Forwarded from $ᴘ3ᴅʏʟ1👾
some Resources for windows kernel programming:
Windows exploit development and windows kernel resources
00 - Windows Rootkits
01 - Windows kernel mitigations
02 - Windows kernel shellcode
03 - Windows kernel exploitation
04 -Windows kernel GDI exploitation
05 - Windows kernel Win32k.sys research
06 - Windows Kernel logic bugs
07 - Windows kernel driver development
08 - Windows internals
09 - Advanced Windows debugging
10 - 0days - APT advanced malware research
11 - Video game cheating (kernel mode stuff sometimes)
12 - Hyper-V and VM / sandbox escape
13 - Fuzzing
14 - Windows browser exploitation
15 - books, certifications and courses
and more :)
- Windows system programming Security
- Windows kernel programming fundamentals
- Windows exploitation
- Live 🔻 Modern Windows kernel exploitation
Article important for windows kernel programming and exploitation.
Windows Exploitation Links
https://github.com/r3p3r/nixawk-awesome-windows-exploitation
https://github.com/connormcgarr/Exploit-Development
https://github.com/connormcgarr/Kernel-Exploits
https://github.com/ElliotAlderson51/Exploit-Writeups
https://github.com/rhamaa/Binary-exploit-writeups#windows_stack_overflows
https://github.com/wtsxDev/Exploit-Development
https://www.corelan.be
https://malwareunicorn.org/#/workshops
https://p.ost2.fyi
https://www.securitytube.net
https://ctf101.org/binary-exploitation/overview
Windows Stack Protection I: Assembly Code
https://www.bowneconsultingcontent.com//pub/EH/proj/cloud/ED301c_tkp/ED301c_tkp.htm
Windows Stack Protection II: Exploit Without ASLR
https://www.bowneconsultingcontent.com//pub/EH/proj/cloud/ED302c_tkp/ED302c_tkp.htm
Windows Stack Protection III: Limitations of ASLR
https://www.bowneconsultingcontent.com//pub/EH/proj/cloud/ED303c_tkp/ED303c_tkp.htm
Exploit Development
Ch 6: The Wild World of Windows
https://samsclass.info/127/lec/EDch6.pdf
SEH-Based Stack Overflow Exploit
https://samsclass.info/127/proj/ED319.htm
Exploiting Easy RM to MP3 Converter on Windows with ASLR
https://samsclass.info/127/proj/ED318.htm
Bypassing Browser Memory Protections
https://www.blackhat.com/presentations/bh-usa-08/Sotirov_Dowd/bh08-sotirov-dowd.pdf
The Basics of Exploit Development 1: Win32 Buffer Overflows
https://www.coalfire.com/the-coalfire-blog/the-basics-of-exploit-development
The Basics of Exploit Development 2: SEH Overflows
https://www.coalfire.com/the-coalfire-blog/the-basics-of-exploit-development-2-seh-overflows
The Basics of Exploit Development 3: Egg Hunters
https://www.coalfire.com/the-coalfire-blog/the-basics-of-exploit-development-3-egg-hunters
The Basics of Exploit Development 4: Unicode Overflows
https://www.coalfire.com/the-coalfire-blog/the-basics-of-exploit-development-4-unicode-overfl
The Basics of Exploit Development 5: x86-64 Buffer Overflows
https://www.coalfire.com/the-coalfire-blog/the-basics-of-exploit-development-5-x86-64-buffer
Resources for Exploit development:-
- roadmap for exploit development
- roadmap for exploit development 2
Resources....
https://github.com/0xZ0F/Z0FCourse_ReverseEngineering
https://crackmes.one
https://www.youtube.com/@pwncollege/videos
https://repo.zenk-security.com/Magazine%20E-book/Hacking-%20The%20Art%20of%20Exploitation%20(2nd%20ed.%202008)%20-%20Erickson.pdf
https://www.phrack.org/issues/49/14.html#article
https://github.com/justinsteven/dostackbufferoverflowgood
https://github.com/FabioBaroni/awesome-exploit-development
https://github.com/CyberSecurityUP/Awesome-Exploit-Development
https://github.com/RPISEC/MBE
https://github.com/hoppersroppers/nightmare
https://github.com/shellphish/how2heap
https://www.youtube.com/watch?v=tMN5N5oid2c
https://dayzerosec.com/blog/2021/02/02/getting-started.html
https://github.com/Tzaoh/pwning
Windows exploit development and windows kernel resources
00 - Windows Rootkits
01 - Windows kernel mitigations
02 - Windows kernel shellcode
03 - Windows kernel exploitation
04 -Windows kernel GDI exploitation
05 - Windows kernel Win32k.sys research
06 - Windows Kernel logic bugs
07 - Windows kernel driver development
08 - Windows internals
09 - Advanced Windows debugging
10 - 0days - APT advanced malware research
11 - Video game cheating (kernel mode stuff sometimes)
12 - Hyper-V and VM / sandbox escape
13 - Fuzzing
14 - Windows browser exploitation
15 - books, certifications and courses
and more :)
- Windows system programming Security
- Windows kernel programming fundamentals
- Windows exploitation
- Live 🔻 Modern Windows kernel exploitation
Article important for windows kernel programming and exploitation.
