Source Byte

Event Tracing for Windows (ETW): Your Friendly Neighborhood IPC Mechanism https://www.preludesecurity.com/blog/event-tracing-for-windows-etw-your-friendly-neighborhood-ipc-mechanism credit : @jsecurity101

Event Tracing for Windows (ETW): Your Friendly Neighborhood IPC Mechanism

Organized list of my malware development resources https://github.com/rootkit-io/awesome-malware-development #malware_dev

Dissecting SnakeKeyLogger Macros https://farghlymal.github.io/Dissecting-SnakeKeyLogger-Macros/

Lost in Transaction: Process Doppelgänging Tal Liberman Eugene Kogan https://docs.google.com/viewerng/viewer?url=https://www.blackhat.com/docs/eu-17/materials/eu-17-Liberman-Lost-In-Transaction-Process-Doppelganging.pdf

Password :GREENARMOR MalDev Academy Malware Development 2024

This write-up covers the basics of working with Native Applications and some interesting things you can do with them. https://www.protexity.com/post/going-native-malicious-native-applications #tweet Credit: Steve S.

Unveiling custom packers: A comprehensive guide https://estr3llas.github.io/unveiling-custom-packers-a-comprehensive-guide/

If you've ever wanted to live debug user mode Linux processes (e.g.: in WSL) from WinDbg, with 1.2402.24001.0, you can! Start up a gdbserver in WSL (e.g.: gdbserver localhost:1234 ./vim) and connect to it via WinDbg's "Connect to remote debugger" Documentation for live Linux debugging with WinDbg can be found at: https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/linux-live-remote-process-debugging And https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/linux-dwarf-symbols #tweet Credit : William R. Messmer

If you've ever wanted to live debug user mode Linux processes (e.g.: in WSL) from WinDbg, with 1.2402.24001.0, you can! Start up a gdbserver in WSL (e.g.: gdbserver localhost:1234 ./vim) and connect to it via WinDbg's "Connect to remote debugger" Documentation for live Linux debugging with WinDbg can be found at: https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/linux-live-remote-process-debugging And https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/linux-dwarf-symbols #tweet Credit : William R. Messmer

Kimsucky Apt Analysis https://somedieyoungzz.github.io/posts/kimsucky-apt-analysis/

Search Evasion Techniques Names, Techniques, Definitions, Keywords [ 01 ] https://unprotect.it/ [ 02 ]https://search.maldevacademy.com/

Get updated

some Resources for windows kernel programming: Windows exploit development and windows kernel resources 00 - Windows Rootkits 01 - Windows kernel mitigations 02 - Windows kernel shellcode 03 - Windows kernel exploitation 04 -Windows kernel GDI exploitation 05 - Windows kernel Win32k.sys research 06 - Windows Kernel logic bugs 07 - Windows kernel driver development 08 - Windows internals 09 - Advanced Windows debugging 10 - 0days - APT advanced malware research 11 - Video game cheating (kernel mode stuff sometimes) 12 - Hyper-V and VM / sandbox escape 13 - Fuzzing 14 - Windows browser exploitation 15 - books, certifications and courses and more :) - Windows system programming Security - Windows kernel programming fundamentals - Windows exploitation - Live 🔻 Modern Windows kernel exploitation Article important for windows kernel programming and exploitation. Windows Exploitation Links https://github.com/r3p3r/nixawk-awesome-windows-exploitation https://github.com/connormcgarr/Exploit-Development https://github.com/connormcgarr/Kernel-Exploits https://github.com/ElliotAlderson51/Exploit-Writeups https://github.com/rhamaa/Binary-exploit-writeups#windows_stack_overflows https://github.com/wtsxDev/Exploit-Development https://www.corelan.be https://malwareunicorn.org/#/workshops https://p.ost2.fyi http://www.securitytube.net https://ctf101.org/binary-exploitation/overview Windows Stack Protection I: Assembly Code http://www.bowneconsultingcontent.com//pub/EH/proj/cloud/ED301c_tkp/ED301c_tkp.htm Windows Stack Protection II: Exploit Without ASLR http://www.bowneconsultingcontent.com//pub/EH/proj/cloud/ED302c_tkp/ED302c_tkp.htm Windows Stack Protection III: Limitations of ASLR http://www.bowneconsultingcontent.com//pub/EH/proj/cloud/ED303c_tkp/ED303c_tkp.htm Exploit Development Ch 6: The Wild World of Windows https://samsclass.info/127/lec/EDch6.pdf SEH-Based Stack Overflow Exploit https://samsclass.info/127/proj/ED319.htm Exploiting Easy RM to MP3 Converter on Windows with ASLR https://samsclass.info/127/proj/ED318.htm Bypassing Browser Memory Protections https://www.blackhat.com/presentations/bh-usa-08/Sotirov_Dowd/bh08-sotirov-dowd.pdf The Basics of Exploit Development 1: Win32 Buffer Overflows https://www.coalfire.com/the-coalfire-blog/the-basics-of-exploit-development The Basics of Exploit Development 2: SEH Overflows https://www.coalfire.com/the-coalfire-blog/the-basics-of-exploit-development-2-seh-overflows The Basics of Exploit Development 3: Egg Hunters https://www.coalfire.com/the-coalfire-blog/the-basics-of-exploit-development-3-egg-hunters The Basics of Exploit Development 4: Unicode Overflows https://www.coalfire.com/the-coalfire-blog/the-basics-of-exploit-development-4-unicode-overfl The Basics of Exploit Development 5: x86-64 Buffer Overflows https://www.coalfire.com/the-coalfire-blog/the-basics-of-exploit-development-5-x86-64-buffer Resources for Exploit development:- - roadmap for exploit development - roadmap for exploit development 2 Resources.... https://github.com/0xZ0F/Z0FCourse_ReverseEngineering https://crackmes.one https://www.youtube.com/@pwncollege/videos https://repo.zenk-security.com/Magazine%20E-book/Hacking-%20The%20Art%20of%20Exploitation%20(2nd%20ed.%202008)%20-%20Erickson.pdf http://www.phrack.org/issues/49/14.html#article https://github.com/justinsteven/dostackbufferoverflowgood https://github.com/FabioBaroni/awesome-exploit-development https://github.com/CyberSecurityUP/Awesome-Exploit-Development https://github.com/RPISEC/MBE https://github.com/hoppersroppers/nightmare https://github.com/shellphish/how2heap https://www.youtube.com/watch?v=tMN5N5oid2c https://dayzerosec.com/blog/2021/02/02/getting-started.html https://github.com/Tzaoh/pwning

😭😭😭😭😭😭

implementation examples of basic rootkit functionality and the basics of kernel driver development https://www.cyberark.com/resources/threat-research-blog/fantastic-rootkits-and-where-to-find-them-part-1