├── Exploit-Development.md
├── Misc.md
├── Pentesting.md
├── README.md
├── Reversing-Dotnet.md
├── Reversing-Native.md
├── Server-Hardening.md
└── VM Obfuscation.md


/Exploit-Development.md:
--------------------------------------------------------------------------------
  1 | # Exploit Development Collection
  2 | 
  3 | ## Tutorials
  4 | 
  5 | ### Own
  6 | 
  7 | - [OSCP Buffer Overflow Cheat Sheet](https://nop-blog.tech/oscp/bof-cheatsheet)
  8 | 
  9 | ### YouTube
 10 | 
 11 | - LiveOverflow: [Binary Exploitation / Memory Corruption](https://www.youtube.com/playlist?list=PLhixgUqwRTjxglIswKp9mpkfPNfHkzyeN) (Playlist)
 12 | - 247 CTF: [Integer Overflows](https://www.youtube.com/watch?v=3qD3ybBwcFA)
 13 | - 247 CTF: [When Integer Overflows attack](https://www.youtube.com/watch?v=m4DFYgtqNY8)
 14 | - Busra Demir: [Exploit Development](https://www.youtube.com/playlist?list=PLi0kul0fEhZ_ZOJ9EvbE628ptN2rsKuu5) (Playlist)
 15 | - CoolCamera: [Reverse Engineering For Beginners](https://www.youtube.com/playlist?list=PLMB3ddm5Yvh3gf_iev78YP5EPzkA3nPdL) (Playlist)
 16 | 
 17 | 	
 18 | ### Corelan.be
 19 | 
 20 | 	
 21 | - [Exploit writing tutorial part 1: Stack Based Overflows](https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/)
 22 | - [Exploit writing tutorial part 2: Stack Based Overflows - jumping to shellcode](https://www.corelan.be/index.php/2009/07/23/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2/)
 23 | - [Exploit writing tutorial part 3: SEH Based Exploits](https://www.corelan.be/index.php/2009/07/25/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-3-seh/)
 24 | - [Exploit writing tutorial part 3b: SEH Based Exploits - just another example](https://www.corelan.be/index.php/2009/07/28/seh-based-exploit-writing-tutorial-continued-just-another-example-part-3b/)
 25 | - [Exploit writing tutorial part 3: From Exploit to Metasploit - The basics](https://www.corelan.be/index.php/2009/08/12/exploit-writing-tutorials-part-4-from-exploit-to-metasploit-the-basics/)
 26 | - [Exploit writing tutorial part 5: How debugger modules & plugins can speed up basic exploit development](https://www.corelan.be/index.php/2009/09/05/exploit-writing-tutorial-part-5-how-debugger-modules-plugins-can-speed-up-basic-exploit-development/)
 27 | - [Exploit writing tutorial part 6: Bypassing Stack Cookies, SafeSeh, SEHOOP, HW DEP and ASLR](https://www.corelan.be/index.php/2009/09/21/exploit-writing-tutorial-part-6-bypassing-stack-cookies-safeseh-hw-dep-and-aslr/)
 28 | - [Exploit writing tutorial part 7: Unicode - from 0x00410041 to calc](https://www.corelan.be/index.php/2009/11/06/exploit-writing-tutorial-part-7-unicode-from-0x00410041-to-calc/)
 29 | - [Exploit writing tutorial part 8: Win32 Egg Hunting](https://www.corelan.be/index.php/2010/01/09/exploit-writing-tutorial-part-8-win32-egg-hunting/)
 30 | - [Exploit writing tutorial part 9: Introduction to Win32 shellcoding](https://www.corelan.be/index.php/2010/02/25/exploit-writing-tutorial-part-9-introduction-to-win32-shellcoding/)
 31 | - [Exploit writing tutorial part 10: Changing DEP with ROP - the Rubik's Cube](https://www.corelan.be/index.php/2010/06/16/exploit-writing-tutorial-part-10-chaining-dep-with-rop-the-rubikstm-cube/)
 32 | - [Exploit writing tutorial part 11: Heap Spraying Demystified](https://www.corelan.be/index.php/2011/12/31/exploit-writing-tutorial-part-11-heap-spraying-demystified/)
 33 | - [Start to write Immunity Debugger PyCommands: my cheatsheet](https://www.corelan.be/index.php/2010/01/26/starting-to-write-immunity-debugger-pycommands-my-cheatsheet/)
