🛡️🔍🪟 FERRUM | Framework Go para LPE y COM hijacking en Windows Un solo `ferrum.exe` con arquitectura modular. El módulo --CLSID modela flujos ProcMon concretos para triage rápido de vectores de escalada vía COM en HKCU. #RedTeam #LPE #COMHijacking #WindowsSecurity

Also, to answer your retarded question. Open source software can be inspected, as long as there aren't too many deps. Inspecting closed source cracks is difficult. Most people will procmon and rev cracks in VMs but lots of malware halt malicious functions on VM detection.

Sysmonをインストールした環境で動的解析することでProcmonを効率的に見ることができるのにあまり重要視されないの不思議

I am currently working on "procmon on steroids" for the profiler: you already have symbols, so the profiler can dynamically hook whatever function you need, capture arguments/return values or more complex expressions and write it to the trace.

Task manager annoyingly sanitises results (you'll need sysinternals procmon) there's also many flavours and builds; I doubt everyone is on the latest. RAM spikes caused from MS are usually Defender or Windows Update. 🤷

I love ProcMon, it's an inspiration here. But manually doing this is way too slow on low repro rates, and the cmdline interface only allows you to get stacks as XML files IIRC. So the ergonomics for automation are not great.

why not use ProcMon?

Finding new vulnerabilities isn't dark magic—it's systematic dynamic analysis. When off-the-shelf tools fail, pivot to research: ​Target the blockers: Focus on the control that actively stopped you. ​Behavior over binaries: Use ProcMon or API Monitor before a disassembler.

Inside, things NO other npm package has: - a live decoded ETW firehose (Procmon-lite) - Event Log tailing w/ publisher messages - native perfmon counters, locale-proof - per-process GPU% (Task Manager's column) - SMBIOS without WMI - socket-to-PID, no netstat - whoLocks(file)

That is why my profiler can also record file I/O: Getting the entire history of who is meddling with a file (with callstacks!) immediately solves the sharing violation riddle once you have repro'd it. It's like ProcMon, but automated :) Obligatory link: profiler.kerntief.net/

😅 Just to confirm, launch procmon, look for load errors on fully patched W11 codecentric.de/en/knowledge-…

Windowsが眠ってるHDDを無駄に定期的に起こしにくるの本当にイライラして、延々とProcmonと睨めっこして撲滅しようとしているものの、なかなか取り切れない……。なおStackoverflowの質問者さんの悩みはまさに一緒なのですが、回答のほうは全てクソの役にも立たなくてアレ。 ja.stackoverflow.com/questio…

NOTES: - I did not add any API keys into the AI portion of the product due to lack of wanting you to have my API keys. - I set up a Windows 10 VM on proxmox to analyze HyperionX from installation to usage. I used procmon to see the processes and wireshark to see the connections - After tampering with my license key to see if I could bypass anything the product locked me out of my license completely (good).

Malware Analysis 1. Volatility— Memory forensics framework for extracting digital artifacts from RAM dumps 2. Volatility3— Next-generation rewrite of Volatility with improved plugin architecture and Python 3 support 3. Radare2— Reverse engineering framework also widely used for malware static/dynamic analysis 4. YARA— Pattern-matching tool for identifying and classifying malware samples based on textual or binary signatures 5. Cuckoo Sandbox— Automated sandbox system for dynamic malware analysis in isolated environments 6. CAPE Sandbox— Cuckoo fork with enhanced capabilities for detecting modern threats and config extraction 7. FLOSS — Automatic string extractor for malicious binaries; finds hidden/obfuscated strings without full decompilation 8. Procmon (Process Monitor)— Windows utility from Microsoft for real-time monitoring of file system, registry, and process activity 9. Autorun Microsoft Sysinternals tool for inspecting Windows auto-start locations and persistence mechanisms 10. PEStudio Static analysis tool for Windows PE files; highlights suspicious indicators without executing the sample 11. Detect It Easy (DiE) File identifier for detecting packers, compilers, linkers, and file signatures 12. Exeinfo PE PE file analyzer for identifying packers, compilers, and entry point characteristics #Analysis #Malware #Windows #Tools #InfoSec #CyberSecurity #ReverseEngineering #ThreatIntel #MalwareResearch #SecurityTools #Forensics #BlueTeam #RedTeam #MrRobot #CyberSec

なんかDiscordが入っているフォルダ配下にナリを潜めていたフォルダが存在していて、そのうちpythonで裏で回り始めていたみたい… そりゃProcmonでは出ませんね…Get-MpThreatDetectionでWindowsDefenderが検知したものをさらって

My hands-on malware analysis workflow Today I practiced analyzing a suspicious file using the same approach used in real SOC environments using tools like virus total, procmon, ghidra to check for vulnerabilities. We build continously👍 #socanalysis #malware #cybersecurity

hey @XBOX, you shouldnt expect users to have to debug the app with procmon (or use claude to do it for them) to find these fixes btw!

Blue Team Challenge of the Week - Malware Analysis You receive a suspicious Windows executable from an incident responder. Constraints: - You must quickly identify IOCs (network indicators, dropped files, persistence) - You cannot execute the malware on a live system - Time is limited; this is a triage phase, not deep reverse engineering You need high signal, fast results. Which tool is the BEST choice for this scenario? A. IDA Pro B. Procmon C. Strings static PE analysis tools D. WinDbg #BlueTeamChallenge #BlueTeam #Cybersecurity #Malware

🔴 Best Malware Analysis Tools Collection 🔥 Telegram: t.me/hackinarticles ✴ Twitter: x.com/hackinarticles Malware analysis is a core skill for defenders, researchers & reverse engineers ⚠️ ⚡ Popular Malware Analysis Tools 🦠 VirusTotal → Multi-engine malware scanning 🔍 Hybrid Analysis / Any.Run → Interactive sandboxing 📦 Procmon & Process Hacker → Process monitoring 🧠 Ghidra / IDA Pro → Reverse engineering binaries 🐞 x64dbg / Radare2 → Debugging & analysis 🌐 Wireshark / Fiddler → Network traffic inspection 📊 Autoruns / TCPView → Persistence & connection analysis 🚨 MalwareBazaar / AbuseIPDB → Threat intelligence 💡 Malware analysis combines static analysis, dynamic analysis, reverse engineering & behavioral monitoring together ⚠️ Never analyze malware on your host machine — always use isolated lab environments #malware #reverseengineering #dfir #threathunting #cybersecurity #infosec