Part 7 is up! Continuing with PE parsing we'll also explore easy ways to parse attributes and the various flags that Windows uses specific to PE files


Register here: https://www.sans.org/webcasts/an-intro-to-c-for-windows-part-7/?utm_medium=Social&utm_source=Twitter&utm_content=CM+OO&utm_campaign=PenTest+Webcast

"Prevention Strategies for Modern Living Off the Land Usage", 2024.

Bypassing EDRs With EDR-Preloading
https://malwaretech.com/2024/02/bypassing-edrs-with-edr-preload.html

Deep Dive into DLL Sideloading and DLL Hijacking

https://youtu.be/4aiAtGF9tF4

#malware_dev

A technical analysis of the APT28's backdoor called OCEANMAP
https://securityscorecard.com/wp-content/uploads/2024/03/Whitepaper-A-technical-analysis-of-the-APT28s-backdoor-called-OCEANMAP.pdf

Tips For Analyzing Delphi Binaries in IDA (Danabot)
https://www.youtube.com/watch?v=04RsqP_P9Ss

implementation examples of basic rootkit functionality and the basics of kernel driver development

https://www.cyberark.com/resources/threat-research-blog/fantastic-rootkits-and-where-to-find-them-part-1

some Resources for windows kernel programming:

Windows exploit development and windows kernel resources
00 - Windows Rootkits
01 - Windows kernel mitigations
02 - Windows kernel shellcode
03 - Windows kernel exploitation
04 -Windows kernel GDI exploitation
05 - Windows kernel Win32k.sys research
06 - Windows Kernel logic bugs
07 - Windows kernel driver development
08 - Windows internals
09 - Advanced Windows debugging
10 - 0days - APT advanced malware research
11 - Video game cheating (kernel mode stuff sometimes)
12 - Hyper-V and VM / sandbox escape
13 - Fuzzing
14 - Windows browser exploitation
15 - books, certifications and courses
and more :)

- Windows system programming Security

- Windows kernel programming fundamentals

- Windows exploitation

- Live 🔻 Modern Windows kernel exploitation

Article important for windows kernel programming and exploitation.

Windows Exploitation Links


https://github.com/r3p3r/nixawk-awesome-windows-exploitation

https://github.com/connormcgarr/Exploit-Development

https://github.com/connormcgarr/Kernel-Exploits

https://github.com/ElliotAlderson51/Exploit-Writeups

https://github.com/rhamaa/Binary-exploit-writeups#windows_stack_overflows

https://github.com/wtsxDev/Exploit-Development

https://www.corelan.be

https://malwareunicorn.org/#/workshops

https://p.ost2.fyi

http://www.securitytube.net

https://ctf101.org/binary-exploitation/overview

Windows Stack Protection I: Assembly Code
http://www.bowneconsultingcontent.com//pub/EH/proj/cloud/ED301c_tkp/ED301c_tkp.htm

Windows Stack Protection II: Exploit Without ASLR
http://www.bowneconsultingcontent.com//pub/EH/proj/cloud/ED302c_tkp/ED302c_tkp.htm

Windows Stack Protection III: Limitations of ASLR
http://www.bowneconsultingcontent.com//pub/EH/proj/cloud/ED303c_tkp/ED303c_tkp.htm

Exploit Development
Ch 6: The Wild World of Windows
https://samsclass.info/127/lec/EDch6.pdf

SEH-Based Stack Overflow Exploit
https://samsclass.info/127/proj/ED319.htm

Exploiting Easy RM to MP3 Converter on Windows with ASLR
https://samsclass.info/127/proj/ED318.htm

Bypassing Browser Memory Protections
https://www.blackhat.com/presentations/bh-usa-08/Sotirov_Dowd/bh08-sotirov-dowd.pdf

The Basics of Exploit Development 1: Win32 Buffer Overflows
https://www.coalfire.com/the-coalfire-blog/the-basics-of-exploit-development

The Basics of Exploit Development 2: SEH Overflows
https://www.coalfire.com/the-coalfire-blog/the-basics-of-exploit-development-2-seh-overflows

The Basics of Exploit Development 3: Egg Hunters
https://www.coalfire.com/the-coalfire-blog/the-basics-of-exploit-development-3-egg-hunters

The Basics of Exploit Development 4: Unicode Overflows
https://www.coalfire.com/the-coalfire-blog/the-basics-of-exploit-development-4-unicode-overfl

The Basics of Exploit Development 5: x86-64 Buffer Overflows
https://www.coalfire.com/the-coalfire-blog/the-basics-of-exploit-development-5-x86-64-buffer

Resources for Exploit development:-

- roadmap for exploit development
- roadmap for exploit development 2

Resources....

https://github.com/0xZ0F/Z0FCourse_ReverseEngineering

https://crackmes.one

https://www.youtube.com/@pwncollege/videos

https://repo.zenk-security.com/Magazine%20E-book/Hacking-%20The%20Art%20of%20Exploitation%20(2nd%20ed.%202008)%20-%20Erickson.pdf

http://www.phrack.org/issues/49/14.html#article

https://github.com/justinsteven/dostackbufferoverflowgood

https://github.com/FabioBaroni/awesome-exploit-development

https://github.com/CyberSecurityUP/Awesome-Exploit-Development

https://github.com/RPISEC/MBE

https://github.com/hoppersroppers/nightmare

https://github.com/shellphish/how2heap

https://www.youtube.com/watch?v=tMN5N5oid2c

https://dayzerosec.com/blog/2021/02/02/getting-started.html

https://github.com/Tzaoh/pwning

Get updated

Search Evasion Techniques by Names, Techniques, Definitions, Keywords

[ 01 ] https://unprotect.it/

[ 02 ] https://search.maldevacademy.com/

Kimsucky Apt Analysis
https://somedieyoungzz.github.io/posts/kimsucky-apt-analysis/

If you've ever wanted to live debug user mode Linux processes (e.g.: in WSL) from WinDbg, with 1.2402.24001.0, you can! Start up a gdbserver in WSL (e.g.: gdbserver localhost:1234 ./vim) and connect to it via WinDbg's "Connect to remote debugger"
Documentation for live Linux debugging with WinDbg can be found at:

https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/linux-live-remote-process-debugging

And

https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/linux-dwarf-symbols


#tweet
Credit : William R. Messmer

Unveiling custom packers: A comprehensive guide

https://estr3llas.github.io/unveiling-custom-packers-a-comprehensive-guide/

This write-up covers the basics of working with Native Applications and some interesting things you can do with them.

https://www.protexity.com/post/going-native-malicious-native-applications


#tweet
Credit: Steve S.