NtInitializeRegistry has indeed changed a bit. Here is the code from ntoskrnl.exe: [ATTACH] Now, an argument equal to 5096 calls...
I can reproduce this problem: registry backup works on 1703 and not on 1803. The registry backup is indeed triggered by a scheduled task that...
There's nothing special in bpmtk.pdf, I produced it with OpenOffice. Did you know Foxit Reader is developed in China? I've been in touch before...
I'm sure you know this is free software, you don't have to pay for it, we don't have a contract and I can decide freely how I "waste" my time.
That's no surprise, I call the WIN32 API in VBA, AFAIK there are no other spreadsheet programs that support this.
I wrote a simple Task Manager in Excel/VBA: list processes, terminate, suspend and resume. It can be useful when fighting malware that prevents...
Correct.
I remember malware (but I can't remember the exact name) that would patch a Microsoft service in memory, back to an older version that was...
The migration is blocked when you enable EMET EAF option, and it is not when the option is disabled, right? That's a good indication that the...
Open handle to said process, create virtual memory page with read/write/excute rights, write meterpreter stager to said page, create remote thread...
The IE sandbox is actually the only sandbox I researched that allows you to open a handle to another LI process to write (and thus migrate). The...
I checked today. SuRunExt.dll is compiled without support for ASLR or DEP.
OK, thanks for confirming. I know, VBA macros are extremely powerful. Not many people realize that. You can call any (WIN32) API from a VBA macro.
You can remove all the root CAs you don't want to trust. You could even remove all root CAs, and add your own root CA. But I fear this would...
I have Office installed in a couple of my test VMs, I'll take a look later. But I don't expect AL scripting rules apply to VBA. For example, VBA...
In any case, I won't post a patched ntdll.dll. It is copyrighted, there are countless versions of it, and there will be many new versions in the...
I just scanned their web page: That doesn't look good. VC++ 6 was introduced in 1998, that's when NT4 was still the major Windows enterprise...
A yes, the macro security settings. These were already present in Office 2003. In a default install, Office 2003 applications require macros to be...
Oh no, don't expect Microsoft to change this. You are talking about changing some of their functions in the WIN32 API. That is a major...
Can you elaborate? Because I've also successfully used some of my spreadsheets on Office 2010/Win 7.
Yes, it's possible to do this.
Not exactly, you also have the "scripting language in a whitelisted application" vector, like VBA in Excel. And you don't even have to mislead the...
I'll add it to my todo list.
Correct. But there is a third major vector: the scripting language of a whitelisted application, like VBA in Excel. It's much easier, but also...
Maybe I'll have a better chance now that I'm a Microsoft MVP Consumer Security ;-)
Separate names with a comma.