Website: http://aetherlab.net
Blog: / gergely.revay
Trainings:
Web Hacking: Become a Web Pentester - https://hackademy.aetherlab.net/p/web...
Learn Burp Suite, the Nr. 1 Web Hacking Tool - https://hackademy.aetherlab.net/p/bur...
Reverse Engineering with Radare2 - https://hackademy.aetherlab.net/p/rad...
-------------------------------------------------------------------------
In this video we will look into how we can find out what files a specific process interacts with. For that I we will use the Process Mornitor tool from the Sysinternals Suite.
There are lots of different use cases why you would want to know files a process works with. For instance, in my case I was doing a security assessment of a desktop application. I knew that it stores data locally, so I wanted to find where that data is stored on the disk to be able to analyse whether it is stored securely (spoiler alert, it wasn't). But you could use the same method to analyse what a where a malware dropper stores the extracted or downloaded payload on the disk, to analyse that further.