Несколько переведённых глав из книжки об операционной системе, разбирающейся в курсе:


Глава 6. Блокировки
https://habr.com/ru/articles/789478

Глава 5. Прерывания и драйверы устройств
https://habr.com/ru/articles/791058

Глава 4. Прерывания и системные вызовы
https://habr.com/ru/articles/791286

Глава 3. Таблицы страниц
https://habr.com/ru/articles/792808

Инструменты для сборки и запуска xv6 под QEMU
https://habr.com/ru/articles/794326

Глава 2. Устройство операционной системы
https://habr.com/ru/articles/795735

Глава 1. Интерфейсы операционной системы
https://habr.com/ru/articles/797557

Pelmeni Wrapper: New Wrapper of Kazuar (Turla Backdoor)

https://lab52.io/blog/pelmeni-wrapper-new-wrapper-of-kazuar-turla-backdoor/

Scam .pdf files
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/rise-in-deceptive-pdf-the-gateway-to-malicious-payloads

Introducing APT-Hunter : Threat Hunting Tool via Windows Event Log

https://shells.systems/introducing-apt-hunter-threat-hunting-tool-via-windows-event-log/

#tools

Keylogging in the Windows kernel with undocumented data structures

https://eversinc33.com/posts/kernel-mode-keylogging/

 Initial Access Operations Part 2: Offensive DevOps

https://www.blackhillsinfosec.com/initial-access-operations-part-2/

"Introduction to Reverse Engineering with Ghidra"
https://voidstarsec.com/ghidra.html#:~:text=Introduction%20to%20Reverse%20Engineering%20with%20Ghidra

Reverse engineering of Android Phoenix RAT

Analysis: https://cryptax.medium.com/reverse-engineering-of-android-phoenix-b59693c03bd3

Phoenix overview: https://cryptax.medium.com/android-phoenix-authors-claims-sample-identification-and-trends-f199cbc9901d

ساختار فایل PE
- header
https://mrpythonblog.ir/pe1/
- section
https://mrpythonblog.ir/pe2/
-exports
https://mrpythonblog.ir/pe3/
-imports
https://mrpythonblog.ir/pe4/
-relocation
https://mrpythonblog.ir/pe5/


#pe

@MrPythonBlog

Writing pe-parser and explain about its structure

https://0xrick.github.io/win-internals/pe1/

https://0xrick.github.io/categories/#win-internals



#pe

Windows Local Privilege Escalation Cookbook

https://github.com/nickvourd/Windows-Local-Privilege-Escalation-Cookbook

Sark (named after the notorious Tron villain) is an object-oriented noscripting layer written on top of IDAPython. Sark is easy to use and provides tools for writing advanced noscripts and plugins.


https://sark.readthedocs.io/en/latest/


#tools

Windows 11 is getting native macOS or Linux-like Sudo command

https://www.windowslatest.com/2024/02/01/first-look-windows-11-is-getting-native-macos-or-linux-like-sudo-command/






Sudo On Windows a Quick Rundown

https://www.tiraniddo.dev/2024/02/sudo-on-windows-quick-rundown.html?m=1



Introducing Sudo for Windows!


https://devblogs.microsoft.com/commandline/introducing-sudo-for-windows/

Pe explanation from ARTeam

Best

There is industry consensus on moving away from C/C++: "Secure by Design: Google’s Perspective on Memory Safety"

TLDR: Rust is not the answer.

https://security.googleblog.com/2024/03/secure-by-design-googles-perspective-on.html?m=1

researcher @ mrd0x released https://malapi.io , an online catalog of Windows APIs that are commonly used in malware. This is an incredible resource that helps to discern which APIs are worth scrutiny when performing analysis of the IAT.