KNOWLEDGE LIBRARY

Gain Insider Knowledge for Free: Subscribe to Updates From the TrainSec Knowledge Library

Immerse yourself in cutting-edge Cybersecurity knowledge from industry-insiders. Access reliable research insights, practical-driven learning hub, and updates on the latest cybersecurity trends.

Inside the Windows Recycle Bin – What Really Happens When You Delete a File?

Pavel Yosifovich August 13, 2025

We’ve all used the Recycle Bin. You delete a file, and it shows up there, waiting to be restored—or permanently removed. But what really happens under the hood when you press Delete?

In this article, I’ll take you through the technical details I covered in my video, following the same investigative process I used to uncover the Recycle Bin’s inner workings.

Dive in

Inside the Windows Recycle Bin – What Really Happens When You Delete a File?

Pavel Yosifovich August 13, 2025

We’ve all used the Recycle Bin. You delete a file, and it shows up there, waiting to be restored—or permanently removed. But what really happens

Windows Master Developer

Takes you from a “generic” C programmer to a master Windows programmer in user mode and kernel mode.

Windows Internals Master

Broadens and deepens your understanding of the inner workings of Windows.

Hardware Hacking Expert

Transform yourself from a novice to a seasoned hardware hacking expert.

Windows Security Researcher

Provides the necessary knowledge, understanding, and tools to be a successful Windows OS researcher.

Two Sides of The Same Coin – From Dissected Malware to EDR Evasion

Uriel Kosayev August 10, 2025

This blog is not here to give you a “step-by-step recipe.” It’s here to open

Protected Processes & PPL: keeping Windows’ heart safe

Pavel Yosifovich August 7, 2025

Starting with Windows Vista, Microsoft introduced protected processes—special executables the kernel shields from injection, memory

Kernel Debugging Windows VMs – A Practical Walk-Through

Pavel Yosifovich July 31, 2025

Debugging Windows at kernel level lets you watch every CPU instruction, intercept system calls, and

Introduction to Windows Management Instrumentation (WMI)

Pavel Yosifovich July 20, 2025

In just 25 minutes the walk-through shows you how Windows Management Instrumentation (WMI) reveals almost

Writing a Simple Key Logger

Pavel Yosifovich June 2, 2025

In this video, Pavel walks through how to implement a basic keylogger in Windows using

Can Document Files Be Trusted?

Uriel Kosayev June 2, 2025

There are a variety of threats in today’s cyber landscape, but one of the biggest

Not ready to commit to a learning pathway?

Stay ahead of the curve in the world of cybersecurity by joining TrainSec’s free Knowledge Library! As a member, you’ll get exclusive access to expert insights, the latest industry trends, and real-world tips you won’t find anywhere else. You’ll also be the first to hear about special discounts on cutting-edge training programs and get insider knowledge that helps you grow your skills and career.

Running an Executable as SYSTEM: Unlocking Windows Privilege Escalation Techniques

Pavel Yosifovich April 17, 2025

In this hands-on session, Pavel Yosifovich demonstrates how to launch a process under the SYSTEM

Reinventing UART Security: Leveraging the Parity Bit for Robust Protection in OT Networks

Amichai Yifrach April 1, 2025

A practical and innovative approach to securing UART-based communication in OT networks—without replacing existing infrastructure.

Writing a WinDbg Extension: Streamline Your Debugging Workflow

Pavel Yosifovich March 17, 2025

Note: This blog post is designed to complement the accompanying video embedded at the top

Understanding UAC Virtualization: A Security Mechanism for Legacy Applications

Pavel Yosifovich March 17, 2025

In this video, we dive deep into User Account Control (UAC) Virtualization—a feature introduced in

Reverse Engineering ARM based Mirai Botnet

Uriel Kosayev February 17, 2025

In this video, I’ll walk you through my methodology and insights gained when uncovering how

Windows Insider Green Screen of Death showing a frowny face and crash information.

Exploring the Blue Screen of Death: A Practical Deep Dive

Pavel Yosifovich February 17, 2025

Dive into Pavel’s latest post exploring the Windows Blue Screen of Death—what triggers it, why

Green Professional Technology Webinar Twitter Post

Live Workshop: Attack and Defense: Remote Thread Injection and Detection (Recorded)

Uriel Kosayev January 28, 2025

We’re excited to share the recorded workshop on Remote Thread Injection and EDR-based detection that

Understanding RunDLL32: Leveraging Dynamic Function Invocation

Pavel Yosifovich January 13, 2025

Unlock the power of RunDLL32! Learn how to execute DLL functions, invoke control panel dialogs,

Dissecting the BlackByte Ransomware

Uriel Kosayev January 9, 2025

Explore BlackByte ransomware: ProxyShell exploits, anti-debugging, and reverse engineering insights. Dive deep into this malware’s

