ICS410 ICS/SCADA Security Essentials 2024
https://learnflakes.net/?p=rss&action=download&tid=55146&pk=666d37941e65bc27c1a86ebf627979332c5ef3ec

Zero EAT touch way to retrieve function addresses
https://github.com/MzHmO/SymProcAddress

Malware Dev Reading List
https://gist.github.com/0prrr/c0954a638c55ab4b39e8b02ef312e806

#malware_dev

Blinding EDR On Windows
https://synzack.github.io/Blinding-EDR-On-Windows/

#edr

List of callbacks and codes that we can use them to execute shellcode
(Alternative Shellcode Execution Via Callbacks)
https://github.com/aahmad097/AlternativeShellcodeExec

#malware_dev

Program to Inject a DLL into a process from memory

https://github.com/BlackHat-Ashura/Reflective_DLL_Injection

Scorpio-Windows.Internals.(2020)

“Practical Cryptography: Algorithms and Implementations Using C++” by Saiful Azad and Al-Sakib Khan Pathan, which provides a comprehensive guide to modern cryptography and demonstrates how to develop and implement cryptographic algorithms in C++.

NIST Cybersecurity Framework


https://www.youtube.com/playlist?list=PLxC28bkWNxkM1AVwmhF0Xfbs8F-NMox0I

A very good introductory series of articles examining the process of driver development for Windows (NT):
Part 1, part 2,....

(The material is old, but gold)

#windows #drivers

One of the "essential" windows auditing tools, add my other favorites like rpcview, process hacker, sysinternals, ghidra, wireshark xpe viewer, windbg, imhex and visual studio. Get James Forshaw's NtObjectManager thing too, seems useful for parsing MIDL like rpcviewer.



PipeViewer - A Tool That Shows Detailed Information About Named Pipes In Windows
https://github.com/cyberark/PipeViewer

credit : Eviatar Gerzi

#tweet , source

[ Testing LFI in Windows: How I (never) got a $30000 bounty ]

Another great post by adeadfed!

https://adeadfed.com/posts/testing-lfi-in-windows-how-i-never-got-a-30000-bounty/

if you want to using Function stomping technique you have to know this about windows:

for example Kernel32.dll, a common DLL, might have different addresses in two processes(ASLR), but functions like VirtualAlloc, exported from Kernel32.dll, will have the same address in both processes.

example:

Link

HyperDbg v0.8.2 is now released! 🔥

This update brings support for functions in the noscript engine.

Read more:
https://docs.hyperdbg.org/commands/noscripting-language/constants-and-functions

## [0.8.2.0] - 2024-03-19
New release of the HyperDbg Debugger.

### Added
- Add user-defined functions and variable types in noscript engine

### Changed
- Fix debuggee crash after running the '.debug close' command on the debugger
- The problem with adding edge MTRR pages is fixed
- All compiler/linker warnings of kernel-mode modules are fixed
- User/Kernel modules of HyperDbg now compiled with "treat warning as error"
- After downloading new symbols it is automatically loaded
- Fix error messages/comments spelling typos