Microsoft

RedirectionGuard: Mitigating unsafe junction traversal in Windows

As attackers continue to evolve, Microsoft is committed to staying ahead by not only responding to vulnerabilities, but also by anticipating and mitigating entire classes of threats. One such threat, ...
GitHub

Procedure names auto-labeled incorrectly when symbols fail to resolve

When symbols fail to resolve for a binary, Get-RpcServer appears to assign RPC procedure names incorrectly: Tested with the latest code on Github as well as the version of NtObjectManager in the ...
GitHub

CrowdStrike Powershell module for parsing WFP for Falcon Host Based Firewall

CRWD-HBFW is a light-weight, powershell module that helps you debug and analyze the Windows Filtering Platform in the context of the CrowdStrike Falcon HostBased Firewall. CrowdStrike Falcon's ...
Security Boulevard

Introducing RPC Investigator

Trail of Bits is releasing a new tool for exploring RPC clients and servers on Windows. RPC Investigator is a .NET application that builds on the NtApiDotNet platform for enumerating, ...
Security Boulevard

Understanding the Function Call Stack

This post is based on a September 2021 Twitter thread that I wrote to describe the same concept regarding function calls and their hidden hierarchy. That thread was inspired by a series of tweets by ...