HandleKatz - PIC Lsass Dumper Using Cloned Handles

This tool was implemented as part of our Brucon2021 conference talk and demonstrates the usage of cloned handles to Lsass in order to create an obfuscated memory dump of the same. It compiles down to an executable living fully in its text segment. Thus, the extracted .text segment of the PE file ...

Trickbot Malware Goes After Remote Desktop Credentials

The banking trojan known as Trickbot has resurfaced, with an updated info-stealing module that allows it to harvest remote desktop application credentials. According to Trend Micro’s Noel Anthony Llimos and Carl Maverick Pascual, a new variant has recently come on the scene, and is being spread v...