windows_os

Investigating Malicious Activity in WSL Environments

13 September 2025 - Posted in Threat Analyze by Jok3r

Background: Some XDR and EDR solutions are not effective when dealing with threats hidden inside WSL. In certain cases, it can also be challenging for digital forensic specialists to detect threats [...] Read more

Identifying the Root Cause of Cybersecurity Incidents Involving Exploit Detonation on Windows Machines

06 January 2025 - Posted in Incident Response by Jok3r

Background: During the incident response stage of "Log Collection," it is highly valuable to collect comprehensive data from the servers, especially when the affected system is running Windows OS. [...] Read more

The Dark Side of Integration: Risks of Windows OS hooks in Malicious Hands

12 October 2024 - Posted in Threat Analyze by Jok3r

Background: Each action we perform in the Windows UI layer involves loading DLLs that contain various hooks. Hooks are similar to backend APIs, enabling us to achieve specific results. Through [...] Read more