Windows Exploitation Links
https://github.com/r3p3r/nixawk-awesome-windows-exploitation
https://github.com/connormcgarr/Exploit-Development
https://github.com/connormcgarr/Kernel-Exploits
https://github.com/ElliotAlderson51/Exploit-Writeups
https://github.com/rhamaa/Binary-exploit-writeups#windows_stack_overflows
https://github.com/wtsxDev/Exploit-Development
https://www.corelan.be
https://malwareunicorn.org/#/workshops
https://p.ost2.fyi
https://www.securitytube.net
https://ctf101.org/binary-exploitation/overview
Windows Stack Protection I: Assembly Code
https://www.bowneconsultingcontent.com//pub/EH/proj/cloud/ED301c_tkp/ED301c_tkp.htm
Windows Stack Protection II: Exploit Without ASLR
https://www.bowneconsultingcontent.com//pub/EH/proj/cloud/ED302c_tkp/ED302c_tkp.htm
Windows Stack Protection III: Limitations of ASLR
https://www.bowneconsultingcontent.com//pub/EH/proj/cloud/ED303c_tkp/ED303c_tkp.htm
Exploit Development
Ch 6: The Wild World of Windows
https://samsclass.info/127/lec/EDch6.pdf
SEH-Based Stack Overflow Exploit
https://samsclass.info/127/proj/ED319.htm
Exploiting Easy RM to MP3 Converter on Windows with ASLR
https://samsclass.info/127/proj/ED318.htm
Bypassing Browser Memory Protections
https://www.blackhat.com/presentations/bh-usa-08/Sotirov_Dowd/bh08-sotirov-dowd.pdf
The Basics of Exploit Development 1: Win32 Buffer Overflows
https://www.coalfire.com/the-coalfire-blog/the-basics-of-exploit-development
The Basics of Exploit Development 2: SEH Overflows
https://www.coalfire.com/the-coalfire-blog/the-basics-of-exploit-development-2-seh-overflows
The Basics of Exploit Development 3: Egg Hunters
https://www.coalfire.com/the-coalfire-blog/the-basics-of-exploit-development-3-egg-hunters
The Basics of Exploit Development 4: Unicode Overflows
https://www.coalfire.com/the-coalfire-blog/the-basics-of-exploit-development-4-unicode-overfl
The Basics of Exploit Development 5: x86-64 Buffer Overflows
https://www.coalfire.com/the-coalfire-blog/the-basics-of-exploit-development-5-x86-64-buffer
Resources for Exploit development:-
- roadmap for exploit development
- roadmap for exploit development 2
Resources....
https://github.com/0xZ0F/Z0FCourse_ReverseEngineering
https://crackmes.one
https://www.youtube.com/@pwncollege/videos
https://repo.zenk-security.com/Magazine%20E-book/Hacking-%20The%20Art%20of%20Exploitation%20(2nd%20ed.%202008)%20-%20Erickson.pdf
https://www.phrack.org/issues/49/14.html#article
https://github.com/justinsteven/dostackbufferoverflowgood
https://github.com/FabioBaroni/awesome-exploit-development
https://github.com/CyberSecurityUP/Awesome-Exploit-Development
https://github.com/RPISEC/MBE
https://github.com/hoppersroppers/nightmare
https://github.com/shellphish/how2heap
https://www.youtube.com/watch?v=tMN5N5oid2c
https://dayzerosec.com/blog/2021/02/02/getting-started.html
https://github.com/Tzaoh/pwning
GitHub
GitHub - FULLSHADE/WindowsExploitationResources: Resources for Windows exploit development
Resources for Windows exploit development. Contribute to FULLSHADE/WindowsExploitationResources development by creating an account on GitHub.
