AMSI Scanning in C#: P/Invoke, Memory-Mapped Files, and Safe Interop
Pavel Yosifovich
November 10, 2025
In this video, I demonstrate how to perform a file scan using Windows AMSI directly
In this video, I demonstrate how to perform a file scan using Windows AMSI directly
In this session, I wanted to show how AMSI works in practice and how we
Learn how Windows sessions manage processes, desktops, clipboards, and security. Pavel Yosifovich explains Session 0,
When working with processes, we often want to understand what is going on inside them.
In this video we walk through how process trees are built in Windows, starting with
Windows Subsystem for Linux (WSL) first appeared in Windows 10 (Anniversary Update, 1607). It enables
Learn what kernel allocation tags are, how they help track Windows kernel memory, detect driver
We’ve all used the Recycle Bin. You delete a file, and it shows up there,
Starting with Windows Vista, Microsoft introduced protected processes—special executables the kernel shields from injection, memory
Debugging Windows at kernel level lets you watch every CPU instruction, intercept system calls, and