 34 | - [Ken Ward ZIpper exploit write-up on abyssec.com](https://www.corelan.be/index.php/2010/03/22/ken-ward-zipper-exploit-write-up-on-abysssec-com/)
 35 | - [Exploiting Ken Ward Zipper: Taking advantage of payload conversion](https://www.corelan.be/index.php/2010/03/27/exploiting-ken-ward-zipper-taking-advantage-of-payload-conversion/)
 36 | - [Hack Notes: ROP retn+offset and impact on stack setup](https://www.corelan.be/index.php/2011/01/30/hack-notes-rop-retnoffset-and-impact-on-stack-setup/)
 37 | - [Hack Notes: Ropping eggs for breakfast](https://www.corelan.be/index.php/2011/05/12/hack-notes-ropping-eggs-for-breakfast/)
 38 | - [Universal DEP/ASLR bypass with msvcr71.dll and mona.py](https://www.corelan.be/index.php/2011/07/03/universal-depaslr-bypass-with-msvcr71-dll-and-mona-py/)
 39 | - [WoW64 Egghunter](https://www.corelan.be/index.php/2011/11/18/wow64-egghunter/)
 40 | - [Debugging Fun - Putting a process to sleep()](https://www.corelan.be/index.php/2012/02/29/debugging-fun-putting-a-process-to-sleep/)
 41 | - [Jingle BOFs, Jingle ROPs, Spliting all the things... with Monva v2!!](https://www.corelan.be/index.php/2012/12/31/jingle-bofs-jingle-rops-sploiting-all-the-things-with-mona-v2/)
 42 | - [Root Cause Analysis - Memory Corruption Vulnerabilities](https://www.corelan.be/index.php/2013/02/26/root-cause-analysis-memory-corruption-vulnerabilities/)
 43 | - [Heap Layout Visualization with mona.py and WinDBG](https://www.corelan.be/index.php/2013/01/18/heap-layout-visualization-with-mona-py-and-windbg/)
 44 | - [DEPS - Precise Heap Spray on Firefox and IE10](https://www.corelan.be/index.php/2013/02/19/deps-precise-heap-spray-on-firefox-and-ie10/)
 45 | - [Root Cause Analysis - Integer Overflows](https://www.corelan.be/index.php/2013/07/02/root-cause-analysis-integer-overflows/)
 46 | 
 47 | 
 48 | 
 49 | </br>
 50 | 
 51 | ### OpenSecuritytraining.info
 52 | 
 53 | - [Introduction To Software Exploits](https://opensecuritytraining.info/Exploits1.html)
 54 | - [Exploits 2: Exploitation in the Windows Environment](https://opensecuritytraining.info/Exploits2.html)
 55 | 
 56 | </br>
 57 | 
 58 | ### Security Sift
 59 | 
 60 | - [Windows Exploit Development - Part 1: The Basics](http://www.securitysift.com/windows-exploit-development-part-1-basics/)
 61 | - [Windows Exploit Development - Part 2: Intro to Stack Based Overflows](http://www.securitysift.com/windows-exploit-development-part-2-intro-stack-overflow/)
 62 | - [Windows Exploit Development - Part 3: Changing Offsets and Rebased Modules](http://www.securitysift.com/windows-exploit-development-part-3-changing-offsets-and-rebased-modules/)
 63 | - [Windows Exploit Development - Part 4: Locating Shellcode With Jumps](http://www.securitysift.com/windows-exploit-development-part-4-locating-shellcode-jumps/)
 64 | - [Windows Exploit Development - Part 5: Locating Shellcode With Egghunting](http://www.securitysift.com/windows-exploit-development-part-5-locating-shellcode-egghunting/)
 65 | - [Windows Exploit Development - Part 6: SEH Exploits](http://www.securitysift.com/windows-exploit-development-part-6-seh-exploits/)
 66 | - [Windows Exploit Development - Part 7: Unicode Buffer Overflows](http://www.securitysift.com/windows-exploit-development-part-7-unicode-buffer-overflows/)
 67 | 
 68 | </br>
 69 | 
 70 | ### Fuzzysecurity
 71 | 
 72 | #### Windows Exploit Development
 73 | - [Part 1: Introduction to Exploit Development](http://www.fuzzysecurity.com/tutorials/expDev/1.html)
 74 | - [Part 2: Saved Return Pointer Overflows](http://www.fuzzysecurity.com/tutorials/expDev/2.html)
 75 | - [Part 3: Structured Exception Handler (SEH)](http://www.fuzzysecurity.com/tutorials/expDev/3.html)
