/ Orange Cyberdefense Switzerland's technical blog Tue, 20 May 2025 09:26:15 +0000 en-US hourly 1 https://wordpress.org/?v=6.9.4 /wp-content/uploads/2024/10/cropped-favicon-32x32-1-32x32.png / 32 32 /2025/05/20/hijacking-the-windows-marebackup-scheduled-task-for-privilege-escalation/ Tue, 20 May 2025 09:26:14 +0000 /?p=7033 Continue reading Hijacking the Windows “MareBackup” Scheduled Task for Privilege Escalation]]> /2025/02/18/reinventing-powershell-in-c-c/ Tue, 18 Feb 2025 08:16:47 +0000 /?p=6726 Continue reading Reinventing PowerShell in C/C++]]> /2024/11/11/exploiting-ksecdd-through-server-silos/ Mon, 11 Nov 2024 13:13:58 +0000 /?p=5731 Continue reading Exploiting KsecDD through Server Silos]]> /2024/09/02/ghost-in-the-ppl-part-3-lsass-memory-dump/ Mon, 02 Sep 2024 14:06:18 +0000 /?p=5136 Continue reading Ghost in the PPL Part 3: LSASS Memory Dump]]> /2024/08/15/ghost-in-the-ppl-part-2-from-byovdll-to-arbitrary-code-execution-in-lsass/ Thu, 15 Aug 2024 09:46:21 +0000 /?p=5133 Continue reading Ghost in the PPL Part 2: From BYOVDLL to Arbitrary Code Execution in LSASS]]> /2024/08/09/ghost-in-the-ppl-part-1-byovdll/ Fri, 09 Aug 2024 07:37:19 +0000 /?p=5052 Continue reading Ghost in the PPL Part 1: BYOVDLL]]> /2023/09/15/a-deep-dive-into-tpm-based-bitlocker-drive-encryption/ Fri, 15 Sep 2023 15:14:24 +0000 /?p=4580 Continue reading A Deep Dive into TPM-based BitLocker Drive Encryption]]> /2023/08/14/cve-2022-41099-analysis-of-a-bitlocker-drive-encryption-bypass/ Mon, 14 Aug 2023 14:12:14 +0000 /?p=4374 Continue reading CVE-2022-41099 – Analysis of a BitLocker Drive Encryption Bypass]]> /2023/03/17/bypassing-ppl-in-userland-again/ Fri, 17 Mar 2023 15:54:34 +0000 /?p=4008 Continue reading Bypassing PPL in Userland (again)]]> /2021/04/22/bypassing-lsa-protection-in-userland/ Thu, 22 Apr 2021 12:30:33 +0000 /?p=2837 Continue reading Bypassing LSA Protection in Userland]]>