Windows Pwnable Study from
SeungHyun Lee (a.k.a. "Xion")

https://github.com/leesh3288/WinPwn


https://github.com/FULLSHADE/WindowsExploitationResources

How to Learn Binary Exploitation Roadmap
Courses: pwn.college and Nightmare: Roppers Remix


https://www.hoppersroppers.org/roadmap/training/pwning.html

Reverse engineering blogs and others

https://xn--qckyd1c.xn--w8je.xn--tckwe/2021/10/02/Reverse-Engineering-Roadmap/

Windows exploitation by Fu11Shade

https://web.archive.org/web/20200506122824/https://fullpwnops.com/windows-exploitation-pathway.html

Understanding_the_LFH.pdf

Low fragmentation heap

Blackhat USA 2010
Chris Valasek
X-Force Researcher
cvalasek@gmail.com
@nudehaberdasher

TD-LTE Irancell modem TK-2510 can be hacked/unlocked!? | Hardware Hack Part 2

Credit : saeed haghi-pour
Language: Persian



https://sisoog.com/2024/03/24/the-second-part-of-hardware-hacking/

The Interactive IDA Plugin List

https://vmallet.github.io/ida-plugins/

Exploiting the libwebp Vulnerability, Part 2: Diving into Chrome Blink

https://www.darknavy.org/blog/exploiting_the_libwebp_vulnerability_part_2/

Table of contents 


Chapter 1: The Internal Language of Computers
Chapter 2: Combinatorial Logic
Chapter 3: Sequential Logic
Chapter 4: Computer Anatomy
Chapter 5: Computer Architecture
Chapter 6: Communications Breakdown
Chapter 7: Organizing Data
Chapter 8: Language Processing
Chapter 9: The Web Browser
Chapter 10: Application and System Programming
Chapter 11: Shortcuts and Approximations
Chapter 12: Deadlocks and Race Conditions
Chapter 13: Security
Chapter 14: Machine Intelligence
Chapter 15: Real-World Considerations

A Syscall Journey in the Windows Kernel




https://alice.climent-pommeret.red/posts/a-syscall-journey-in-the-windows-kernel/

R 3.4.4 (Windows 10 x64) - Buffer Overflow SEH (DEP/ASLR Bypass)
https://www.ired.team/offensive-security/code-injection-process-injection/binary-exploitation/seh-based-buffer-overflow

https://www.exploit-db.com/exploits/47122

In less than a couple of days, the first fixes for 0-day, discovered as part of the Pwn2Own Vancouver 2024 hacker competition, rolled out.


The first deals with out-of-bounds (OOB) writing (CVE-2024-29943) for remote code execution, and the second implements Mozilla Firefox sandbox escape via an untrusted function (CVE-2024-29944).

Mozilla says the first vulnerability could allow attackers to access a JavaScript object out of bounds by exploiting range-based bounds checking elimination on affected systems.

An attacker was able to perform an out-of-range read or write to a JavaScript object by tricking the elimination of range-based bounds checking.

The second flaw is described as privileged execution of JavaScript via event handlers, which could allow an attacker to execute arbitrary code in the parent process of the Firefox Desktop web browser.

Mozilla has fixed security flaws in Firefox 124.0.1 and Firefox ESR 115.9.1, blocking potential remote code execution attacks that target unpatched browsers.

The speed is certainly encouraging, especially considering that after the Pwn2Own competition, vendors are usually in no hurry to release fixes, counting on a 90-day delay until Trend Micro's Zero Day Initiative reveals them publicly.

In addition to Mozilla Firefox, the researcher also successfully uncovered Apple Safari, Google Chrome and Microsoft Edge, whose suppliers are now also analyzing the essence of the problems and preparing their patches.



https://www.mozilla.org/en-US/security/advisories/mfsa2024-15/#CVE-2024-29943

Understanding the PE+ File Format
credit :allthingsida

[ 01 ] The Headers

[ 02 ] Imports

[ 03 ] Exports

[ 04 ] Entry Points and TLS Callbacks


———
@islemolecule_source

A review of zero-day in-the-wild exploits in 2023 [ TAG + Mandiant ]
In 2023, Google observed 97 zero-day vulnerabilities exploited in-the-wild. That’s over 50 percent more than in 2022, but still shy of 2021’s record of 106. Today, Google published its fifth annual review of zero-days exploited in-the-wild, marking the first time Google’s Threat Analysis Group (TAG) and Mandiant teamed up on the report.
https://blog.google/technology/safety-security/a-review-of-zero-day-in-the-wild-exploits-in-2023

Windows Defender Killer | C++ Code Disabling Permanently Windows Defender using Registry Keys

https://github.com/S12cybersecurity/WinDefenderKiller