 76 | - [Part 4: Egg Hunters](http://www.fuzzysecurity.com/tutorials/expDev/4.html)
 77 | - [Part 5: Unicode 0x00410041](http://www.fuzzysecurity.com/tutorials/expDev/5.html)
 78 | - [Part 6: Writing W32 shellcode](http://www.fuzzysecurity.com/tutorials/expDev/6.html)
 79 | - [Part 7: Return Oriented Programming](http://www.fuzzysecurity.com/tutorials/expDev/7.html)
 80 | - [Part 8: Spraying the Heap [Chaper 1: Vanilla EIP] - Putting Needles in the Haystack](http://www.fuzzysecurity.com/tutorials/expDev/8.html)
 81 | - [Part 9: Spraying the Heap [Chaper 2: Use-After-Free] - Finding the needle in a Haystack](http://www.fuzzysecurity.com/tutorials/expDev/11.html)
 82 | - [Part 10: Kernel Exploitation -> Stack Overflow](https://www.fuzzysecurity.com/tutorials/expDev/14.html)
 83 | - [Part 11: Kernel Exploitation -> Write-What-Where](https://www.fuzzysecurity.com/tutorials/expDev/15.html)
 84 | - [Part 12: Kernel Exploitation -> Null Pointer Dereference](https://www.fuzzysecurity.com/tutorials/expDev/16.html)
 85 | - [Part 13: Kernel Exploitation -> Uninitialized Stack Variable](https://www.fuzzysecurity.com/tutorials/expDev/17.html)
 86 | - [Part 14: Kernel Exploitation -> Integer Overflow](https://www.fuzzysecurity.com/tutorials/expDev/18.html)
 87 | - [Part 15: Kernel Exploitation -> UAF](https://www.fuzzysecurity.com/tutorials/expDev/19.html)
 88 | - [Part 16: Kernel Exploitation -> Pool Overflow](https://www.fuzzysecurity.com/tutorials/expDev/20.html)
 89 | - [Part 17: Kernel Exploitation -> GDI Bitmap Abuse (Win7-10 32/64bit)](https://www.fuzzysecurity.com/tutorials/expDev/21.html)
 90 | - [Part 18: Kernel Exploitation -> RS2 Bitmap Necromancy](https://www.fuzzysecurity.com/tutorials/expDev/22.html)
 91 | - [Part 19: Kernel Exploitation -> Logic bugs in Razer rzpnk.sys](https://www.fuzzysecurity.com/tutorials/expDev/23.html)
 92 | 
 93 | #### Windows Heap Exploitation
 94 | - [Heap Overflows For Humans 101](https://www.fuzzysecurity.com/tutorials/mr_me/2.html)
 95 | - [Heap Overflows For Humans 102](https://www.fuzzysecurity.com/tutorials/mr_me/3.html)
 96 | - [Heap Overflows For Humans 102.5](https://www.fuzzysecurity.com/tutorials/mr_me/4.html)
 97 | - [Heap Overflows For Humans 103](https://www.fuzzysecurity.com/tutorials/mr_me/5.html)
 98 | - [Heap Overflows For Humans 103.5](https://www.fuzzysecurity.com/tutorials/mr_me/6.html)
 99 | 
100 | #### Linux
101 | - [Part 1: Introduction to Linux Exploit Development](https://www.fuzzysecurity.com/tutorials/expDev/9.html)
102 | - [Part 2: Linux Format String Exploitation](https://www.fuzzysecurity.com/tutorials/expDev/10.html)
103 | - [Part 3: Buffer Overflow [Pwnable.kr -> bof]](https://www.fuzzysecurity.com/tutorials/expDev/12.html)
104 | - [Part 4: Use-After-Free [Pwnable.kr -> uaf]](https://www.fuzzysecurity.com/tutorials/expDev/13.html)
105 | 
106 | </br>
107 | 
108 | ### Sploitfun
109 | 
110 | - [Level 1: Classic Stack Based Overflow](https://sploitfun.wordpress.com/2015/05/08/classic-stack-based-buffer-overflow/)
111 | - [Level 1: Integer Overflow](https://sploitfun.wordpress.com/2015/06/23/integer-overflow/)
112 | - [Level 1: Off-By-One (Stack Based)](https://sploitfun.wordpress.com/2015/06/07/off-by-one-vulnerability-stack-based-2/)
113 | - [Level 2: Bypassing NX bit using return-to-libc](https://sploitfun.wordpress.com/2015/05/08/bypassing-nx-bit-using-return-to-libc/)
114 | - [Level 2: Bypassing NX bit using chained return-to-libc](https://sploitfun.wordpress.com/2015/05/08/bypassing-nx-bit-using-chained-return-to-libc/)
115 | - Level 2: Bypassing ASLR:
116 | 	- [Part 1: Using return-to-plt](https://sploitfun.wordpress.com/2015/05/08/bypassing-aslr-part-i/)