Shell Icon Handler extension

Pavel Yosifovich January 9, 2025

Shell extensions are a powerful feature of the Windows shell that allow developers to extend

Understanding the Differences Between CreateProcessAsUser and CreateProcessWithTokenW in Windows

Pavel Yosifovich December 17, 2024

In this video, we dive into two powerful Windows API functions—CreateProcessAsUser and CreateProcessWithTokenW—that allow you

Building a Simple RPC Client and Server: A Step-by-Step Guide

Pavel Yosifovich November 20, 2024

Remote Procedure Calls (RPC) are a fundamental mechanism in distributed computing, allowing functions to execute

Exploring NTFS Alternate Streams: A Hidden Gem of the Windows File System

Pavel Yosifovich November 20, 2024

Note: This blog post is designed to complement the accompanying video embedded at the top

Debugging DLL Files with IDA Disassembler

Uriel Kosayev November 10, 2024

In this video, I’ll show you how to debug a DLL file with an IDA

Writing a Windows Service

Pavel Yosifovich November 10, 2024

Introduction: Writing a Windows Service Hi, and welcome to this video on writing a Windows

Introduction to Windows Services

Pavel Yosifovich November 10, 2024

Welcome to this video about Windows Services. In this video, we’ll cover the basics of

Introduction to the Windows Performance Analyzer

Pavel Yosifovich November 10, 2024

Hi, and welcome to this video about an introduction to the Windows Performance Analyzer. We’re

Celebrate Uriel Kosayev’s Birthday with crazy price cuts!

Uriel Kosayev October 29, 2024

We’re excited to share a special occasion with you – Uriel Kosayev, one of our

Back to the Future of the Cyber Landscape

Uriel Kosayev October 2, 2024

In the video, I draw from my 15 years of experience to explain that recognizing

MuddyWater Initial Access Trojan

Uriel Kosayev September 29, 2024

In this malware analysis video, we explore how MuddyWater, an Iranian APT group, utilizes legitimate

Trojan Horse Implementation in Hardware

Amichai Yifrach September 16, 2024

When I speak about Hardware Hacking and its crucial role in the safety of our

Sharing Kernel Objects by Name – Perks and Perils

Pavel Yosifovich September 13, 2024

Some Windows kernel object types can have string-based names, which is one way such objects

Keyboard Hook with with Image File Execution Options

Pavel Yosifovich August 25, 2024

Keyboard hooking using Image File Execution Options and pretending to be a debugger.

Maximum Handles in a process

Pavel Yosifovich August 13, 2024

Ever wondered how many handles you can create in a process? Each process has its

electron based cross platform vulnerability exploitation

One Electron to Rule Them All

Uriel Kosayev August 1, 2024

Authors Uriel Kosayev — @MalFuzzer, Hai Vaknin — @VakninHai, Tamir Yehuda — @Tamirye94, Matan Bahar — @Bl4ckShad3 Prologue As red teamers, we are

Best starter Hardware Hacking Toolkit

Amichai Yifrach July 30, 2024

A practical guide to building your first hardware hacking toolkit. From screwdrivers and wire cutters

CrowdStrike and the Formidable BSOD

Pavel Yosifovich July 21, 2024

Millions of machines around the world crashed a few days ago, showing the dreaded “Blue

Intel® Audio Driver Unquoted Service Path Vulnerability

Uriel Kosayev July 21, 2024

By Uriel Kosayev (@MalFuzzer) Introduction Intel is a very well-known and large company that serves many

MSI TrueColor Unquoted Service Path

Uriel Kosayev July 21, 2024

(CVE-2020-8842) Introduction MSI TrueColor utility comes as a pre-installed utility program on MSI gaming laptops

Building a Process Tree

Pavel Yosifovich July 15, 2024

In Windows, every process is associated with a parent process, usually the one created it.

The Malware Shlayer

Uriel Kosayev July 8, 2024

As Mac malware becomes more widespread and as detection mechanisms get more sophisticated, malware actors

“Application Types” on Windows

Pavel Yosifovich July 8, 2024

There are many processes running on a typical Windows system – here are some of

Code Injection with Image File Execution Options

Pavel Yosifovich July 8, 2024

A well-known features of Windows is the Image File Execution Options registry key located in

Microsoft WslService Unquoted Service Path Vulnerability

Uriel Kosayev July 8, 2024

Microsoft WslService Unquoted Service Path By Uriel Kosayev Introduction WslService is a deployed service on

Dissecting Ardamax Keylogger

Uriel Kosayev July 4, 2024

Last month, we decided to enrich our knowledge by delving into research on a popular

Gain Insider Knowledge for Free: Subscribe to Updates From the TrainSec Knowledge Library

Pick Your Path and Join the Elite

Windows Master Developer

Windows Internals Master

Hardware Hacking Expert​

Not ready to commit to a learning pathway?

Hardware Hacking Expert