Web Sites / Blogs

#

Windows

#

• Alex Ionescu
• CodeMachine
• Pavel Yosifovich
• Microsoft Security Response Center Blogs
• Geoff Chappel
• The Old New Thing
• OSR Online
• WinWorld PC
• Microsoft Learn
• Steve Syfuhs
• Steves Tech Spot
• Uninformed
• Attl4s

InfoSec

#

• MalwareTech
• Stygian Security
• Infosec Reference
• Security Sift
• Bad Sector Labs
• I Hack 4 Falafel
• Cyber Khalid
• Trail of Bits
• FuzzySecurity
• Corelan
• Phrack
• DEFCON Media Server
• Exploit DB Papers
• Black Hills Infosec
• iRed.Team
• ZeroDay Engineering
• Google Project Zero
• Forrest Orr
• VX-Underground Windows Papers
• wumb0
• Andrea Fortuna
• 0xinfection
• XPN (Adam Chester)
• SpecterOps
• Dirk-jan Mollema
• 0xcsandker
• Shogun Lab
• 0x00 Sec
• PreEmpt.Dev
• Klez Virus
• HackTricks
• 0xRick’s Blog
• Back Engineering Blog

Reverse Engineering

#

• likeagod Reverse Engineering
• Awesome Reversing

Programming

#

• Beej.us
• Tenouk C/C++ Notes

Vulnerability Research / Exploit Dev / Red Teaming

#

General Exploitation

#

• Smashing the Stack for Fun and Profit
• Basic Integer Overflows
• The Art of Hunting ROP Gadgets
• Awesome Hacking
• Analysis of CVE-2012-4792 (IE Use-After-Free)
• Anatomy of an Exploit - RCE with SIGRed
• Reproducing the ProxyLogon Exploit Chain

Windows

#

• Abusing Token Privileges for EOP
• Windows Binary Index (Old Binaries)
• Exploiting the Windows CryptoAPI
• Awesome Windows Exploitation
• Shellcode from Visual Studio
• NixAwk Awesome Windows Exploitation
• Exploiting with SEH

Heap

#

• Windows 8 Heap Internals
• Abusing the Windows Segment Heap
• Exploit Development Tools
• Deterministic LFH
• Windows Heap-Backed Pool (BlackHat USA 2021)
• Windows 10 Segment Heap Internals (Yason Slides)
• Windows 10 Segment Heap Internals (Yason Whitepaper)
• Windows Heap Exploitation (McDonald BH2009)
• Heap Overflow Exploitation on Windows 10
• Memory Corruption Part II - Heaps
• Corelan Windows 10 x86/WoW64 Userland Heap
• LazyFragmentationHeap WCTF 2019 Writeup
• Advanced Windows Debugging: Heaps (InformIT)
• Inside CRT: Debug Heap Management

Patch Diffing

#

• Patch Extraction and Diffing
• Orange Defense Patch Diffing P1
• Orange Defense Patch Diffing P2
• Orange Defense Patch Diffing P3
• Hyper-V Automation for Patch Diffing
• Google Project Zero Patch Diffing
• Patch Diffing with Ghidra
• How to Deal with MS Monthly Updates
• BinDiff
• Diffing Portal (Quarkslab)
• MSRC-PatchReview (PowerShell)

Kernel

#

• Vulnerable Driver Mega Thread
• Windows 7 Kernel Pool Exploitation
• Abusing GDI Objects for Ring0 Primitives
• Exploting MS16-098 Abusing GDI Objects
• Taking Windows 10 Exploitation to the Next Level (VIDEO)
• Demystifying Kernel Exploiation by Abusing GDI Objects
• Starting with Windows Kernel Exploitation (hasherezade)
• Vulnerable Kernel Drivers for Exploitation
• Driver Signature Enforcement (j00ru)
• Signed Kernel Drivers - Unguarded Gateway (WeLiveSecurity)
• Windows 10 KVAS and Software SMEP

PatchGuard

#

• PatchGuard: A Provably Robust Defense
• PatchGuard++: Efficient Provable Attack Detection
• Bypassing x64 PatchGuard

