NIST Cybersecurity Framework


https://www.youtube.com/playlist?list=PLxC28bkWNxkM1AVwmhF0Xfbs8F-NMox0I

A very good introductory series of articles examining the process of driver development for Windows (NT):
Part 1, part 2,....

(The material is old, but gold)

#windows #drivers

One of the "essential" windows auditing tools, add my other favorites like rpcview, process hacker, sysinternals, ghidra, wireshark xpe viewer, windbg, imhex and visual studio. Get James Forshaw's NtObjectManager thing too, seems useful for parsing MIDL like rpcviewer.



PipeViewer - A Tool That Shows Detailed Information About Named Pipes In Windows
https://github.com/cyberark/PipeViewer

credit : Eviatar Gerzi

#tweet , source

[ Testing LFI in Windows: How I (never) got a $30000 bounty ]

Another great post by adeadfed!

https://adeadfed.com/posts/testing-lfi-in-windows-how-i-never-got-a-30000-bounty/

if you want to using Function stomping technique you have to know this about windows:

for example Kernel32.dll, a common DLL, might have different addresses in two processes(ASLR), but functions like VirtualAlloc, exported from Kernel32.dll, will have the same address in both processes.

example:

Link

HyperDbg v0.8.2 is now released! 🔥

This update brings support for functions in the noscript engine.

Read more:
https://docs.hyperdbg.org/commands/noscripting-language/constants-and-functions

## [0.8.2.0] - 2024-03-19
New release of the HyperDbg Debugger.

### Added
- Add user-defined functions and variable types in noscript engine

### Changed
- Fix debuggee crash after running the '.debug close' command on the debugger
- The problem with adding edge MTRR pages is fixed
- All compiler/linker warnings of kernel-mode modules are fixed
- User/Kernel modules of HyperDbg now compiled with "treat warning as error"
- After downloading new symbols it is automatically loaded
- Fix error messages/comments spelling typos

Command Line Argument Spoofing

The PEB of a process holds the command line arguments of a process. This PEB resides in usermode which means that we can spoof our command line arguments as an unprivileged user.

https://kwcsec.gitbook.io/the-red-team-handbook/techniques/defense-evasion/misdirection/command-line-argument-spoofing

Happy Nowruz everyone 🫰🏻

This year was a great year for me , I find valuable friends, and develop my personality a lot .
I wish for all of you great year and reaching your goals.

Best regards ,
ana🤍


What is Nowruz?

TLDR:
Nowruz means “new day” in Persian, also known as Persian New Year. More than 300 million people worldwide celebrate Nowruz including Afghanistan, Uzbekistan, India, Iran, Iraq, Kazakhstan, Pakistan, Tajikistan, and Turkey...

C2 Development Series 4/4
credit : @preemptdev

[ 01 ] Introduction

[ 02 ] The C2 Architecture

[ 03 ] Building the Team Server

[ 04 ] Writing a C2 Implant


#C2 , #red_team ,
———
@islemolecule_source

Reverse Engineering Dark Souls 3 Networking:

A DarkSouls fan wrote his own DS3OS server for the second and third parts. A series of articles about how he managed to reverse engineer the game’s network stack.

Link

New open source RAT on the scene Xeno Rat 🐭
GitHub

https://www.cyfirma.com/outofband/xeno-rat-a-new-remote-access-trojan-with-advance-capabilities/

Bypassing Defender on modern Windows 10 systems

https://www.purpl3f0xsecur1ty.tech/2021/03/30/av_evasion.html

Automated Multi UAC BYPASS for win10|win11|ws2019|ws2022

(PS1)
https://github.com/x0xr00t/Automated-MUlti-UAC-Bypass

📹 Manually parsing PE files with PE-bear
👤 MeetSEKTOR7

YouTube

God Penetration Testing Reference Bank

Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet. This is a collection of resources, noscripts and easy to follow how-to's. I have been gathering (and continuing to gather) in preparation for the OSCP as well as for general pentesting. Feel free to use however you want!

GitHub

#pentest

ETW series

[ 1 ] ETW visualization

[ 2 ] Uncovering Windows Events

[ 3 ] ETW internals for security research and forensics

[ 4 ] Exploiting a “CVE-2020-1034” Vulnerability – In 35 Easy Steps or Less!

[ 5 ] Design issues of modern EDRs: bypassing ETW-based solutions

[ 6 ] A Primer On Event Tracing For Windows (ETW)

[ 7 ] Windows 10 ETW Events references collection

[ 8 ] evading EDR book [ 1 ] , [ 2 ]

[ 9 ] Detecting In-Memory Threats with Kernel ETW Call Stacks

[ 10 ] Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers

[ 11 ] A Begginers All Inclusive Guide to ETW

[ 12 ] ETW References

[ 13 ] Give Me an E, Give Me a T, Give Me a W. What Do You Get? RPC! (pars events from the RPC ETW)

[ 14 ] Attacks on ETW Blind EDR Sensors ( black hat con )

[ 15 ] This write-up will present a case study of using ETW (Event Tracing for Windows) to analyze an active Cobalt Strike Beacon that was still active and communicating to it's C2 Server.

[ 16 ] Event Tracing for Windows (ETW): Your Friendly Neighborhood IPC Mechanism

[ 17 ] coming soon...
———
@islemolecule_source

Part 16 added

Study materials for the Certified Red Team Expert (CRTE) exam, covering essential concepts in red teaming and penetration testing.

🔎GitHub
———
@islemolecule_source

Course materials for Malware Analysis by RPISEC

https://github.com/RPISEC/Malware/tree/master/Lectures