Understanding the PE+ File Format
credit :allthingsida

[ 01 ] The Headers

[ 02 ] Imports

[ 03 ] Exports

[ 04 ] Entry Points and TLS Callbacks


———
@islemolecule_source

A review of zero-day in-the-wild exploits in 2023 [ TAG + Mandiant ]
In 2023, Google observed 97 zero-day vulnerabilities exploited in-the-wild. That’s over 50 percent more than in 2022, but still shy of 2021’s record of 106. Today, Google published its fifth annual review of zero-days exploited in-the-wild, marking the first time Google’s Threat Analysis Group (TAG) and Mandiant teamed up on the report.
https://blog.google/technology/safety-security/a-review-of-zero-day-in-the-wild-exploits-in-2023

Windows Defender Killer | C++ Code Disabling Permanently Windows Defender using Registry Keys

https://github.com/S12cybersecurity/WinDefenderKiller

windows rootkit dev series

https://idov31.github.io/2022/07/14/lord-of-the-ring0-p1.html

A basic concept of obfuscating command and control (C2) servers securely with Redirectors.

Go 101
an up-to-date knowledge base for Go programming self learning

https://go101.org/

-= Go (Fundamentals) 101 =-
-= Go Generics 101 =-
-= Go Optimizations 101 =-
-= Go Details & Tips 101 =-
-= Go Quizzes 101 =-
-= Go 101 Apps & Libs =-
-= Go 101 Blog =-

———
@islemolecule_source

From VT

AWE Prep
OffSec EXP-401 Advanced Windows Exploitation (AWE)
credit : talson

Windows Kernel Exploitation
Ghidra Setup & Tips
Browser Exploitation
Hypervisor Exploitation

https://talson.notion.site/AWE-Prep-c820706e05be43cf9fb434625914c171

Low-Level x86-64 Architecture, Linking & Loading, Memory Management, etc...
from SANS sec660.4 (Exploiting Linux for Penetration Testers)
credit: Stephen Sims

https://www.youtube.com/watch?v=I37AJebKh2Y

———
@islemolecule_source

Structure-Aware linux kernel Fuzzing with libFuzzer

I decided to experiment with KCOV and see how I can hook it into libfuzzer and boot the kernel without spending too much on building a root file system.

credit: Meysam

https://r00tkitsmm.github.io/fuzzing/2024/03/27/libffuzzerkernel.html

first set of YARA rules to detect the backdoored XZ packages
report:
https://www.openwall.com/lists/oss-security/2024/03/29/4
rules:
https://github.com/Neo23x0/signature-base/blob/master/yara/bkdr_xz_util_cve_2024_3094.yar

Massimiliano Tomassoli papers in exploitation

https://github.com/mtomassoli/papers/tree/master

📹 CppCon 2017: James McNellis “Everything You Ever Wanted to Know about DLLs”
👤 CppCon

Nim programming which malware developers like that

Nim's cross-compilation features empower attackers to write a single malware variant, which can then be cross-compiled to target different platforms



a good candidate for writing software in a wide variety of application domains, ranging from web applications to kernels

Windows Session Hijacking via CcmExec
https://cloud.google.com/blog/topics/threat-intelligence/windows-session-hijacking-via-ccmexec