RDP caches left at endpoints aren’t just a performance optimization; they can also become dangerous monitoring points. When RDP sessions are decoded with BMC tools and frames are reassembled using tools like RDP cache stitcher, attackers can observe session content and user behavior. This can provide a platform for persistent access and lateral movement that…

CVE-2025-32463 vulnerability, found in sudo versions 1.9.14 through 1.9.17 and with a critical score of CVSS 3.1 through 9.3, allows an attacker to gain root privilege by loading malicious libraries from user-controlled directories with the –chroot -R flag. The POC file is a published vulnerability, and the files for testing the POC are available at…

Good day everyone, today’s article is about comparing two well-known sandbox sites: Hybrid-Analysis and Cuckoo. Since these two sandbox sites are professional sandbox sites that provide very accurate results, let’s see the detection rates with a real malware. The malware I plan to use is a RAT malware. Let’s examine the results. The first sandbox…

iPerf3 is a network performance measurement tool. Here are the key outputs you can obtain with iPerf3: Let’s do a simple test together and test our network. First, you need a client and a server computer to run this test. Let’s download the iPerf3 tool from the https://files.budman.pw/ website to both the client and server.…

I am planning to install Sysmon on the Ubuntu distribution. If you are going to do this on a different Linux distribution, you can follow the steps in the link below.https://github.com/Sysinternals/SysmonForLinux/blob/main/INSTALL.md So, let’s start to install Sysmon 1. 2. 3. 4. If you receive the following error at this stage, try the next step. 5.…

In a virtual machine where I perform malware tests, I noticed that a conhost.exe process was constantly consuming around 50% of the CPU and allocating approximately 2.5 GB of space, even if it did not use the memory. The main task of Conhost.exe is to provide the appearance and functionality of the command line window.…

CVE-2023-48795 is a vulnerability in the SSH transport protocol with certain OpenSSH extensions in OpenSSH versions prior to version 9.6 and some other products. This vulnerability could allow remote attackers to bypass integrity checks by bypassing some packets, resulting in a connection between a client and server where some security features are downgraded or disabled.…

PeStudio is an analysis tool with which we can get information about executables without running them. We can do static analysis of a malware with PeStudion. Static analysis examines the contents and properties of a file, trying to gain information about what the file can do at run time. It is a type of analysis…

Private GPT is an artificial intelligence chat robot that you can feed with your own documents and run on your own computer without needing an internet connection. Private GPT runs LLM on your own computer’s resources and thus learns from the documents you feed it. Again, by using your system’s resources, you can answer questions…

Process explorer is a sysinternals tool, and like every sysinternals tool, it can be used for operations such as system administration and troubleshooting. Process Explorer, which is our subject, can be thought of as an advanced version of Task Manager. Process Explorer, with its features, can provide us with more detailed information and telemetry data…