Fuzzing

#

• WinAFL
• What The Fuzz
• BooFuzz

Tutorials / Practice

#

• Zaratec.io
• Windows PwnAble Notes
• Getting Started with Exploitation
• FuzzySecurity Tutorials
• Corelan Tutorials
• FullShade Windows Exploitation Tutorials
• PWK Buffer Overflow Practice
• Shogun Lab Windows Exploit Development
• Windows Exploit Development Class (Just Curriculum)
• VulnServer
• VulnHub
• HackTheBox
• OverTheWire
• UnderTheWire
• BadBlood
• Binary Exploitation Roadmap
• Nightmare
• Root Me
• CTFd Challenge Levels

VR / ED Tools

#

• Windows Exploit Development Plugin
• Gadgetrie
• Lisa.py
• Mona.py
• Mona.py Manual
• VX-Underground API
• PSAmsi
• MalAPI.io
• SheLLVM
• VulnFanatic (Binary Ninja Plugin)
• !exploitable Crash Analyzer

Red Team Tools

#

Scanning / Enumeration

#

• nmap

Windows

#

• Impacket
• Defender Check
• Crimson Wisp
• WinAPI Exec (WinAPI through CLI)
• lsassy
• ConPtyShell
• SpoolFool
• Evil-WinRM
• BloodHound
• Mimikatz
• SharpSploit
• Seatbelt
• Understanding a Payloads Life
• Getting Started w/ Windows Malware Dev

Tunneling

#

• Chisel
• ProxyChains
• WireProxy
• SpectreOPS gTunnel

C2

#

• Sliver
• Mythic
• Covenant

Other

#

• SharpGen
• Snaffler
• Git Dumper
• Red Teaming Toolkit
• Exegol Hacking Setup

Evasion / AV Bypass

#

• Spoofing PE Section Headers
• Lets Create An EDR… And Bypass It! Part 1
• Alternative Shellcode Execution Via Callbacks
• Process Injection via Program Entry Points
• Encrypting Strings at Compile Time
• A Universal EDR Bypass Built in Windows 10

PoCs

#

• CVE-2022-21907 Windows HTTP.SYS DoS PoC
• CVE-2022-26809 MSRPC RCE (Need-Translation)

Git Accounts

#

• GhostPack
• Cobbr
• 0x43434343
• VX-Underground
• wumb0
• wumb0 Gists

Tactics, Techniques, Examples, Write-Ups

#

• Lazarus Shellcode Execution
• Combining HiveNightmare and SeriousSAM
• Avoiding Memory Scanners
• C++ Time Trigger Scheduled Task
• MSRC Hunting for Emerging C2 Frameworks
• Advanced Process Injection
• RE PsExec
• CertiFried ADCS
• Hidden Scheduled Task
• Azure ADConnectDump
• AzureADConnect for Red Teamers
• AzureAD MSOL Dump PowerShell
• Attacking Active Directory Domain Trusts
• Phishing Made Easyish
• Offensive Windows IPC Internals
• Windows DFIR Tools and Artifacts
• Modern Red Team Architecture
• Empire as a Docker Container
• The Dog Whisperers Handbook: BloodHound
• Ever Wondered How AV Knows
• Builtin Offensive Windows RPC
• Stealing Access Tokens From Office Applications
• A PIC Security Research Adventure
• Injecting .NET Assemblies Into Unmanaged Processes
• Donut - Injecting .NET Assemblies as Shellcode
• Hosting CLR and Managed Code Injection
• Active Directory Tricks (InternalAllTheThings)

COM Hijacking

#

• Userland Persistence w/ Scheduled Tasks and COM Handler Hijacking
• COM Object Hijacking (3gstudent)
• acCOMplice - COM Hijack Discovery and Abuse
• Abusing the COM Registry Structure Part 2
• Persistence - COM Hijacking

Cheat Sheets

#

• OWASP Cheat Sheet Series
• Kernel Debugging Cheat Sheet

Windows Development / Internals

#

• Windows Error Codes
• Microsoft SDK Archive
• WinWorld PC Old SDKs
• Windows Implementation Library
• Windows Classic Samples
• Getting Started with Win32
• Windows API List
• Using SAL
• .NET SDKs
• Reproducable Builds
• Sanity for C/C++ Dev on Windows
• RPC Programming for Windows Developer
• Configuring IntelliSense with CMake
• Making NtCreateUserProcess Work
• Windows ConPTY Blog Series
• Memory Leak Detection in Windows Service (Deleaker)
• Using MSVC in a Docker Container
• VS Community Workload and Component IDs
• Windows XP Activation Algorithm Cracked
• Windows OS Internals (FSU Lecture Notes)

