https://repnz.github.io/posts/apc/kernel-user-apc-api

This technique does not perform assembly instruction patching, function hooking or Import Address Table (IAT) modification.

PDF files are often considered static documents by most people. However, the PDF standard allows for the execution of JavaScript code within the document. This feature offers various attack vectors that can be used for Red Team tests and cybersecurity research. In this article, we will examine how to inject JavaScript into a PDF file to download a file from a specific URL and establish a Command and Control (C2) connection using this method.

By: Jonny Johnson

If endpoint detection and response (EDR) protections keep blocking your phishing payloads, you really should learn how to write custom payloads. If you’ve never written a custom payload, this is a great place to start. If you have some experience with custom payloads, I hope I can at least simplify the way you think about payload design to make it easy and fun.

I wanted to write this blog about several good techniques for endpoint detection and response (EDR) evasion; however, as I was writing about how to evade EDRs, I was hit with an epiphany:“EDR evasion is all about looking like legitimate software” — ph3eds, 2024

This directory covers how to use SeTcbPrivilege for educational purpose. SeTcbPrivilege is a multi puropse privilege. A user has SeTcbPrivilege is able to perform various token manipulation. For example, following token factors class can be manipulated with SeTcbPrivilege (but most of them cannot be manipulated for assigned primary token):

Session ID
Origin
Mandatory Policy
Integrity Level (downgrade operation does not require SeTcbPrivilege)

Privileges are listed and explained at: MSDN

use the Windows Privileges to elevate your rights within the OS.
Priv2Admin

Understanding and Abusing Process Tokens — Part I
Understanding and Abusing Process Tokens — Part II‌

Access Tokens‌

Abusing Tokens

Adjusting Process Token Privileges