KNOWLEDGE LIBRARY
Immerse yourself in cutting-edge Cybersecurity knowledge from industry-insiders. Access reliable research insights, practical-driven learning hub, and updates on the latest cybersecurity trends.
Learn how to use the Windows Application Verifier infrastructure to inject a DLL and hook APIs. Covers IFEO, RTL_VERIFIER_PROVIDER_DESCRIPTOR, DllMain reason code 4, and a working VirtualAlloc hook in C++.
Learn how to use the Windows Application Verifier infrastructure to inject a DLL and hook APIs. Covers IFEO, RTL_VERIFIER_PROVIDER_DESCRIPTOR, DllMain reason code 4, and a
Pavel Yosifovich explains Windows logon sessions: what they hold, why tokens exist as separate objects,
Uriel Kosayev dissects a WannaCry dropper: garbage-byte anti-analysis tricks, nested drops, and the encrypted ZIP
Pavel Yosifovich walks through the full Visual Studio workflow for embedding custom binary resources in
Pavel Yosifovich shows how Windows PE custom resources work — and how Process Explorer bundles
Learn how NTFS and registry transactions work in Windows using CreateTransaction, CreateFileTransacted, and the Kernel
Learn how to programmatically create, load, and modify Windows .lnk shortcut files using the IShellLink
Stay ahead of the curve in the world of cybersecurity by joining TrainSec’s free Knowledge Library! As a member, you’ll get exclusive access to expert insights, the latest industry trends, and real-world tips you won’t find anywhere else. You’ll also be the first to hear about special discounts on cutting-edge training programs and get insider knowledge that helps you grow your skills and career.
Cybersecurity is often seen as a high-paying field, and in many cases, that reputation is
Learn how the COM class moniker and CoGetObject work: registry lookup, MkParseDisplayName, and IMoniker::BindToObject —
Launch Linux processes from a Windows application using the WslLaunch API. Pavel walks through the
Amichai Yifrach (Th3_H1tchH1ker) dissects two NVIDIA Jetson Orin Secure Boot vulnerabilities (CVE-2026-24154 and CVE-2026-24153) and
A lot of people are drawn to malware analysis because it sounds advanced, technical, and
If you want to become a Malware Analyst, the biggest mistake is trying to jump
Learn how to use TdhGetEventInformation and TdhFormatProperty in C++ to decode ETW event names, keywords,
Learn how to consume real-time ETW events in C++ using Win32 APIs. Pavel walks through
Windows uses linked lists everywhere, but not in the usual “next/previous inside the object” style.
Control Panel is still supported, which means you can still build your own applets. This
In a previous post we hid a Windows service using a UI tool. This post
A Windows service can be running normally and still disappear from Services.msc and sc query.
Rust is safe by default, but Windows system programming still means calling Win32 APIs, dealing
Join Pavel Yosifovich for a live 4 hour masterclass on researching Windows using WinDbg. Learn
Thread-Local Storage (TLS) lets each thread keep its own data without sharing state across the
Access masks are the 32-bit “what you can do” values stored in handles and ACE
How to Delete a File in Windows (and What “Delete” Really Means)
Process hollowing is usually described as creating a process in a suspended state, removing its
An in depth discussion with Uriel Kosayev on malware analysis, attacker mindset, EDR bypass techniques,
In a recent panel of industry experts convened at the annual Data Centers & Cloud
In this video, I demonstrate how to perform a file scan using Windows AMSI directly
In this session, I wanted to show how AMSI works in practice and how we
AI is not good or bad, it’s a mirror. It reflects how we use it.
Learn how Windows sessions manage processes, desktops, clipboards, and security. Pavel Yosifovich explains Session 0,
When working with processes, we often want to understand what is going on inside them.
Unlike most malware books, this one doesn’t stay clean, academic, or theoretical. MAoS is a
In this video we walk through how process trees are built in Windows, starting with
Windows Subsystem for Linux (WSL) first appeared in Windows 10 (Anniversary Update, 1607). It enables
Learn what kernel allocation tags are, how they help track Windows kernel memory, detect driver
We’ve all used the Recycle Bin. You delete a file, and it shows up there,
This blog is not here to give you a “step-by-step recipe.” It’s here to open
Starting with Windows Vista, Microsoft introduced protected processes—special executables the kernel shields from injection, memory
Debugging Windows at kernel level lets you watch every CPU instruction, intercept system calls, and
In just 25 minutes the walk-through shows you how Windows Management Instrumentation (WMI) reveals almost
In this video, Pavel walks through how to implement a basic keylogger in Windows using
There are a variety of threats in today’s cyber landscape, but one of the biggest
In this hands-on session, Pavel Yosifovich demonstrates how to launch a process under the SYSTEM
A practical and innovative approach to securing UART-based communication in OT networks—without replacing existing infrastructure.
WinDbg is a powerful and highly extensible debugger that is widely used for Windows development,
In this video, we dive deep into User Account Control (UAC) Virtualization—a feature introduced in
In this video, I’ll walk you through my methodology and insights gained when uncovering how
Dive into Pavel’s latest post exploring the Windows Blue Screen of Death—what triggers it, why
We’re excited to share the recorded workshop on Remote Thread Injection and EDR-based detection that
Unlock the power of RunDLL32! Learn how to execute DLL functions, invoke control panel dialogs,
Explore BlackByte ransomware: ProxyShell exploits, anti-debugging, and reverse engineering insights. Dive deep into this malware’s
Shell extensions are a powerful feature of the Windows shell that allow developers to extend
In this video, we dive into two powerful Windows API functions—CreateProcessAsUser and CreateProcessWithTokenW—that allow you
Remote Procedure Calls (RPC) are a fundamental mechanism in distributed computing, allowing functions to execute
The NTFS file system, widely used in Windows environments, is packed with fascinating features. Among
IDA (Interactive DisAssembler) is a professional reverse engineering tool used to analyze compiled software by
Hi, and welcome to this video on writing a Windows service. In the previous video,
The term “service” is commonly used in software, but here we’re discussing Windows services specifically.
We’re talking here about the Windows Performance Analyzer (WPA). The Windows Performance Toolkit can be
Celebrate Uriel Kosayev’s Birthday with crazy price cuts!
In the video, I draw from my 15 years of experience to explain that recognizing
In this malware analysis video, we explore how MuddyWater, an Iranian APT group, utilizes legitimate
When I speak about Hardware Hacking and its crucial role in the safety of our
Some Windows kernel object types can have string-based names, which is one way such objects
Keyboard hooking using Image File Execution Options and pretending to be a debugger.
Ever wondered how many handles you can create in a process? Each process has its
A practical guide to building your first hardware hacking toolkit. From screwdrivers and wire cutters
CrowdStrike and the Formidable BSOD
Intel is a very well-known and large company that serves many personal computers and servers
MSI TrueColor utility comes as a pre-installed utility program on MSI gaming laptops that is
As Mac malware becomes more widespread and as detection mechanisms get more sophisticated, malware actors
There are many processes running on a typical Windows system – here are some of
A well-known features of Windows is the Image File Execution Options registry key located in
WslService is a deployed service on Windows machines with the WSL (Windows Subsystem for Linux)
Last month, we decided to enrich our knowledge by delving into research on a popular