Networking

#

• Getting Started with WinSock
• WinSock Tutorial
• WinSock / .NET Network Programming
• Using SSPI w/ Windows Sockets Server
• SSPT TLS Client Example
• WinSock SSPI/IoCompletion Examples

WinCrypt / Crypto Next Generation (CNG)

#

• CAPI Import Public from Private PEM
• CAPI PEM Import Example
• Schannel Mutual Auth
• MSDN Schannel Peforming Auth
• Blackhat 2016 CNG Slides
• Microsoft SDL Cryptographic Recommendations

WinDbg

#

• SOSEX .NET WinDbg Extenstion
• Bug Check Code Reference
• Talos JS in WinDbg for Malware Analysis
• WinDbg Anti-RootKit
• Debugger Extension APIs
• DbgEng Header Index
• OSR Basics of Debugger Extensions
• TWinDbg

Internals

#

• Tokens for Security Practitioners
• German OIS ETW Paper
• CRT Initialization
• WoW64 Deep Dive (Broken?)
• Deep Dive into OS Internals with WinDbg
• Defender Exploit Protections
• Windows 10 x86 Emulation on ARM
• Devirtualizing C++ with Binary Ninja

Microsoft Protocol Documentation

#

Kerveberos (MS-KILE)

Kernel

#

• Windows EWDK
• Windows Custom Kernel Signers
• Geoff Chappell Driver Signing
• Verfilius Windows Kernel Structures
• Quibble: Windows Bootloader
• OSR Driver Loader
• Previous WDK Versions
• Creating a Primitive Driver

Packing / Loading / etc.

#

• Blackbone Memory Hacking
• MemoryModule Loader
• PE-to-Shellcode
• In Memory Load EXE (2004)
• Designing and Implementing PEzor Packer

Administration

#

• Microsoft Update Catalog
• Windows Secure Boot Keys
• GPO Search
• Remoter Server Administration Tools (RSAT)
• PowerShell Unpin Taskbar Shortcuts
• Activating Windows
• WMIC CLI Cheatsheet
• Key Management Services
• Installing Exchange 2019
• Exchange 2019 Pre-Reqs
• Group Policy Best Practices
• Install Windows 11 on Unsupported CPU
• Remotely Manage Hyper-V on Non-Domain
• Hyper-V NAT VMSwitch
• Windows Defender Hardening
• SS64
• Disable DEP
• Disable ASLR
• Building a AD Domain Lab
• Deleting Certs w/ PowerShell
• Exchange Server Docs
• Reset Domain Admin

AV

#

• How AV Hooks NTDLL

.NET

#

Internals

#

• .NET Internals and Native Compiling
• Writing a Managed JIT in C#

ASP.NET

#

• ASP.NET API w/ SQLITE Example
• ASP.NET Core
• Creating an ASP.NET Admin Panel
• Microsoft .NET Web API Tutorial
• ASP.NET Core Authorization
• ASP.NET Core RBAC

HomeLab

#

Services

#

Random

#

• CloudFlare Tutorials
• Unbound and NSD DNS Setup
• Trasa Zero Trust
• PFSense VPN ProtonVPN
• PFSense VPN
• Setting up Security Onion at Home
• Installing Guacamole w/ Docker
• Password Protection for Cloudflare Pages
• Proxmox VE Helper Scripts
• Windows/Office ISO Download Tool (Mido)

Virtualization

#

• Converting Hyper-V VHDX for KVM/Proxmox

VMWare

#

• VCSA DomainJoin CLI
• VCSA Join/Leae AD Domain

GitLab

#

• GitLab LDAP Auth
• GitLab Redundant LDAP

Monitoring

#

Elastic

#

• Install and Configure Elasting on Ubuntu 22.04

General Development

#

C

#

• An OOP in C
• Beej’s Guides
• Beginners Guide Away from scanf
• Simple Makefile Tutorial
• The Absolute Minimum About Unicode (Joel on Software)

Python

#

• Flask Mega Tutorial
• Offline Python Packaging
• Modular CLI in Python

Networking / Protocols

#

• Analyzing Encrypted RDP Connections with Zeek
• The Tox Reference
• HTTP/1.0 Specification

Version Control

#

• Oh Shit, Git!?!

Libraries

#

• NNG: Lightweight Messaging
• ZyDis
• AsmJit

Binary Formats

#

• Life of Binaries