❤1
Forwarded from لیان - آموزش امنیت و تستنفوذ
https://liangroup.net/shop/product/android-penetration-test/
Please open Telegram to view this post
VIEW IN TELEGRAM
WiFi hacking (WiFi password capturing and cracking) using a rooted android smart phone:
https://www.mobile-hacker.com/2023/08/29/nethunter-hacker-viii-wi-fi-hacking-using-wifite-deauthentication-and-wardriving/
https://www.mobile-hacker.com/2023/08/29/nethunter-hacker-viii-wi-fi-hacking-using-wifite-deauthentication-and-wardriving/
Mobile Hacker
NetHunter Hacker VIII: Wi-Fi hacking using wifite, deauthentication and wardriving Mobile Hacker
This blog will provide you with information on the several techniques and tools used to attack Wi-Fi networks using NetHunter app. We'll talk about the various tools such as the wifite, shed light on the deauthentication attack technique, and explore the…
🔥1
اگه یه برنامه خوب میخواین که باهش فلش کارت های کاستومایز شده بسازین، AnkiDroid رو پیشنهاد میکنم.
رایگان و اپن سورس هستش، میتونین برای هر فلش کارت عکس، فیلم، صوت و انواع مالتی مدیاهای مدنظرتون رو اضافه کنین و از همه مهم تر اینکه web sync رایگان داره و میتونین روی هر دیوایسی فلش کارت ها رو مرور کنین.
رایگان و اپن سورس هستش، میتونین برای هر فلش کارت عکس، فیلم، صوت و انواع مالتی مدیاهای مدنظرتون رو اضافه کنین و از همه مهم تر اینکه web sync رایگان داره و میتونین روی هر دیوایسی فلش کارت ها رو مرور کنین.
❤1
Forwarded from white2hack 📚
Hacking Windows, first edition, Kevin Thomas, 2022
On November 20, 1985, Microsoft introduced the Windows operating environment which was nothing more than a graphical operating shell for MS-DOS.
Today we begin our journey into the Win32API. This book will take you step-by-step writing very simple Win32API’s in both x86 and x64 platforms in C and then reversing them both very carefully using the world’s most popular Hey Rays IDA Free tool which is a stripped down version of the IDA Pro tool used in more professional Reverse Engineering environments. Let’s begin...
#book #windows
On November 20, 1985, Microsoft introduced the Windows operating environment which was nothing more than a graphical operating shell for MS-DOS.
Today we begin our journey into the Win32API. This book will take you step-by-step writing very simple Win32API’s in both x86 and x64 platforms in C and then reversing them both very carefully using the world’s most popular Hey Rays IDA Free tool which is a stripped down version of the IDA Pro tool used in more professional Reverse Engineering environments. Let’s begin...
#book #windows
👍1
Forwarded from white2hack 📚
learn hacking window.pdf
4.9 MB
Hacking Windows, first edition, Kevin Thomas, 2022
با دانلود این کلاینت میتونید از ویژگیهای اسپاتیفای پریمیوم روی هر پلتفرمی (ویندوز، مک، اندروید، لینوکس و ...) به شکل رایگان استفاده کنید
تنها نکتش اینه که این هم فیلتره و موقع استفاده فیلتر شکنتون رو روشن کنید 😅
تنها نکتش اینه که این هم فیلتره و موقع استفاده فیلتر شکنتون رو روشن کنید 😅
GitHub
GitHub - KRTirtho/spotube: 🎧 Open source music streaming app! Available for both desktop & mobile!
🎧 Open source music streaming app! Available for both desktop & mobile! - KRTirtho/spotube
🔥2
Forwarded from OnHex
🔴 مهمان امشب برنامه Off By One Security ، آقای Duncan Ogilvie ، خالق دیباگر معروف X64dbg هستش.
موضوع برنامه اشون Debugging Windows Internals with x64dbg هستش. اگه علاقمند بودید شرکت کنید.
این برنامه قراره حدود ساعت 30 : 21 به وقت ایران در یوتیوب برگزار بشه.
اگه نرسیدید ببینید یا منتظر زیرنویس بودید، بعدا هم از همون لینک قابل دسترس هستش.
🆔 @onhex_ir
➡️ ALL Link
موضوع برنامه اشون Debugging Windows Internals with x64dbg هستش. اگه علاقمند بودید شرکت کنید.
این برنامه قراره حدود ساعت 30 : 21 به وقت ایران در یوتیوب برگزار بشه.
اگه نرسیدید ببینید یا منتظر زیرنویس بودید، بعدا هم از همون لینک قابل دسترس هستش.
🆔 @onhex_ir
➡️ ALL Link
YouTube
Debugging Windows Internals with x64dbg!
