Open in app
Sign inGet started
Tagged in

Windbg

Comae Technologies
Comae Technologies
Do not be the last one to know about your own breach.
More information
Followers
2K
Elsewhere
More, on Medium
Go to the profile of Matt Suiche
Matt Suiche in Comae Technologies

YARA scans in WinDbg

Because InfoSec loves RegExes.

Andrey Bazhan, from Comae Technologies, just made a neat addition to SwishDbgExt which is the ability to use Yara rules to hunt process in memory via a new command called !ms_yarascan

Read more…
Go to the profile of Matt Suiche
Matt Suiche in Comae Technologies
Read more…
Go to the profile of Matt Suiche
Matt Suiche in Comae Technologies

Quick look at AtomBombing with WinDbg

Atom Bombing

Recently, a lot of noise has been made about “AtomBombing” (available on github) which was communicated as an “unfixable” method to inject memory into a process, and “undetectable” from anti-virus because they only do…

Read more…
1 response