Source Byte

https://web.archive.org/web/20240719160444/http://undocumented.ntinternals.net/ Xray(actually nudes) of windows internals

#exploit Techniques for Privilege Escalation on Windows Part 1: https://www.zerodayinitiative.com/blog/2024/7/29/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-1 Part 2: https://www.zerodayinitiative.com/blog/2024/7/30/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-2 Part 3: https://www.zerodayinitiative.com/blog/2024/7/31/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-3

Deep Sea Phishing [ 00 ] How to Bypass EDR With Custom Payloads

If endpoint detection and response (EDR) protections keep blocking your phishing payloads, you really should learn how to write custom payloads. If you’ve never written a custom payload, this is a great place to start. If you have some experience with custom payloads, I hope I can at least simplify the way you think about payload design to make it easy and fun.

[ 01 ] Making Your Malware Look Legit to Bypasses EDR

I wanted to write this blog about several good techniques for endpoint detection and response (EDR) evasion; however, as I was writing about how to evade EDRs, I was hit with an epiphany:“EDR evasion is all about looking like legitimate software” — ph3eds, 2024

https://github.com/wikiZ/RedGuard RedGuard is a C2 front flow control tool,Can avoid Blue Teams,AVs,EDRs check.

Injecting Malicious Code into PDF Files and Creating a PDF Dropper PDF files are often considered static documents by most people. However, the PDF standard allows for the execution of JavaScript code within the document. This feature offers various attack vectors that can be used for Red Team tests and cybersecurity research. In this article, we will examine how to inject JavaScript into a PDF file to download a file from a specific URL and establish a Command and Control (C2) connection using this method. https://cti.monster/blog/2024/07/25/pdfdropper.html

با سلام و خسته نباشید خدمت همه عزیزان عذرخواهی ویژه بابت تاخیر طولانی، بخش دوم دوره SCE 450 با همون فرمون قبلی خدمت شما عزیزان 😁🌹🙏🏻

با سلام و خسته نباشید خدمت همه عزیزان عذرخواهی ویژه بابت تاخیر طولانی، بخش دوم دوره SCE 450 با همون فرمون قبلی خدمت شما عزیزان 😁🌹🙏🏻

Syscalls via Vectored Exception Handling https://redops.at/en/blog/syscalls-via-vectored-exception-handling GitHub

https://github.com/vxCrypt0r/AMSI_VEH

A PowerShell AMSI Bypass technique via Vectored Exception Handler (VEH). This technique does not perform assembly instruction patching, function hooking or Import Address Table (IAT) modification.

APC Series: User APC Internals Credit: @0xrepnz

https://repnz.github.io/posts/apc/kernel-user-apc-api

#windows #internals #apc #note

Поскольку контента нет, напомню, что есть бложик с каким-то количество всяких статей ブログ.きく.コム В том числе подборка кучи всяких полезностей, связанных с ревёрсом ブログ.きく.コム/2021/10/02/Reverse-Engineering-Roadmap/ 😎❤️

Understanding ETW Patching Credit: jsecurity101 https://jsecurity101.medium.com/understanding-etw-patching-9f5af87f9d7b #internals #windows #ETW