117 | 	- [Part 2: Using brute force](https://sploitfun.wordpress.com/2015/05/08/bypassing-aslr-part-ii/)
118 | 	- [Part 3: Using GOT overwrote and GOT dereference](https://sploitfun.wordpress.com/2015/05/08/bypassing-aslr-part-iii)
119 | - [Level 3: Heap overflow using unlink](https://sploitfun.wordpress.com/2015/02/26/heap-overflow-using-unlink/)
120 | - [Level 3: Heap overflow using Malloc Maleficarum](https://sploitfun.wordpress.com/2015/03/04/heap-overflow-using-malloc-maleficarum/)
121 | - [Level 3: Off-By-One (Heap Based)](https://sploitfun.wordpress.com/2015/06/09/off-by-one-vulnerability-heap-based)
122 | - [Level 3: Use After Free](https://sploitfun.wordpress.com/2015/06/16/use-after-free/)
123 | 
124 | </br>
125 | 
126 | ### desc0n0cid0
127 | 
128 | - [Part 1: Stack-based Buffer Overflow exploitation to shell example](https://desc0n0cid0.blogspot.com/2016/09/stack-based-buffer-overflow.html)
129 | - [Part 2: Stack-based Buffer Overflow exploitation to shell by example](https://desc0n0cid0.blogspot.com/2016/09/stack-based-buffer-overflow_28.html)
130 | - [Part 3: Stack-based Buffer Overflow exploitation to shell by example](https://desc0n0cid0.blogspot.com/2016/09/stack-based-buffer-overflow_29.html)
131 | - [Part 4: Stack-based Buffer Overflow exploitation to shell by example](https://desc0n0cid0.blogspot.com/2016/10/part-4-stack-based-buffer-overflow.html)
132 | 
133 | </br>
134 | 
135 | ### (Rootkits.xyz) Windows Kernel Exploitation
136 | - [Part 1: Setting up the Environment](https://rootkits.xyz/blog/2017/06/kernel-setting-up/)
137 | - [Part 2: Stack Overflow](https://rootkits.xyz/blog/2017/08/kernel-stack-overflow/)
138 | - [Part 3: Arbitrary Memory Overwrite](https://rootkits.xyz/blog/2017/09/kernel-write-what-where/)
139 | - [Part 3: Pool Feng-Shui -> Pool Overflow](https://rootkits.xyz/blog/2017/11/kernel-pool-overflow/)
140 | - [Part 5: NULL Pointer Dereference](https://rootkits.xyz/blog/2018/01/kernel-null-pointer-dereference/)
141 | - [Part 6: Uninitialized Stack Variable](https://rootkits.xyz/blog/2018/01/kernel-uninitialized-stack-variable/)
142 | - [Part 7: Uninitialized Heap Variable](https://rootkits.xyz/blog/2018/03/kernel-uninitialized-heap-variable/)
143 | - [Part 8: Use After Free](https://rootkits.xyz/blog/2018/04/kernel-use-after-free/)
144 | 
145 | </br>
146 | 
147 | ### (Shogunlab) Zero Day Zen Garden (Windows Exploit Development)
148 | - [Part 0: Dev Setup & Advice](https://www.shogunlab.com/blog/2017/08/11/zdzg-windows-exploit-0.html)
149 | - [Part 1: Stack Buffer Overflow Intro](https://www.shogunlab.com/blog/2017/08/19/zdzg-windows-exploit-1.html)
150 | - [Part 2: JMP to Locate Shellcode](https://www.shogunlab.com/blog/2017/08/26/zdzg-windows-exploit-2.html)
151 | - [Part 3: Egghunter to Locate Shellcode](https://www.shogunlab.com/blog/2017/09/02/zdzg-windows-exploit-3.html)
152 | - [Part 4: Overwriting SEH with Buffer Overflows](https://www.shogunlab.com/blog/2017/11/06/zdzg-windows-exploit-4.html)
153 | - [Part 5: Return Oriented Programming Chains](https://www.shogunlab.com/blog/2018/02/11/zdzg-windows-exploit-5.html)
154 | 
155 | 
156 | </br>
157 | 
158 | ### Kernel Based Exploit Development
159 | 
160 | - HITB 2004: [Windows Local Kernel Exploitation](https://packetstormsecurity.com/hitb04/hitb04-sk-chong.pdf) by S.K. Chong
161 | - Blackhat: [Attacking the Windows Kernel](https://www.blackhat.com/presentations/bh-usa-07/Lindsay/Whitepaper/bh-usa-07-lindsay-WP.pdf) by Jonathan Lindsay
162 | - Blackhat: [Remote and Local Exploitation of Network Drivers](https://www.blackhat.com/presentations/bh-usa-07/Bulygin/Presentation/bh-usa-07-bulygin.pdf) by Yuriy Bulygin
