LNK Files

LNK or Link files are essentially short cuts to applications, programs, <insert flavor here>, in a Windows OS. These can come from a user (e.g. a desktop shortcut) or the OS itself and can have different implications depending on its inception. Traditionally these files can be found at: C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Recent C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Office\Recent C:\Users\%USERNAME%\Downloads C:\Users\%USERNAME%\Recent C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup C:\ProgramData\Microsoft\Windows\Start… Continue reading LNK Files

Parent Process ID Spoofing

A method in which to arbitrarily set the parent process of a newly spawned process. Why do we want to specify the parent of our process? Why do we care who spawned it? Using PPID spoofing, we enable ourselves to completely control the circumstances surrounding the processes we spawn, we can hide behind common parent-child… Continue reading Parent Process ID Spoofing


Project: I’m going to play around with different formats to see what works best. For this first iteration I’m going to keep things as concise as I can. I used to have a homelab, I moved, I no longer have a homelab. Just pieces of the old one. The idea is to get a runnable… Continue reading HomeSOC