RunPE: a practical example of Process Hollowing technique

About the “Process Hollowing” i have already written some posts (like this). However, i’ve never published any practical example. So, today i want to quote this interesting article where Tigzy explains the process hollowing with a brief code snippet. in wich the process hollowing is explained with a brief code snippet. A brief recap: what…

How to retrieve user’s passwords from a Windows memory dump using Volatility

About Volatility i have written a lot of tutorials, now let’s try to use this information in a real context extracting the password hashes from a windows memory dump, in 4 simple steps. 1. Identify the memory profile First, we need to identify the correct profile of the system: [email protected]:~# volatility imageinfo -f test.elf Volatility…