16 Aug 2015
Prove of Concept for privilege processes instrumentation for Windows 2008 is found. The solution will be available in 1 month. As premium the same solution will be applicable for Windows 2010 too. As other Premium driver will be able to load DLL with any sign inside privilege processes for both Windows 2008 and 2010. :)
25 Sep 2015
I'm apologized that version for Kernel >= 8.1 is not available yet. We have version which works. But it completely destroys Microsoft's Anti-Malware Service Protection and it is not correctly. The correct version which load (only our!) DLLs inside privilege services and keeps this protection working will take some additional efforts and time.
19 Oct 2015
The version is working on Windows 10 ready. I need some times to test it.
22 Feb 2018
Some time ago I was asked "Is it possible monitoring COM same to RPC?". Today my answer is "It's definitely possible!" Appropriate POC is ready.
18 Jun 2018
Eventually one of the authors of this Blog was added in the list of the Israeli "cyber aristocracy". I'm sure it's mistake, but proud. Are you know Hebrew? If so, get forward here!
18 Jun 2018
I prepared two good lectures in PPP.
1st is devoted different instrumentation and hooking techniques, including RPC and COM tracing (which as I know was not published anywhere).
2nd is using reverse engineering for Crash Dump analyzing. Sometimes it's the single method to restore functions parameters were transmitted via registers on x64 processor.
Probably I will have time to make them public.
Authors: Michael Gr. & Valery Dr.
Prove of Concept for privilege processes instrumentation for Windows 2008 is found. The solution will be available in 1 month. As premium the same solution will be applicable for Windows 2010 too. As other Premium driver will be able to load DLL with any sign inside privilege processes for both Windows 2008 and 2010. :)
25 Sep 2015
I'm apologized that version for Kernel >= 8.1 is not available yet. We have version which works. But it completely destroys Microsoft's Anti-Malware Service Protection and it is not correctly. The correct version which load (only our!) DLLs inside privilege services and keeps this protection working will take some additional efforts and time.
19 Oct 2015
The version is working on Windows 10 ready. I need some times to test it.
22 Feb 2018
Some time ago I was asked "Is it possible monitoring COM same to RPC?". Today my answer is "It's definitely possible!" Appropriate POC is ready.
18 Jun 2018
Eventually one of the authors of this Blog was added in the list of the Israeli "cyber aristocracy". I'm sure it's mistake, but proud. Are you know Hebrew? If so, get forward here!
18 Jun 2018
I prepared two good lectures in PPP.
1st is devoted different instrumentation and hooking techniques, including RPC and COM tracing (which as I know was not published anywhere).
2nd is using reverse engineering for Crash Dump analyzing. Sometimes it's the single method to restore functions parameters were transmitted via registers on x64 processor.
Probably I will have time to make them public.
Authors: Michael Gr. & Valery Dr.