Session 2: Lecture

Hooking

Tags:

Session 2: Practical

Hooking

Tags:

Session 2: Lecture

Behavioural Analysis

Tags:

Session 2: Practical

Behavioural Analysis

Tags:

Session 2: Lecture

Virtual memory; PE files; Processes, threads and jobs

Tags:

Session 2: Practical

Process and thread data structures; PE file format

Tags:

Session 2: Lecture

Collecting process samples from memory

Tags:

Session 2: Practical

Extracting authentication credentials from memory

Tags:

Windows Internals: Chapter 5

Processes, Threads and Jobs

Tags:

Windows Registry Cheatsheet

A Windows Registry Quick Reference: For the Everyday Examiner by Derrick J. Farmer

Tags:

SANS: Volatile Memory Analysis

Techniques and Tools for Recovering and Analyzing Data from Volatile Memory by Kristine Amari

Tags:

Volatility Memory Analysis Cheat Sheet

Volatility 1.3 Memory Analysis Cheat Sheet by Andreas Schuster

Tags: