In this two part series, I took a look at some common anomalies in Windows Processes which could be cause for concern. This is done by looking at memory regions, threads, and call stacks and extracting information which could mean that the process is behaving weirdly. This can either be used to detect implants, or QA implants...

Both blogs are external on the TrustedSec blog!

• Windows Processes, Nefarious Anomalies, And You: Memory Regions

• Windows Processes, Nefarious Anomalies, And You: Threads