163 | - [I2OMGMT Driver Impersonation Attack](https://www.immunityinc.com/downloads/DriverImpersonationAttack_i2omgmt.pdf) by Justin Seitz
164 | - [There's a party at ring0....](https://www.cr0.org/paper/to-jt-party-at-ring0.pdf) by Tavis Ormandy & Julien Tinnes
165 | - [GDT and LDT in Windows Kernel Vulnerability Exploitation](http://vexillium.org/dl.php?call_gate_exploitation.pdf) by Matthew Jurczyk and Gynvael Coldwind
166 | 
167 | </br>
168 | 
169 | ### Windows memory protection bypass methods
170 | 
171 | - [Safely Searching Process Virtual Address Space](http://www.hick.org/code/skape/papers/egghunt-shellcode.pdf)
172 | - [Exploiting Freelist[0] On XP SP2](http://www.orkspace.net/secdocs/Windows/Protection/Bypass/Exploiting%20Freelist%5B0%5D%20On%20XP%20Service%20Pack%202.pdf)
173 | - Blackhat: [Heap Feng Shui in JavaScript](https://www.blackhat.com/presentations/bh-europe-07/Sotirov/Presentation/bh-eu-07-sotirov-apr19.pdf)
174 | - Blackhat: [Return-oriented Programming: Exploitation without Code Injection](https://hovav.net/ucsd/dist/blackhat08.pdf)
175 | - [Defeating DEP, the Immunity Debugger way](https://www.immunityinc.com/downloads/DEPLIB.pdf)
176 | - Blackhat: [Practical Windows XP/2003 Heap Exploitation](https://www.blackhat.com/presentations/bh-usa-09/MCDONALD/BHUSA09-McDonald-WindowsHeap-PAPER.pdf)
177 | - [Interpreter Exploitation: Pointer Inference and JIT Spraying](http://www.semantiscope.com/research/BHDC2010/BHDC-2010-Slides-v2.pdf)
178 | - [Pwn2Own 2010 Windows 7 IE8 exploit](http://vreugdenhilresearch.nl/Pwn2Own-2010-Windows7-InternetExplorer8.pdf)
179 | - [The Arashi](https://web.archive.org/web/20130908074854/http://abysssec.com/files/The_Arashi.pdf)
180 | 
181 | </br>
182 | 
183 | ### Other
184 | 
185 | - 0xdabbad00: [Hurdles for a beginner to explit a simple vulnerability on modern Windows](http://0xdabbad00.com/2012/12/09/hurdles-for-a-beginner-to-exploit-a-simple-vulnerability-on-modern-windows/)
186 | - Infosecinstitute: [Debugging Fundamentals for Exploit Development](https://resources.infosecinstitute.com/topic/debugging-fundamentals-for-exploit-development/)
187 | - Rayfayhackingarticles: [From A Minor Bug To Zero Day - Exploit Development](http://www.rafayhackingarticles.net/2011/07/from-minor-bug-to-zero-day-exploit.html)
188 | - Avicoder: [Smashing the Stack for Fun & Profit: Revived](https://avicoder.me/2016/02/01/smashsatck-revived/)
189 | - GitHub PrateekJain90: [Exploiting Format String Vulnerabilities](https://github.com/PrateekJain90/ExploitingFormatStringVulnerabilities)
190 | - Phrack Magazine: [Win32 Buffer Overflows](http://phrack.org/issues/55/15.html#article)
191 | - Ricardo Narvaja: [Reversing and Exploiting using free tools](http://ricardonarvaja.info/WEB/EXPLOITING%20Y%20REVERSING%20USANDO%20HERRAMIENTAS%20FREE/INGLES/)
192 | - sghosh2402: [Understanding & Exploiting stack based Buffer Overflows](https://sghosh2402.medium.com/understanding-exploiting-stack-based-buffer-overflows-acf9b8659cba)
193 | - 
194 | 
195 | ***
196 | ## Shell Code
197 | 
198 | - [Understanding Windows Shellcode](http://www.hick.org/code/skape/papers/win32-shellcode.pdf)
199 | 
200 | ***
201 | ## DEP
202 | 
203 | - [DEP Bypass using ROP CHains](https://medium.com/cybersecurityservices/dep-bypass-using-rop-chains-garima-chopra-e8b3361e50ce)
204 | - [A Gentle Intro to ROP and Bypassing DEP](https://cwinfosec.org/Intro-ROP-DEP-Bypass/)
205 | 
206 | ***
207 | ## ASLR
208 | 
209 | - [Whitepaper on Bypassing ASLR/DEP](https://www.exploit-db.com/docs/english/17914-bypassing-aslrdep.pdf)
210 | 
211 | ***
212 | ## OVerwriting the EIP
