List of callbacks and codes that we can use them to execute shellcode
(Alternative Shellcode Execution Via Callbacks)
https://github.com/aahmad097/AlternativeShellcodeExec

#malware_dev

Program to Inject a DLL into a process from memory

https://github.com/BlackHat-Ashura/Reflective_DLL_Injection

Scorpio-Windows.Internals.(2020)

“Practical Cryptography: Algorithms and Implementations Using C++” by Saiful Azad and Al-Sakib Khan Pathan, which provides a comprehensive guide to modern cryptography and demonstrates how to develop and implement cryptographic algorithms in C++.

NIST Cybersecurity Framework


https://www.youtube.com/playlist?list=PLxC28bkWNxkM1AVwmhF0Xfbs8F-NMox0I

A very good introductory series of articles examining the process of driver development for Windows (NT):
Part 1, part 2,....

(The material is old, but gold)

#windows #drivers

One of the "essential" windows auditing tools, add my other favorites like rpcview, process hacker, sysinternals, ghidra, wireshark xpe viewer, windbg, imhex and visual studio. Get James Forshaw's NtObjectManager thing too, seems useful for parsing MIDL like rpcviewer.



PipeViewer - A Tool That Shows Detailed Information About Named Pipes In Windows
https://github.com/cyberark/PipeViewer

credit : Eviatar Gerzi

#tweet , source

[ Testing LFI in Windows: How I (never) got a $30000 bounty ]

Another great post by adeadfed!

https://adeadfed.com/posts/testing-lfi-in-windows-how-i-never-got-a-30000-bounty/

if you want to using Function stomping technique you have to know this about windows:

for example Kernel32.dll, a common DLL, might have different addresses in two processes(ASLR), but functions like VirtualAlloc, exported from Kernel32.dll, will have the same address in both processes.

example:

Link

HyperDbg v0.8.2 is now released! 🔥

This update brings support for functions in the noscript engine.

Read more:
https://docs.hyperdbg.org/commands/noscripting-language/constants-and-functions

## [0.8.2.0] - 2024-03-19
New release of the HyperDbg Debugger.

### Added
- Add user-defined functions and variable types in noscript engine

### Changed
- Fix debuggee crash after running the '.debug close' command on the debugger
- The problem with adding edge MTRR pages is fixed
- All compiler/linker warnings of kernel-mode modules are fixed
- User/Kernel modules of HyperDbg now compiled with "treat warning as error"
- After downloading new symbols it is automatically loaded
- Fix error messages/comments spelling typos

Command Line Argument Spoofing

The PEB of a process holds the command line arguments of a process. This PEB resides in usermode which means that we can spoof our command line arguments as an unprivileged user.

https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/misdirection/command-line-argument-spoofing

Happy Nowruz everyone 🫰🏻

This year was a great year for me , I find valuable friends, and develop my personality a lot .
I wish for all of you great year and reaching your goals.

Best regards ,
ana🤍


What is Nowruz?

TLDR:
Nowruz means “new day” in Persian, also known as Persian New Year. More than 300 million people worldwide celebrate Nowruz including Afghanistan, Uzbekistan, India, Iran, Iraq, Kazakhstan, Pakistan, Tajikistan, and Turkey...

C2 Development Series 4/4
credit : @preemptdev

[ 01 ] Introduction

[ 02 ] The C2 Architecture

[ 03 ] Building the Team Server

[ 04 ] Writing a C2 Implant


#C2 , #red_team ,
———
@islemolecule_source

Reverse Engineering Dark Souls 3 Networking:

A DarkSouls fan wrote his own DS3OS server for the second and third parts. A series of articles about how he managed to reverse engineer the game’s network stack.

Link

New open source RAT on the scene Xeno Rat 🐭
GitHub

https://www.cyfirma.com/outofband/xeno-rat-a-new-remote-access-trojan-with-advance-capabilities/