KNOWLEDGE LIBRARY
Immerse yourself in cutting-edge Cybersecurity knowledge from industry-insiders. Access reliable research insights, practical-driven learning hub, and updates on the latest cybersecurity trends.
An in depth discussion with Uriel Kosayev on malware analysis, attacker mindset, EDR bypass techniques, and why thinking offensively is essential for modern defenders and TrainSec students.
An in depth discussion with Uriel Kosayev on malware analysis, attacker mindset, EDR bypass techniques, and why thinking offensively is essential for modern defenders and
In a recent panel of industry experts convened at the annual Data Centers & Cloud
In this video, I demonstrate how to perform a file scan using Windows AMSI directly
In this session, I wanted to show how AMSI works in practice and how we
AI is not good or bad, it’s a mirror. It reflects how we use it.
Learn how Windows sessions manage processes, desktops, clipboards, and security. Pavel Yosifovich explains Session 0,
When working with processes, we often want to understand what is going on inside them.
Stay ahead of the curve in the world of cybersecurity by joining TrainSec’s free Knowledge Library! As a member, you’ll get exclusive access to expert insights, the latest industry trends, and real-world tips you won’t find anywhere else. You’ll also be the first to hear about special discounts on cutting-edge training programs and get insider knowledge that helps you grow your skills and career.
Unlike most malware books, this one doesn’t stay clean, academic, or theoretical. MAoS is a
In this video we walk through how process trees are built in Windows, starting with
Windows Subsystem for Linux (WSL) first appeared in Windows 10 (Anniversary Update, 1607). It enables
Learn what kernel allocation tags are, how they help track Windows kernel memory, detect driver
We’ve all used the Recycle Bin. You delete a file, and it shows up there,
This blog is not here to give you a “step-by-step recipe.” It’s here to open
Starting with Windows Vista, Microsoft introduced protected processes—special executables the kernel shields from injection, memory
Debugging Windows at kernel level lets you watch every CPU instruction, intercept system calls, and
In just 25 minutes the walk-through shows you how Windows Management Instrumentation (WMI) reveals almost
In this video, Pavel walks through how to implement a basic keylogger in Windows using
There are a variety of threats in today’s cyber landscape, but one of the biggest
In this hands-on session, Pavel Yosifovich demonstrates how to launch a process under the SYSTEM
A practical and innovative approach to securing UART-based communication in OT networks—without replacing existing infrastructure.
WinDbg is a powerful and highly extensible debugger that is widely used for Windows development,
In this video, we dive deep into User Account Control (UAC) Virtualization—a feature introduced in
In this video, I’ll walk you through my methodology and insights gained when uncovering how
Dive into Pavel’s latest post exploring the Windows Blue Screen of Death—what triggers it, why
We’re excited to share the recorded workshop on Remote Thread Injection and EDR-based detection that
Unlock the power of RunDLL32! Learn how to execute DLL functions, invoke control panel dialogs,
Explore BlackByte ransomware: ProxyShell exploits, anti-debugging, and reverse engineering insights. Dive deep into this malware’s
Shell extensions are a powerful feature of the Windows shell that allow developers to extend
In this video, we dive into two powerful Windows API functions—CreateProcessAsUser and CreateProcessWithTokenW—that allow you
Remote Procedure Calls (RPC) are a fundamental mechanism in distributed computing, allowing functions to execute
The NTFS file system, widely used in Windows environments, is packed with fascinating features. Among
IDA (Interactive DisAssembler) is a professional reverse engineering tool used to analyze compiled software by
Hi, and welcome to this video on writing a Windows service. In the previous video,
The term “service” is commonly used in software, but here we’re discussing Windows services specifically.
We’re talking here about the Windows Performance Analyzer (WPA). The Windows Performance Toolkit can be
We’re excited to share a special occasion with you – Uriel Kosayev, one of our
In the video, I draw from my 15 years of experience to explain that recognizing
In this malware analysis video, we explore how MuddyWater, an Iranian APT group, utilizes legitimate
When I speak about Hardware Hacking and its crucial role in the safety of our
Some Windows kernel object types can have string-based names, which is one way such objects
Keyboard hooking using Image File Execution Options and pretending to be a debugger.
Ever wondered how many handles you can create in a process? Each process has its
Authors Uriel Kosayev — @MalFuzzer, Hai Vaknin — @VakninHai, Tamir Yehuda — @Tamirye94, Matan Bahar — @Bl4ckShad3 Prologue As red teamers, we are
A practical guide to building your first hardware hacking toolkit. From screwdrivers and wire cutters
Millions of machines around the world crashed a few days ago, showing the dreaded “Blue
Intel is a very well-known and large company that serves many personal computers and servers
MSI TrueColor utility comes as a pre-installed utility program on MSI gaming laptops that is
In Windows, every process is associated with a parent process, usually the one created it.
As Mac malware becomes more widespread and as detection mechanisms get more sophisticated, malware actors
There are many processes running on a typical Windows system – here are some of
A well-known features of Windows is the Image File Execution Options registry key located in
WslService is a deployed service on Windows machines with the WSL (Windows Subsystem for Linux)
Last month, we decided to enrich our knowledge by delving into research on a popular
