Web Sites / Blogs

Windows

• Alex Ionescu
• Windows Internals
• CodeMachine
• Pavel Yosifovich
• Microsoft Security Response Center Blogs
• Geoff Chappel
• The Old New Thing
• OSR Online
• WinWorld PC
• Microsoft Learn
• Steve Syfuhs
• Steves Tech Spot
• Uninformed
• Attl4s

InfoSec

• MalwareTech
• Stygian Security
• Infosec Reference
• Security Sift
• Bad Sector Labs
• I Hack 4 Falafel
• Cyber Khalid
• Trail of Bits
• FuzzySecurity
• Corelan
• Phrack
• DEFCON Media Server
• Exploit DB Papers
• Black Hills Infosec
• iRed.Team
• ZeroDay Engineering
• Google Project Zero
• Forrest Orr
• VX-Underground Windows Papers
• wumb0
• Andrea Fortuna
• 0xinfection
• XPN (Adam Chester)
• SpecterOps
• Dirk-jan Mollema
• 0xcsandker
• Shogun Lab
• 0x00 Sec
• PreEmpt.Dev
• Klez Virus
• HackTricks

Programming

• Beej.us
• Tenouk C/C++ Notes

Vulnerability Research / Exploit Dev / Red Teaming

General Exploitation

• Smashing the Stack for Fun and Profit
• Basic Integer Overflows
• The Art of Hunting ROP Gadgets
• Awesome Hacking

Windows

• Abusing Token Privileges for EOP
• Windows Binary Index (Old Binaries)
• Exploiting the Windows CryptoAPI
• Awesome Windows Exploitation
• Shellcode from Visual Studio
• Immunity General Notes on Windows x64 Exploitation
• NixAwk Awesome Windows Exploitation
• Exploiting with SEH

Heap

• Windows 8 Heap Internals
• Abusing the Windows Segment Heap
• Exploit Development References
• Exploit Development Tools

Patch Diffing

• Patch Extraction and Diffing
• Orange Defense Patch Diffing P1
• Orange Defense Patch Diffing P2
• Orange Defense Patch Diffing P3
• Hyper-V Automation for Patch Diffing
• Google Project Zero Patch Diffing
• Patch Diffing with Ghidra
• How to Deal with MS Monthly Updates

Kernel

• Vulnerable Driver Mega Thread
• Windows 7 Kernel Pool Exploitation
• Abusing GDI Objects for Ring0 Primitives
• Exploting MS16-098 Abusing GDI Objects
• Taking Windows 10 Exploitation to the Next Level (VIDEO)
• Demystifying Kernel Exploiation by Abusing GDI Objects

PatchGuard

• PatchGuard: A Provably Robust Defense
• PatchGuard++: Efficient Provable Attack Detection
• Bypassing x64 PatchGuard

Fuzzing

• WinAFL
• What The Fuzz
• BooFuzz

Tutorials / Practice

• Zaratec.io
• Windows PwnAble Notes
• Getting Started with Exploitation
• FuzzySecurity Tutorials
• Corelan Tutorials
• FullShade Windows Exploitation Tutorials
• PWK Buffer Overflow Practice
• Shogun Lab Windows Exploit Development
• Windows Exploit Development Class (Just Curriculum)
• VulnServer
• VulnHub
• HackTheBox
• OverTheWire
• UnderTheWire
• BadBlood

VR / ED Tools

• Windows Exploit Development Plugin
• Gadgetrie
• Lisa.py
• Mona.py
• Mona.py Manual
• VX-Underground API
• PSAmsi

Red Team Tools

Scanning / Enumeration

• nmap

Windows

• Impacket
• Defender Check
• Crimson Wisp
• WinAPI Exec (WinAPI through CLI)
• lsassy
• ConPtyShell
• PostDump
• SpoolFool
• Evil-WinRM
• BloodHound
• Mimikatz
• SharpSploit
• Seatbelt
• Understanding a Payloads Life
• Getting Started w/ Windows Malware Dev

Tunneling

• Chisel
• ProxyChains
• WireProxy
• SpectreOPS gTunnel

C2

• The C2 Matrix
• Sliver
• Mythic
• GoRAT
• Covenant

Other

• SharpGen
• Snaffler
• Git Dumper
• Red Teaming Toolkit
• Exegol Hacking Setup
• Building a Red Team Infrax in 2023

PoCs

• CVE-2022-21907 Windows HTTP.SYS DoS PoC
• CVE-2022-26809 MSRPC RCE (Need-Translation)

