F9 Hiding Techniques

Common techniques for process injection


Rootkit techniques for hiding files and other system resources including:


SSDT patching 


Filter drivers


Process list manipulation   

Comments

Post a Comment

Popular posts from this blog

CREST Practitioner Intrusion Analyst: CPIA Exam Information

Image
  2. EXAMINATION DETAILS (CPIA)  2.1 Format The CREST Practitioner Intrusion Analyst examination is delivered at Pearson Vue Centres. Please visit www.pearsonvue.com and follow the on-screen instructions to schedule your chosen examination. Note the logistical requirements for exams conducted at a Pearson Vue centre are defined by Pearson Vue and candidates must ensure they adhere to all the necessary requirements as listed on their website. CREST candidates are not exempt from any of the standard requirements. The CPIA examination comprises one hundred and twenty (120) multiple choice questions, all of which the candidate must complete Details of the areas covered can be found in the Syllabus document.  2.2 Timings The examination lasts 2 hours. Note that the permitted maximum session time at Pearson Vue is 2.5 hours in total, allowing time to read the Code of Conduct and also to provide feedback following the examination.  2.3 Open Book/Closed Book The ex...
Read more

A1 Engagement Lifecycle Management

1) Benefits and utility of incident response to the client. 2) Awareness of steps that can be taken to prepare for potential incidents. 3) Structure of incident response engagements, including the relevant processes and procedures. 4) Knowledge of appropriate actions that should be taken when investigating an incident. Understanding that some actions should be avoided due to risk of evidence corruption. 5) Know how to safely handle malware and potentially malicious files encountered during an engagement. 6) Understanding limitations of system logs.
Read more