Understanding the PE file format is key to reverse engineering windows executables. If you need help, Dr Josh Stroschein have a playlist with over 4 hours of content covering many of the most important aspects on youtube 👇

▶️ https://youtube.com/playlist?list=PLHJns8WZXCdstHnLaxcz-CO74fO4Q88_8&feature=shared

https://mega.nz/folder/QzkSTKrS#qAks5qwmfL-Si97gxsWHhg

about 300 HTB Machines writeups any difficulty / premium

best AI ever

Company executives when they're asked if they've been compromised

Interesting short reading on attacking EDRs by Riccardo Ancarani dottor_morte and Devid Lana

Part 1: riccardoancarani.github.io/2…
Part 2: riccardoancarani.github.io/2…

K-means Clustering for Lateral Movement Detection huntandhackett.com/blog/kmea…

Batsignal - a macOS LPE in Spotlight
gergelykalman.com/no-CVE-bat…
> github.com/gergelykalman/no-…

Windows privilege escalation through Use-After-Free (UAF) in win32kfull (CVE-2023-21822)
Interesting writeup by Marcin Wiązowski thezdi
zerodayinitiative.com/blog/2…

Dinosn: A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers.
github.com/efchatz/pandora

How does Linux start a process

https://iq.thc.org/how-does-linux-start-a-process

Attacking an EDR - Part 1

This post is the first of what - we hope - will be a long series of articles detailing some common flaws that can be found on modern EDR products. By no means this will be a complete reference, but will hopefully provide some practical tools to analyze these gargantuesque products and attempt to understand their functionalities from a black box perspective.

Nice introduction to fileless ELF execution using memfd_create()
Credits MagisterQuis

magisterquis.github.io/2018/…

Adversarial Attacks on LLMs

lilianweng.github.io/posts/2…

#LLM

Rust internals and how Rust code maps to assembly
Collection of blog posts by eventhelix

eventhelix.com/rust/

Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines.

github.com/last-byte/Persist…

Cobalt Strike dropper reverse engineering using Binary Ninja
credits Xusheng Li (@vector35)

binary.ninja/2022/07/22/reve…

Windows kernel drivers for red team tools development

https://idov31.github.io/2022/07/14/lord-of-the-ring0-p1.html
https://idov31.github.io/2022/08/04/lord-of-the-ring0-p2.html
https://idov31.github.io/2022/10/30/lord-of-the-ring0-p3.html
https://idov31.github.io/2023/02/24/lord-of-the-ring0-p4.html

Ida tutorial from scratch

https://backlect.gitbook.io/intro-rev-ida-pro/chast-01

🔰Ghidra Software Reverse Engineering Framework


Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux. Capabilities include disassembly, assembly, decompilation, graphing, and noscripting, along with hundreds of other features. Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes.

Download Link:
https://github.com/NationalSecurityAgency/ghidra/releases