Skip to content

Purple Team

Home
ATT&CK
About
Contact

Category: Purple Team

Purple Team

Microsoft Speech

SpeechRuntime is a legitimate Windows component that supports Microsoft’s speech-related capabilities, including voice input and speech recognition features used across modern Windows experiences. The SpeechRuntime.exe binary is linked to the Microsoft speech framework. However, threat actors with elevated privileges can move laterally by executing code under the context of the…

April 7, 2026
Purple Team

Toast Notifications

The Application User Model ID (AUMID) is a unique identifier that Windows assigns to modern applications. It enables Windows to identify which applications should receive notifications, how start menu entries are associated, how toast notifications map back to an application etc. Many organizations use Toast Notifications to push internal updates…

March 25, 2026
Purple Team

Credential Guard

Microsoft introduced Credential Guard in Windows 10 (2015) and Windows Server 2016 to prevent credential harvesting from the LSASS process that was abused for years by threat actors. Microsoft used Virtualization Based Security (VBS) to isolate and protect credentials from the rest of the operating system. Credential material is stored…

March 17, 2026
Purple Team

GAC Hijacking

The Global Assembly Cache is a system-wide repository in the .NET framework that stores strong named (name + version + culture + public key token identity) assemblies so multiple applications can use them without version conflicts. On Windows systems, GAC is typically under %windir%\Microsoft.NET\assembly, and assemblies stored there are intended…

February 10, 2026

Contact

Facebook
Twitter
Instagram
YouTube

contact@pentestlaboratories.com

Copyright by Purple Team

Subscribe Subscribed
- Purple Team
- Already have a WordPress.com account? Log in now.