213 | - [VulnServer: Exploiting TRUN Command via Vanilla EIP Overwrite](https://captmeelo.com/exploitdev/osceprep/2018/06/27/vulnserver-trun.html)
214 | - [CTP/OSCE Prep - Boofuzzing Vulnserver for EIP Overwrite](https://h0mbre.github.io/Boofuzz_to_EIP_Overwrite/#)
215 | 
216 | 
217 | ***
218 | ## Other Stuff
219 | 
220 | - [Buffer Overflows (OSCP Level)](https://oscp.securable.nl/buffer-overflow)
221 | - [OSCP Buffer Overflow Cheat Sheet](https://github.com/V1n1v131r4/OSCP-Buffer-Overflow)
222 | 
223 | </br>
224 | 
225 | - x86/64 bit system architecture:
226 | 	- [Introductory Intel x86: Architecture, Assembly, Applications & Alliteration](http://opensecuritytraining.info/IntroX86.html)
227 | 	- [Introductory Intel x86-64: Architecture, Assembly, Applications & Alliteration](http://opensecuritytraining.info/IntroX86-64.html)
228 | 	- [Intermediate Intel x86: Architecture,Assembly,Applications & Alliteration](http://opensecuritytraining.info/IntermediateX86.html)
229 | 
230 | - [A Crash Course in x86 Assembly for Reverse Engineers](https://sensepost.com/blogstatic/2014/01/SensePost_crash_course_in_x86_assembly-.pdf)
231 | 
232 | </br>
233 | 
234 | - Microsoft Docs: [Windows registry information for advanced users](https://docs.microsoft.com/en-us/troubleshoot/windows-server/performance/windows-registry-advanced-users)
235 | - Microsoft Docs: [x86 Architecture](https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/x86-architecture)
236 | 
237 | 
238 | - [The Basics of IDA Pro](https://resources.infosecinstitute.com/topic/basics-of-ida-pro-2/)
239 | 
240 | - Heap Exploitation Techniques: [GitHub](https://github.com/shellphish/how2heap)
241 | 
242 | - [Exploiting More Binaries by Using Planning to Assemble ROP Attacks](https://scholars.unh.edu/cgi/viewcontent.cgi?article=2376&context=thesis)
243 | - [Analysis of a CVE-2013-3906 Exploit](https://www.crowdstrike.com/blog/analysis-cve-2013-3906-exploit/)
244 | 


--------------------------------------------------------------------------------
/Misc.md:
--------------------------------------------------------------------------------
 1 | # Misc Collection
 2 | 
 3 | ### Tools
 4 | 
 5 | - [PDB Ripper](https://github.com/horsicq/PDBRipper)
 6 | 
 7 | ***
 8 | ### Documentation
 9 | 
10 | - [DevDocs](https://devdocs.io/)
11 | 
12 | ***
13 | ### Blogposts
14 | 
15 | - [Antivirus Event Analysis Cheat Sheet](https://www.nextron-systems.com/2021/08/16/antivirus-event-analysis-cheat-sheet-v1-8-2/) by Nextron Systems
16 | - [Windows API Hashing in Malware](https://www.ired.team/offensive-security/defense-evasion/windows-api-hashing-in-malware) 
17 | - [Data Exfiltrator - A New Tactic for Ransomware Adversaries](https://blog.reversinglabs.com/blog/data-exfiltrator?hss_channel=lcp-974105)
18 | - [Dissecting the last version of Conti Ransomware using a step-by-step Approach](https://cybergeeks.tech/dissecting-the-last-version-of-conti-ransomware-using-a-step-by-step-approach/) by CyberMasterV
19 | - [The difference between Powershell only & process specific AMSI bypasses](https://s3cur3th1ssh1t.github.io/Powershell-and-the-.NET-AMSI-Interface/)
20 | - [Bypass AMSI by manual modification](https://s3cur3th1ssh1t.github.io/Bypass_AMSI_by_manual_modification/)
21 | - [Emulating USB Devices In Python With No Additional Hardware!](https://breaking-the-system.blogspot.com/2014/08/emulating-usb-devices-in-python-with-no.html)
22 | - [Implementing Direct Syscalls Using Hell’s Gate](https://teamhydra.blog/2020/09/18/implementing-direct-syscalls-using-hells-gate/)
23 | - [Hiding Windows API Imports With a Custom Loader](https://blog.christophetd.fr/hiding-windows-api-imports-with-a-customer-loader/)
