Processes and threads TL;DR: TEB / PEB layout, handles, the EPROCESS perspective from kernel debugging. Stub — to be filled in. What it is TODO Preconditions / where it applies TODO Technique TODO Detection and defence TODO References TODO