KNOWLEDGE LIBRARY
Immerse yourself in cutting-edge Cybersecurity knowledge from industry-insiders. Access reliable research insights, practical-driven learning hub, and updates on the latest cybersecurity trends.
In this video, I demonstrate how to perform a file scan using Windows AMSI directly from C#.
I walk through importing AMSI functions from Amsi.dll with P/Invoke, enabling PreserveSig = false for automatic exception handling, mapping a file into memory, and passing an unsafe pointer to AmsiScanBuffer.
In this video, I demonstrate how to perform a file scan using Windows AMSI directly from C#.
I walk through importing AMSI functions from
Takes you from a “generic” C programmer to a master Windows programmer in user mode and kernel mode.
Provides the necessary knowledge, understanding, and tools to be a successful Windows OS researcher.
In this session, I wanted to show how AMSI works in practice and how we
AI is not good or bad, it’s a mirror. It reflects how we use it.
Learn how Windows sessions manage processes, desktops, clipboards, and security. Pavel Yosifovich explains Session 0,
When working with processes, we often want to understand what is going on inside them.
Unlike most malware books, this one doesn’t stay clean, academic, or theoretical. MAoS is a
In this video we walk through how process trees are built in Windows, starting with
Stay ahead of the curve in the world of cybersecurity by joining TrainSec’s free Knowledge Library! As a member, you’ll get exclusive access to expert insights, the latest industry trends, and real-world tips you won’t find anywhere else. You’ll also be the first to hear about special discounts on cutting-edge training programs and get insider knowledge that helps you grow your skills and career.
Windows Subsystem for Linux (WSL) first appeared in Windows 10 (Anniversary Update, 1607). It enables
Learn what kernel allocation tags are, how they help track Windows kernel memory, detect driver
We’ve all used the Recycle Bin. You delete a file, and it shows up there,
This blog is not here to give you a “step-by-step recipe.” It’s here to open
Starting with Windows Vista, Microsoft introduced protected processes—special executables the kernel shields from injection, memory
Debugging Windows at kernel level lets you watch every CPU instruction, intercept system calls, and
In just 25 minutes the walk-through shows you how Windows Management Instrumentation (WMI) reveals almost
In this video, Pavel walks through how to implement a basic keylogger in Windows using
There are a variety of threats in today’s cyber landscape, but one of the biggest
In this hands-on session, Pavel Yosifovich demonstrates how to launch a process under the SYSTEM
A practical and innovative approach to securing UART-based communication in OT networks—without replacing existing infrastructure.
Note: This blog post is designed to complement the accompanying video embedded at the top
In this video, we dive deep into User Account Control (UAC) Virtualization—a feature introduced in
In this video, I’ll walk you through my methodology and insights gained when uncovering how
Dive into Pavel’s latest post exploring the Windows Blue Screen of Death—what triggers it, why
We’re excited to share the recorded workshop on Remote Thread Injection and EDR-based detection that
Unlock the power of RunDLL32! Learn how to execute DLL functions, invoke control panel dialogs,
Explore BlackByte ransomware: ProxyShell exploits, anti-debugging, and reverse engineering insights. Dive deep into this malware’s
Shell extensions are a powerful feature of the Windows shell that allow developers to extend
In this video, we dive into two powerful Windows API functions—CreateProcessAsUser and CreateProcessWithTokenW—that allow you
Remote Procedure Calls (RPC) are a fundamental mechanism in distributed computing, allowing functions to execute
Note: This blog post is designed to complement the accompanying video embedded at the top
In this video, I’ll show you how to debug a DLL file with an IDA
Introduction: Writing a Windows Service Hi, and welcome to this video on writing a Windows
Welcome to this video about Windows Services. In this video, we’ll cover the basics of
Hi, and welcome to this video about an introduction to the Windows Performance Analyzer. We’re
We’re excited to share a special occasion with you – Uriel Kosayev, one of our
In the video, I draw from my 15 years of experience to explain that recognizing
In this malware analysis video, we explore how MuddyWater, an Iranian APT group, utilizes legitimate
When I speak about Hardware Hacking and its crucial role in the safety of our
Some Windows kernel object types can have string-based names, which is one way such objects
Keyboard hooking using Image File Execution Options and pretending to be a debugger.
Ever wondered how many handles you can create in a process? Each process has its
Authors Uriel Kosayev — @MalFuzzer, Hai Vaknin — @VakninHai, Tamir Yehuda — @Tamirye94, Matan Bahar — @Bl4ckShad3 Prologue As red teamers, we are
A practical guide to building your first hardware hacking toolkit. From screwdrivers and wire cutters
Millions of machines around the world crashed a few days ago, showing the dreaded “Blue
By Uriel Kosayev (@MalFuzzer) Introduction Intel is a very well-known and large company that serves many
(CVE-2020-8842) Introduction MSI TrueColor utility comes as a pre-installed utility program on MSI gaming laptops
In Windows, every process is associated with a parent process, usually the one created it.
As Mac malware becomes more widespread and as detection mechanisms get more sophisticated, malware actors
There are many processes running on a typical Windows system – here are some of
A well-known features of Windows is the Image File Execution Options registry key located in
Microsoft WslService Unquoted Service Path By Uriel Kosayev Introduction WslService is a deployed service on
Last month, we decided to enrich our knowledge by delving into research on a popular