24 | - [PEB: Where Magic Is Stored](https://malwareandstuff.com/peb-where-magic-is-stored/)
25 | - [LockFile ransomware’s box of tricks: intermittent encryption and evasion](https://news.sophos.com/en-us/2021/08/27/lockfile-ransomwares-box-of-tricks-intermittent-encryption-and-evasion/)
26 | 
27 | ***
28 | ### YouTube
29 | 
30 | - [How Malware Can Resolve APIs By Hash](https://youtu.be/q8of74upT_g) by AGDC Services
31 | - [How to write a parser in C++ (Part 1)](https://www.youtube.com/watch?v=Ql4sG1Aem-I&list=PLaXsdjqTEdE6HsnjMjFzsE-7ag-kxWIZn) by ulitwitness
32 | - [How to Build a Virtual Machine from Scratch](https://www.youtube.com/watch?v=Ql4sG1Aem-I&list=PLaXsdjqTEdE6HsnjMjFzsE-7ag-kxWIZn) by Philip Bohun
33 | - [ChapmanWorld - Software development](https://www.youtube.com/c/ChapmanWorldOnTube/videos)
34 | 
35 | ***
36 | ### Paper
37 | 
38 | - [From a C project, through assembly, to shellcode](https://vx-underground.org/papers/VXUG/Exclusive/FromaCprojectthroughassemblytoshellcodeHasherezade.pdf)
39 | 
40 | ***
41 | ### Pastebin
42 | 
43 | - [Fully undetectable AMSI bypass script 2021](https://pastebin.com/RMYrXZPr?s=09)
44 | 
45 | 
46 | 
47 | 


--------------------------------------------------------------------------------
/Pentesting.md:
--------------------------------------------------------------------------------
 1 | # Pentesting Collection
 2 | 
 3 | 
 4 | ### Privilege Escalation
 5 | 
 6 | - Blog: [Windows Privilege Escalation (Collection)](https://sushant747.gitbooks.io/total-oscp-guide/content/privilege_escalation_windows.html)
 7 | - Blog: [Linux Privilege Escalation (Collection)](https://hacklido.com/blog/330-linux-privilege-escalation)
 8 | - Blog: [Privilege Escalation via fail2ban](https://grumpygeekwrites.wordpress.com/2021/01/29/privilege-escalation-via-fail2ban/)
 9 | - Github: [GossiTheDog/SystemNightMare](https://github.com/GossiTheDog/SystemNightmare)
10 | - Github: [PEASS-ng](https://github.com/carlospolop/PEASS-ng)
11 | - Blogpost: [NFS PrivEsc](https://www.errno.fr/nfs_privesc.html)
12 | - Blogpost: [Bypassing the default UAC manually](https://ivanitlearning.wordpress.com/2019/07/07/bypassing-default-uac-settings-manually/)
13 | - Github: [CLSIDs for JP](https://github.com/ohpe/juicy-potato/blob/master/CLSID/README.md)
14 | - Blogpost: [Using PetitPotam to NTLM Relay to Domain Administrator](https://www.truesec.com/hub/blog/from-stranger-to-da-using-petitpotam-to-ntlm-relay-to-active-directory)
15 | - Paper: [Abusing Kerberos: Kerberoasting ](https://www.exploit-db.com/docs/english/45051-abusing-kerberos---kerberoasting.pdf)
16 | - Github: [Kerberoast](https://github.com/nidem/kerberoast)
17 | - GitHub [aclpwn.py](https://github.com/fox-it/aclpwn.py) 
18 |   - Can be used to perform DCsync attacks and abuse the DACL
19 | 
20 | ***
21 | ### Post Exploitation
22 | 
23 | ***
24 | ### Tools
25 | - Blog: [Mingw-w64: How to compile Windows exploits on Kali Linux](https://www.hackingtutorials.org/exploit-tutorials/mingw-w64-how-to-compile-windows-exploits-on-kali-linux/)
26 | 
27 | ***
28 | ### Misc
29 | 
30 | - Tool Documentation: [Documentation for Mimikatz and other tools](https://tools.thehacker.recipes/)
31 | - Blogpost: [Path Traversal Cheat Sheet: Windows](https://gracefulsecurity.com/path-traversal-cheat-sheet-windows/)
32 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Resource Collection
 2 | 
 3 | Collection of resources for:
 4 | 
 5 | - Programming
 6 | - Obfuscation
 7 | - Reverse Engineering
 8 | - Binary Analyzing/Exploitation
 9 | - Penetration testing/Red Teaming
10 | - & more
11 | 
12 | 
13 | Most of the stuff was taken from other sites and is simply linked here.
