LNK or Link files are essentially short cuts to applications, programs, <insert flavor here>, in a Windows OS. These can come from a user (e.g. a desktop shortcut) or the OS itself and can have different implications depending on its inception. Traditionally these files can be found at: C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Recent C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Office\Recent C:\Users\%USERNAME%\Downloads C:\Users\%USERNAME%\Recent C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup C:\ProgramData\Microsoft\Windows\Start… Continue reading LNK Files
svchost.exe
This is the first entry in a project I’m going to do of trying to learn, document, and track my knowledge base. The purpose of these entries will be to have a one-stop shop for me to reference, so that way I’m not trying to store all this information in my head. It seems like… Continue reading svchost.exe
Parent Process ID Spoofing
A method in which to arbitrarily set the parent process of a newly spawned process. Why do we want to specify the parent of our process? Why do we care who spawned it? Using PPID spoofing, we enable ourselves to completely control the circumstances surrounding the processes we spawn, we can hide behind common parent-child… Continue reading Parent Process ID Spoofing
HomeSOC
Project: I’m going to play around with different formats to see what works best. For this first iteration I’m going to keep things as concise as I can. I used to have a homelab, I moved, I no longer have a homelab. Just pieces of the old one. The idea is to get a runnable… Continue reading HomeSOC