Deep Dive into OS Internals with Windbg
Malware and OS Internals


[ 01 ] Reversing Windows Internals
[ 02 ] Portable Executable Anatomy
[ 03 ] Data Directories of Interest
[ 04 ] Import Directory
[ 05 ] Import Address Table
[ 06 ] Export Directory
[ 07 ] Manual Walkthrough of Export Directory
[ 08 ] Process Environment Block
[ 09 ] Different methods to locate the PEB
[ 10 ] Understanding an Example Shellcode
[ 11 ] Using _PEB_LDR_DATA
[ 12 ] Using _LDR_DATA_TABLE_ENTRY
[ 13 ] Practical Example with Rustock.B Rootkit

#windows
---------
@islemolecule_source

TinyTurla-NG in-depth tooling and command and control analysis

https://blog.talosintelligence.com/tinyturla-ng-tooling-and-c2/

#c2

A Deep Dive Into Exploiting Windows Thread Pools


https://urien.gitbook.io/diago-lima/a-deep-dive-into-exploiting-windows-thread-pools

#window_internals , #exploitation

Static Analysis Automation for Hunting Vulnerable Kernel Drivers

https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html

Slides 👇

Unpacking RC4 Encrypted Malware - REvil ransomware

Link


#malware_analysis
#reverse
---------
@islemolecule_source

Deep Dive into DLL Sideloading and DLL Hijacking
Link

#malware_dev
------
@islemolecule_source

A Technical Deep Dive: Comparing Anti-Cheat Bypass and EDR Bypass
Link

#edr
#malware_dev

------
@islemolecule_source

IRC Botnet sinkhole:full reverse process
Link

#malware_analysis
#reverse
---------
@islemolecule_source

Pass: GREENARMOR


#malware_analysis
#reverse
---------
@islemolecule_source

Active directory security handbook

#AD

Keylogging in the Windows kernel with undocumented data structures
Link


#malware_dev
------
@islemolecule_source

Xeno RAT: A New Remote Access Trojan with Advance Capabilities
Link

#malware_analysis
------
@islemolecule_source