Source Byte

One of the "essential" windows auditing tools, add my other favorites like rpcview, process hacker, sysinternals, ghidra, wireshark xpe viewer, windbg, imhex and visual studio. Get James Forshaw's NtObjectManager thing too, seems useful for parsing MIDL like rpcviewer. PipeViewer - A Tool That Shows Detailed Information About Named Pipes In Windows https://github.com/cyberark/PipeViewer credit : Eviatar Gerzi #tweet , source

A very good introductory series of articles examining the process of driver development for Windows (NT): Part 1, part 2,.... (The material is old, but gold) #windows #drivers

مردان واقعی از دیس اسمبلر قاسمی استفاده میکنند

NIST Cybersecurity Framework https://www.youtube.com/playlist?list=PLxC28bkWNxkM1AVwmhF0Xfbs8F-NMox0I

Scorpio-Windows.Internals.(2020)

https://github.com/BlackHat-Ashura/Reflective_DLL_Injection Program to Inject a DLL into a process from memory

List of callbacks and codes that we can use them to execute shellcode (Alternative Shellcode Execution Via Callbacks) https://github.com/aahmad097/AlternativeShellcodeExec #malware_dev

Blinding EDR On Windows https://synzack.github.io/Blinding-EDR-On-Windows/ #edr

Malware Dev Reading List https://gist.github.com/0prrr/c0954a638c55ab4b39e8b02ef312e806 #malware_dev

Zero EAT touch way to retrieve function addresses https://github.com/MzHmO/SymProcAddress

ICS410 ICS/SCADA Security Essentials 2024 https://learnflakes.net/?p=rss&action=download&tid=55146&pk=666d37941e65bc27c1a86ebf627979332c5ef3ec

💋 GamingServiceEoP by [ Filip Dragović @filip_dragovic ] Exploit for arbitrary folder move in GamingService component of Xbox. GamingService is not default service. If service is installed on system it allows low privilege users to escalate to system.

Palo Alto GlobalProtect EoP (CVE-2024-2432) https://github.com/Hagrid29/CVE-2024-2432-PaloAlto-GlobalProtect-EoP