ThreatHunting-Keywords

https://mthcht.github.io/ThreatHunting-Keywords/

Exploiting a vulnerable Minifilter Driver to create a process killer

https://antonioparata.blogspot.com/2024/02/exploiting-vulnerable-minifilter-driver.html

https://github.com/enkomio/s4killer

Skrapa is a zero dependency and customizable Python library for scanning Windows and Linux process memory.

https://research.nccgroup.com/2024/01/25/memory-scanning-for-the-masses/

https://github.com/fox-it/skrapa

PoC||GTFO February 2024

https://www.alchemistowl.org/pocorgtfo/pocorgtfo22.pdf

Study of an Android runtime (ART) hijacking mechanism for bytecode injection through a step-by-step analysis of the packer used to protect the DJI Pilot Android application.

https://blog.quarkslab.com/dji-the-art-of-obfuscation.html

Debugging the Linux kernel with GDB

https://www.youtube.com/watch?v=C55_fbAb_24&t=1080s

Send phishing messages and attachments to Microsoft Teams users

https://github.com/Octoberfest7/TeamsPhisher

exploring amd platform secure boot

https://labs.ioactive.com/2024/02/exploring-amd-platform-secure-boot.html

Recovering function prototypes by bruteforcing XFG Hashes

https://github.com/ea/xfg_analyzer

Обновления в Windows

A Deep Dive Into Exploiting Windows Thread Pools

https://urien.gitbook.io/diago-lima/a-deep-dive-into-exploiting-windows-thread-pools

После недели байтоёбства

. This project aims at collecting the details of the certificates that are known to be abused in the wild by malicious actors.

https://github.com/WithSecureLabs/lolcerts

Nidhogg is a multi-functional rootkit to showcase the variety of operations that can be done from kernel space. The goal of Nidhogg is to provide an all-in-one and easy-to-use rootkit with multiple helpful functionalities for operations. Besides that, it can also easily be integrated with your C2 framework.

https://github.com/Idov31/Nidhogg/tree/master

Analyzing Mutation-Coded - VM Protect and Alcatraz

https://keowu.re/posts/Analyzing-Mutation-Coded-VM-Protect-and-Alcatraz-English/

Хорошая статья по внутренностям cpython

https://realpython.com/cpython-source-code-guide/

ебейшая статья по внутренностям питона, китаец просто разьебал таск

https://evilpan.com/2020/10/11/protected-python/#%e7%a4%ba%e4%be%8b

кстати в его блоге есть еще охуеные статьи

This is a web-based assembler and disassembler, utilizing GNU Binutils and ported to WebAssembly, thus functioning as a purely static website.

https://binutils-wasm.vercel.app/

CIA UAC bypass implementation of Stinger that obtains the token from an auto-elevated process, modifies it, and reuses it to execute as Administrator.

https://github.com/hackerhouse-opensource/Stinger

KernelGPT: Enhanced Kernel Fuzzing via Large Language Models

https://arxiv.org/pdf/2401.00563.pdf