Posts

Investigating LSASS and its Capabilities

  What is LSASS? The Local Security Authority Subsystem Service (LSASS)  running as lsass.exe on Windows is the guard at the gate of your system’s security. After you log in, LSASS holds your credential data in memory: things like Kerberos tickets, NTLM hashes, and sometimes even plaintext passwords . This makes it attractive for attackers looking to hijack sessions, move laterally, or escalate privileges. This covers the TTP of  TA0008 (Lateral Movement), TA0006 (Credential Access), TA0010 (Exfiltration). Sometimes its difficult to map to MITRE ATT&CK framework accurately as it gives a brief description of what the general outlook and goal of the adversary is trying to do. The real attack nature depends on what is being and accessed and the eventual goal and nature of the attack. Why Attackers Target LSASS Reading LSASS memory is like opening a treasure chest full of credentials. Tools such as Mimikatz , Procdump , Taskmgr , or even native system libraries like...
Read more

DLL Injection via CreateRemoteThread

  What Is DLL Injection? From game injectors to malicious actors, at its core, DLL injection is a method attackers use to sneak malicious code into legitimate processes. Instead of launching a standalone malware process, they embed their code inside a trusted one, great for evading detection! One of the most common ways to do this on Windows is using a combination of: VirtualAllocEx WriteProcessMemory CreateRemoteThread LoadLibraryA Here’s how it works step by step: Step-by-step Injection Method: Create, Write, Load Pick a Target Process An attacker chooses a host process (e.g., svchost.exe), locates it via Windows APIs, and grabs a handle using  OpenProcess Get LoadLibraryA Address Since kernel32.dll is loaded in most Windows processes, locating the address for LoadLibraryA is easy—and crucial for the next step   Prepare the DLL Path The attacker allocates memory inside the victim process (VirtualAllocEx) and writes the path to their...
Read more

DNS Server vs. DHCP: Clearing the Crumbles of Confusion

  If you've ever worked in IT, whether you're just starting out or you’re deep in the cybersecurity world, you’ve probably heard the terms DNS and DHCP tossed around in the same breath. And if you’ve ever internally paused and thought, “Wait, which one does what again?”,  you’re not alone! These two networking services are often confused for one another, and while they both play critical roles in how devices communicate on a network, they serve very different purposes. In this post, we’ll break them down, compare them, and provide real-world analogies to help you remember which is which. What is DHCP? DHCP stands for Dynamic Host Configuration Protocol . At its core, DHCP is the friendly office receptionist of your network—it hands out IP addresses to devices (clients) when they join the network. Instead of having to manually assign IP addresses to every device, the DHCP server does it dynamically and automatically. Example: Imagine walking into a hotel. At the front ...
Read more

Welcome to The Cyber Biscuit! : A Blog About Cybersecurity in Small Bites

Welcome to The Cyber Biscuit~ Hi there, and welcome to The Cyber Biscuit,  a cybersecurity blog where knowledge is served in digestible, bite-sized pieces. This blog is born out of curiosity, continuous learning, and a passion for making cybersecurity just a little more approachable. Whether you're a seasoned infosec professional or someone just getting started, I hope you'll find something here that informs, inspires, or even makes you crack a smile. Why I'm Writing This blog is as much a learning log for myself as it is a platform to share knowledge. By writing things down, I clarify my own understanding. By publishing them, I hope someone else might benefit, too — even if it’s just one person. This blog isn’t meant to be a textbook. It’s meant to be real . Expect the occasional typo, an honest “I don’t know,” and a focus on continuous improvement. Thanks for visiting — grab a biscuit, and let’s explore the cyber world, one bit at a time. 🔐🍪
Read more