Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • World
  • Users
  • Groups
Skins
  • Light
  • Brite
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (Cyborg)
  • No Skin
Collapse
Brand Logo

CIRCLE WITH A DOT

malmoeb@infosec.exchangeM

malmoeb@infosec.exchange

@malmoeb@infosec.exchange
About
Posts
2
Topics
2
Shares
0
Groups
0
Followers
0
Following
0

View Original

Posts

Recent Best Controversial

  • What I learnt today: Mandatory User Profiles
    malmoeb@infosec.exchangeM malmoeb@infosec.exchange

    What I learnt today: Mandatory User Profiles

    Praetorian named their blog "Persistence Through Forgotten Windows Internals", and true, at least I never heard of Mandatory User Profiles before reading this article.

    In enterprise environments, administrators sometimes want to enforce a specific user profile that resets on each login. To accomplish this, Windows supports a file called NTUSER[.]MAN (the .MAN standing for “mandatory”), which takes precedence over the usual NTUSER.DAT registry hive stored in %USERPROFILE% when a user logs in.

    Setting up persistence on a copy of NTUSER.DAT using the Offline Registry Library might evade some EDRs. The whole blog post is worth a read, but the TL;DR for defender is:

    Consider monitoring for NTUSER[.]MAN file creation in user profile directories, especially when it doesn’t come from an enterprise profile management system.

    Source:
    https://praetorian.com/blog/corrupting-the-hive-mind-persistence-through-forgotten-windows-internals/

    Uncategorized

  • 📢 Hands-On Training: Anti-Forensics (and Anti-Anti-Forensics) Techniques for Incident Responders @ BruCON 2026
    malmoeb@infosec.exchangeM malmoeb@infosec.exchange

    📢 Hands-On Training: Anti-Forensics (and Anti-Anti-Forensics) Techniques for Incident Responders @ BruCON 2026

    I’m excited to announce my upcoming hands-on training at BruCON 2026 in Mechelen. This in-depth technical course is designed for Incident Responders who want to understand and defeat modern anti-forensics techniques actively used by threat actors.

    The training progresses from foundational anti-forensic concepts to advanced techniques observed on Windows and Linux systems, with a strong focus on real-world detection and analysis.

    Key Learning Objectives:

    🔹 Identify and analyze classic and modern anti-forensic techniques
    🔹 Correlate specific anti-forensic techniques with telltale forensic artifacts, understanding what remains and what's altered
    🔹 Learn real-world analytical methods to detect, reconstruct, and recover evidence affected by anti-forensic methods

    📍 Location: Mechelen, Belgium (BruCON 2026)
    📅 Training Dates: April 22–23, 2026

    Register here: https://www.brucon.org/training-details/anti-forensics-

    Uncategorized
  • Login

  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • World
  • Users
  • Groups