14 | 
15 | 


--------------------------------------------------------------------------------
/Reversing-Dotnet.md:
--------------------------------------------------------------------------------
1 | # Dotnet Reversing
2 | 


--------------------------------------------------------------------------------
/Reversing-Native.md:
--------------------------------------------------------------------------------
 1 | # Native Reversing 
 2 | 
 3 | - Reverse Engineering for Beginners (~1400 pages): [here](https://beginners.re/)
 4 |   - Available in: English, Russian, French, German, Japanese, Italian, Plish, Chinese, Korean & Farsi/Persian 
 5 | 
 6 | ***
 7 | ## YouTube
 8 | 
 9 | - GuidedHacking: [Unpacking Tutorials - How to Unpack Binaries](https://www.youtube.com/playlist?list=PLt9cUwGw6CYGfoSL9PUlpKi23z0_R2gz-) (Playlist)
10 | - stacksmashing: [Reversing WannaCry](https://www.youtube.com/playlist?list=PLniOzp3l9V83Yf52IXJTvW9rjstdqkduP)(Playlist)
11 | 


--------------------------------------------------------------------------------
/Server-Hardening.md:
--------------------------------------------------------------------------------
1 | # Windows
2 | 
3 | # Linux
4 | 
5 | - [Full disk encrpytion including /boot with LUKS](https://cryptsetup-team.pages.debian.net/cryptsetup/encrypted-boot.html)
6 | 


--------------------------------------------------------------------------------
/VM Obfuscation.md:
--------------------------------------------------------------------------------
 1 | # VM Obfuscation Collection
 2 | 
 3 | 
 4 | ### Paper
 5 | 
 6 | - [DynOpVm: VM-based Software Obfuscation with Dynamic Opcode Mapping](https://flyer.sis.smu.edu.sg/acns19.pdf)
 7 | - [Enhance Virtual-Machine-Based Code Obfuscation Security Through Dynamic Bytecode Scheduling](https://eprints.lancs.ac.uk/id/eprint/89498/1/DSVMP_C_S.pdf)
 8 | - [Multi-stage Binary Code Obfuscation Using Improved Virtual Machine](https://sci-hub.se/10.1007/978-3-642-24861-0_12)
 9 | - [NISLVMP: Improved Virtual Machine-Based Software Protection](https://sci-hub.se/10.1109/CIS.2013.107)
10 | - [VMGuards: A Novel Virtual Machine BasedCode Protection System with VM Securityas the First Class Design Concern](https://sci-hub.se/10.3390/app8050771)
11 | - [Exploiting Dynamic Scheduling for VM-BasedCode Obfuscation](https://sci-hub.se/10.1109/TrustCom.2016.0101)
12 | - [Enhance virtual-machine-based code obfuscation security through dynamic bytecode scheduling](https://www.sciencedirect.com/science/article/pii/S0167404818300270/pdfft?isDTMRedir=true)
13 | - [VirtSC: Combining Virtualization Obfuscation with Self-Checksumming](https://arxiv.org/pdf/1909.11404.pdf)
14 | - [VCF: Virtual Code Folding to Enhance Virtualization Obfuscation](https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9151995)
15 | 
16 | ***
17 | ### Github
18 | 
19 | - [rewolf-x86-virtualizer](https://github.com/rwfpl/rewolf-x86-virtualizer)
20 | - [phantasm-x86-virtualizer ](https://github.com/layerfsd/phantasm-x86-virtualizer)
21 | - [x86-Code-Virtualizer](https://github.com/NIKJOO/x86-Code-Virtualizer)
22 | 
23 | ***
24 | ### Blogposts
25 | 
26 | - [VMProtect 2 - Detailed Analysis of the Virtual Machine Architecture](https://back.engineering/17/05/2021/)
27 | - [VMProtect 2 - Part Two, Complete Static Analysis](https://back.engineering/21/06/2021/)
28 | - [vmprotect part 0 basics](https://www.msreverseengineering.com/blog/2014/6/23/vmprotect-part-0-basics)
29 | - [VMProtect, Part 1: Bytecode and IR](https://www.msreverseengineering.com/blog/2014/6/23/1v20av0uhf5kygyyaprvj2i6u5ze2a)
30 | - [VMProtect, Part 2: Primer on Optimization](https://www.msreverseengineering.com/blog/2014/6/23/vmprotect-part-2-primer-on-optimization)
31 | - [VMProtect, Part 3: Optimization and Code Generation](https://www.msreverseengineering.com/blog/2014/6/23/vmprotect-part-3-optimization-and-code-generation)
32 | 


--------------------------------------------------------------------------------