — Windows loads a version of the Microsoft.Windows.SystemCompatible assembly manifest into every process. Tampering with it lets you…Oct 18, 20191Oct 18, 20191
Philip TsukermanBypassing the Microsoft-Windows-Threat-Intelligence Kernel APC Injection SensorUsing APCs (Asynchronous Procedure Calls) as a method to inject user-mode code into processes from the Windows kernel is hardly a new…Sep 23, 20192Sep 23, 20192