Join me with my guest Duncan Ogilvie, developer of x64dbg, as he shows us around the tool and shares some Windows debugging techniques. x64dbg is the only actively maintained userland debugger outside of WinDbg, and aims to be much more intuitive and easy…
Forwarded from OSCP|OSWE|EWPTXV2|CRTP|EJPTV2 (KnockouT)
#Udemy | Red Teaming | Exploit Development with Assembly and C |MSAC+
Info: https://www.udemy.com/course/shellcode/
Info: https://www.udemy.com/course/shellcode/
Forwarded from OSCP|OSWE|EWPTXV2|CRTP|EJPTV2 (KnockouT)
Red-Teaming-Exploit-Development-with-Assembly-and-C-MSAC.7z
1.4 GB
یه مقاله نسبتا جالب در مورد یه برنامه نویس که تو دو سال تونسته به درآمد ماهانه ۴۵ هزار دلار برسه:
https://news.tonydinh.com/p/my-solopreneur-story-zero-to-45kmo
#story
#experience
#paper
https://news.tonydinh.com/p/my-solopreneur-story-zero-to-45kmo
#story
#experience
#paper
Tonydinh
My solopreneur story: zero to $45K/mo in 2 years
Today is exactly 2 years since I quit my job and become a full-time indie hacker.
Forwarded from CyberSecurity Shield (Pouyan Zamani)
Bash Scripting .pdf
4.4 MB
#پرزنت خوب برای bash scripting
به نظرم جالب اومد
به نظرم جالب اومد
Stuff for Geeks
اگه به هر دلیلی از ویم یا neovim خوشتون نمیاد، به عنوان یه جایگزین helix رو داریم که با Rust نوشته شده. خودم کار نکردم باهش ولی گیت هابش 27هزارتا ستاره داره!(فک میکنم نهایتا دو سه ساله که اومده) توی کنفرانس neovim سال 2022 هم یه ارایه ای درموردش بود که میتونین…
این فیلم ها را ببینید تا نظرتان درمورد ویم و neovim مقداری تغییر کند!!
https://www.youtube.com/watch?v=tJHjCGHGQhw
https://www.youtube.com/watch?v=xHebvTGOdH8
https://www.youtube.com/watch?v=tJHjCGHGQhw
https://www.youtube.com/watch?v=xHebvTGOdH8
YouTube
Helix Text Editor: A Review
Can Vim and Neovim be dethroned by this new modal text editor written in Rust?
I review Helix's features: tree-sitter, LSP, color schemes, etc. I also tell you about the pain points and caveats.
Helix runs on Linux, Windows and MacOS.
Timestamps:
00:00…
I review Helix's features: tree-sitter, LSP, color schemes, etc. I also tell you about the pain points and caveats.
Helix runs on Linux, Windows and MacOS.
Timestamps:
00:00…
🔥1
Forwarded from .....
اطلاعات بیشتر بزودی در کانال منتشر خواهد شد .
Please open Telegram to view this post
VIEW IN TELEGRAM
🎉1
Forwarded from 𝐂𝐲𝐛𝐞𝐫 𝐊𝐞𝐧𝐝𝐫𝐚
Source Code Disclosure in ASP.NET apps
ASP.NET has a strange mode of operation called " Cookie-less Session " - when an identifier from the URL is used for authentication, instead of a cookie.
For example:
https://site.com/CybredApplication/(A(XXXX)S(XXXX)F(XXXX))/home.aspx
where A(XXXX) is session_id; S(XXXX) — Anonymous-ID; F(XXXX) — Forms Authentication ticket.
It generates a bunch of bugs, thanks to which you can carry out Session Fixation attacks, exploit XSS , or bypass WAF . But now this list has been supplemented by downloading application sources.
All you need is the runAllManagedModulesForAllRequests module enabled (usually it is enabled) and a well-formed link like the one shown in the screenshot.
And in conjunction with IIS-ShortName-Scanner and the ::$INDEX_ALLOCATION trick, you can list the contents of directories, exploiting another feature with short file names.
https://swarm.ptsecurity.com/source-code-disclosure-in-asp-net-apps/
ASP.NET has a strange mode of operation called " Cookie-less Session " - when an identifier from the URL is used for authentication, instead of a cookie.
For example:
https://site.com/CybredApplication/(A(XXXX)S(XXXX)F(XXXX))/home.aspx
where A(XXXX) is session_id; S(XXXX) — Anonymous-ID; F(XXXX) — Forms Authentication ticket.
It generates a bunch of bugs, thanks to which you can carry out Session Fixation attacks, exploit XSS , or bypass WAF . But now this list has been supplemented by downloading application sources.
All you need is the runAllManagedModulesForAllRequests module enabled (usually it is enabled) and a well-formed link like the one shown in the screenshot.
And in conjunction with IIS-ShortName-Scanner and the ::$INDEX_ALLOCATION trick, you can list the contents of directories, exploiting another feature with short file names.
https://swarm.ptsecurity.com/source-code-disclosure-in-asp-net-apps/