Lost in Transaction: Process Doppelgänging
Tal Liberman
Eugene Kogan

https://docs.google.com/viewerng/viewer?url=https://www.blackhat.com/docs/eu-17/materials/eu-17-Liberman-Lost-In-Transaction-Process-Doppelganging.pdf


hasherezade's PoC for doppleganging:
LINK

Dissecting SnakeKeyLogger Macros

https://farghlymal.github.io/Dissecting-SnakeKeyLogger-Macros/

#malware_analysis

Organized list of my malware development resources
https://github.com/rootkit-io/awesome-malware-development



#malware_dev

MALWARE TECHNIQUES FROM AGGRESSOR'S PERSPECTIVE
PATRYK CZECZKO
PAWEŁ KORDOS

#malware_dev

Event Tracing for Windows (ETW): Your Friendly Neighborhood IPC Mechanism

https://www.preludesecurity.com/blog/event-tracing-for-windows-etw-your-friendly-neighborhood-ipc-mechanism

credit : @jsecurity101

Rhysida Ransomware
Link


#malware_analysis

Kimsucky analysis part2
https://somedieyoungzz.github.io/posts/kimsucky-2/


#malware_analysis

Linux internals

https://youtube.com/playlist?list=PLSIUOFhnxEiC3YTdxwqZqgEY5imVL8U8J&si=kVQOBW8ZFk33yYM-

https://youtube.com/playlist?list=PLOEpetqiDZSrfM_HYPe9l6RC782Ttul2H&si=9nk4B_uVAbL2VtSK

https://youtube.com/playlist?list=PLsI2APLEA9Eq6z8zUlOJrqmc5KBwLTV4A&si=oW0Nqinw5PgTw27q

Memory Tagging and how it improves C/C++ memory safety

Inspired Shell Obfuscatio
https://github.com/CyberSecurityN00b/shellfeck

"Can a .txt file be malicious?"

Short answer: No

Long answer: Anything is possible through the power of Windows HKEY_CLASSES_ROOT

tl;dr modify shell open command (default) to malicious payload with subsequent invocation of text editor + parameters. The .txt file won't be malicious, but the thing responsible for opening them will be

¯\_(ツ)_/¯