tag:blogger.com,1999:blog-8539880144347728238.post1384113556860170237..comments2024-01-24T04:15:08.086-05:00Comments on Carnal0wnage Blog: Finding Executable Hijacking OpportunitiesUnknownnoreply@blogger.comBlogger3125tag:blogger.com,1999:blog-8539880144347728238.post-6468521076512197552013-09-05T07:45:12.511-04:002013-09-05T07:45:12.511-04:00@Trav.Emme - I went the procmon route first, but i...@Trav.Emme - I went the procmon route first, but it was such a pain to get working each time I wanted to reboot or do something else on the system, it was just easier to remote the actually detection elements onto another platform.mubixhttps://www.blogger.com/profile/08706151795678283675noreply@blogger.comtag:blogger.com,1999:blog-8539880144347728238.post-91320647368018744192013-09-05T00:10:53.346-04:002013-09-05T00:10:53.346-04:00Would procmon achieve the same result, but with le...Would procmon achieve the same result, but with less setup? Of course some filters, and setting the path to something unique would be required.Trav.Emmehttps://www.blogger.com/profile/05172341254656469094noreply@blogger.comtag:blogger.com,1999:blog-8539880144347728238.post-78714229214826048292013-09-05T00:10:04.439-04:002013-09-05T00:10:04.439-04:00would procmon achieve the same result, but with le...would procmon achieve the same result, but with less complexity?Trav.Emmehttps://www.blogger.com/profile/05172341254656469094noreply@blogger.com