www.secnews.physaphae.fr This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-11T20:53:00+00:00 www.secnews.physaphae.fr RiskIQ - cyber risk firms (now microsoft) Lookout Discovers New Chinese Surveillance Tool Used by Public Security Bureaus 2024-12-12T20:36:12+00:00 https://community.riskiq.com/article/2b3cb06d www.secnews.physaphae.fr/article.php?IdArticle=8624235 False Malware,Tool,Threat,Legislation,Mobile APT 15 3.0000000000000000 ProjectZero - Blog de recherche Google The Windows Registry Adventure # 4: Hives and the Registry Mayout<br>The Windows Registry Adventure #4: Hives and the registry layout A diagram illustrating the call stack for the RegCreateKeyEx function in Windows. It shows the transition from user-mode to kernel-mode through various API calls: * **User-mode:** * Application.exe calls RegCreateKeyEx in KernelBase.dll * KernelBase.dll calls NtCreateKey in ntdll.dll * ntdll.dll makes a system call to NtCreateKey * **Kernel-mode:** * ntoskrnl.exe executes the NtCreateKey syscall In this example, Application.exe is a desktop program calling the documented RegCreateKeyEx function, which is exported by KernelBase.dll. The KernelBase.dll library implements RegCreateKeyEx by translating the high-level API parameters passed by the caller (paths, flags, etc.) to internal ones understood by the kernel. It then invokes the NtCreateKey system call through a thin wrapper provided by ntdll.dll, and the execution finally reaches the Windows kernel, where all of the actual work on the internal registry representation is performed. ]]> 2024-10-25T10:30:02+00:00 https://googleprojectzero.blogspot.com/2024/10/the-windows-registry-adventure-4-hives.html www.secnews.physaphae.fr/article.php?IdArticle=8601741 False Tool,Vulnerability,Threat,Legislation,Technical APT 17 3.0000000000000000