Git Accounts

• GhostPack
• Cobbr
• 0x43434343
• VX-Underground
• wumb0
• wumb0 Gists

Tactics, Techniques, Examples, Write-Ups

• Lazarus Shellcode Execution
• Combining HiveNightmare and SeriousSAM
• Avoiding Memory Scanners
• C++ Time Trigger Scheduled Task
• MSRC Hunting for Emerging C2 Frameworks
• Advanced Process Injection
• RE PsExec
• CertiFried ADCS
• Hidden Scheduled Task
• Azure ADConnectDump
• AzureADConnect for Red Teamers
• AzureAD MSOL Dump PowerShell
• Attacking Active Directory Domain Trusts
• Phishing Made Easyish
• Offensive Windows IPC Internals
• Windows DFIR Tools and Artifacts
• Modern Red Team Architecture
• Empire as a Docker Container
• The Dog Whisperers Handbook: BloodHound
• Ever Wondered How AV Knows
• Builtin Offensive Windows RPC
• Userland Persistence w/ Scheduled Tasks and COM Handler Hijacking

Cheat Sheets

• OWASP Cheat Sheet Series

Windows Development / Internals

• Windows Error Codes
• Microsoft SDK Archive
• WinWorld PC Old SDKs
• Windows Implementation Library
• Windows Classic Samples
• Getting Started with Win32
• Windows API List
• Using SAL
• .NET SDKs
• Reproducable Builds
• Sanity for C/C++ Dev on Windows
• RPC Programming for Windows Developer
• Configuring IntelliSense with CMake
• Making NtCreateUserProcess Work
• Windows ConPTY Blog Series

Networking

• Getting Started with WinSock
• WinSock Tutorial
• WinSock / .NET Network Programming
• Using SSPI w/ Windows Sockets Server
• SSPT TLS Client Example
• WinSock SSPI/IoCompletion Examples

WinCrypt / Crypto Next Generation (CNG)

• CAPI Import Public from Private PEM
• CAPI PEM Import Example
• Schannel Mutual Auth
• MSDN Schannel Peforming Auth
• JWT WinCrypt
• Blackhat 2016 CNG Slides

WinDbg

• SOSEX .NET WinDbg Extenstion
• Bug Check Code Reference
• Talos JS in WinDbg for Malware Analysis
• WinDbg Anti-RootKit
• Debugger Extension APIs
• PyKD
• DbgEng Header Index
• OSR Basics of Debugger Extensions
• TWinDbg

Internals

• Tokens for Security Practitioners
• German OIS ETW Paper
• RICH Header
• CRT Initialization
• WoW64 Deep Dive (Broken?)
• Deep Dive into OS Internals with WinDbg
• Defender Exploit Protections
• Windows 10 x86 Emulation on ARM

Microsoft Protocol Documentation

Kerveberos (MS-KILE)

Kernel

• Windows EWDK
• Windows Custom Kernel Signers
• Geoff Chappell Driver Signing
• Verfilius Windows Kernel Structures
• Quibble: Windows Bootloader

Packing / Loading / etc.

• Blackbone Memory Hacking
• MemoryModule Loader
• PE-to-Shellcode
• In Memory Load EXE (2004)
• Designing and Implementing PEzor Packer

Administration

• Microsoft Update Catalog
• Windows Server Evaluations
• Windows Secure Boot Keys
• GPO Search
• Remoter Server Administration Tools (RSAT)
• PowerShell Unpin Taskbar Shortcuts
• Activating Windows
• WMIC CLI Cheatsheet
• Key Management Services
• Windows XP Keys
• Disable and Remove Defender
• Installing Exchange 2019
• Exchange 2019 Pre-Reqs
• Group Policy Best Practices
• Install Windows 11 on Unsupported CPU
• Remotely Manage Hyper-V on Non-Domain
• Hyper-V NAT VMSwitch
• Windows Defender Hardening
• SS64
• Disable DEP
• Disable ASLR
• Building a AD Domain Lab
• Deleting Certs w/ PowerShell
• Exchange Server Docs
• Reset Domain Admin

AV

• How AV Hooks NTDLL

.NET

Internals

• .NET Internals and Native Compiling
• Writing a Managed JIT in C#

ASP.NET

• ASP.NET API w/ SQLITE Example
• ASP.NET Core
• Creating an ASP.NET Admin Panel
• Microsoft .NET Web API Tutorial
• ASP.NET Core Authorization
• ASP.NET Core RBAC

HomeLab

Services

Random

• CloudFlare Tutorials
• Unbound and NSD DNS Setup
• Trasa Zero Trust
• PFSense VPN ProtonVPN
• PFSense VPN
• Setting up Security Onion at Home
• Installing Guacamole w/ Docker

VMWare

• VCSA DomainJoin CLI
• VCSA Join/Leae AD Domain

GitLab

• GitLab LDAP Auth
• GitLab Redundant LDAP

Monitoring

Elastic

• Install and Configure Elasting on Ubuntu 22.04

General Development

C

• An OOP in C
• Beej’s Guides
• Beginners Guide Away from scanf
• Simple Makefile Tutorial

Python

• Flask Mega Tutorial

Version Control

• Oh Shit, Git!?!

Libraries

• NNG: Lightweight Messaging
• ZyDis
• AsmJit

Binary Formats

• Life of Binaries