Sign in Subscribe

Windows

A Security Analyst’s Guide to Security Identifiers (SIDs)

A Security Analyst’s Guide to Security Identifiers (SIDs)

As a security analyst, you’re constantly on the lookout for the tell-tale signs of malicious activity. In the world of Windows security, one of the most fundamental and often overlooked artifacts is the Security Identifier (SID).

Unseen Pockets: The NTFS Alternate Data Streams (ADS)

Unseen Pockets: The NTFS Alternate Data Streams (ADS)

In the digital world, evidence often hides in plain sight. One of the most classic and effective hiding places on Windows systems is a native feature of its file system: Alternate Data Streams (ADS).

Deconstructing the Digital Heartbeat: A Beginner’s Guide to Windows Processes

Deconstructing the Digital Heartbeat: A Beginner’s Guide to Windows Processes

Every action on a Windows system, from opening a web browser to a background service checking for updates, is organized by processes. To the average user, a process is simply a running program. To a security analyst, however, a process is the fundamental unit of execution and the primary battlefield