├── README.md
└── reference_link.txt
/README.md:
--------------------------------------------------------------------------------
1 | # AWE/OSEE Preparation
2 |
3 | ## Blog
4 | - https://addaxsoft.com/blog/offensive-security-advanced-windows-exploitation-awe-osee-review/
5 | - http://infosecflash.com/2018/11/04/my-awe-experience/
6 | - https://trickster0.wordpress.com/2018/10/27/awe-course-review-by-offensive-security/
7 | - https://www.jscybersec.io/blogpage/Offensive-Security-Exploitation-Expert-OSEE
8 |
9 | ## Public Reference Materials by Module
10 |
11 | ### Module 0x01 DEP/ASLR Bypass and Sandbox Escape via Flash Heap Overflow
12 |
13 | pykd
14 | - https://githomelab.ru/pykd/
15 |
16 | Fldbg, a Pykd script to debug FlashPlayer
17 | - https://www.offensive-security.com/vulndev/fldbg-a-pykd-script-to-debug-flashplayer/
18 |
19 | Windbg Tutorial
20 | - https://www.youtube.com/watch?v=8zBpqc3HkSE
21 |
22 | Windbg Cheat Sheet
23 | - http://windbg.info/doc/1-common-cmds.html
24 |
25 | Discover Flash Player Zero-day Attacks In The Wild From Big Data by Peter Pi
26 | - http://hitcon.org/2015/CMT/download/day1-a-r0.pdf
27 |
28 | Exploit writing tutorial part 10 : Chaining DEP with ROP – the Rubik’s Cube
29 | - https://www.corelan.be/index.php/2010/06/16/exploit-writing-tutorial-part-10-chaining-dep-with-rop-the-rubikstm-cube/
30 |
31 | ### Module 0x02 CFG/ACG Bypass and Sandbox Escape via Microsoft Edge Type Confusion
32 | Morten Schenk - Back to Basics or Bypassing Control Flow Guard with Structured Exception Handler
33 | - https://improsec.com/tech-blog/back-to-basics-or-bypassing-control-flow-guard-with-structured-exception-handler
34 |
35 | Disarming and Bypassing EMET 5.1
36 | - https://www.offensive-security.com/vulndev/disarming-and-bypassing-emet-5-1/
37 |
38 | ### Module 0x03 64-bit Kernel Driver Exploitation
39 | Morten Schenk - Taking Windows 10 Kernel Exploitation to the next level
40 | - https://www.youtube.com/watch?v=Gu_5kkErQ6Y
41 | - https://www.youtube.com/watch?v=IxEKcB5Bvbg
42 | - https://www.blackhat.com/docs/us-17/wednesday/us-17-Schenk-Taking-Windows-10-Kernel-Exploitation-To-The-Next-Level%E2%80%93Leveraging-Write-What-Where-Vulnerabilities-In-Creators-Update.pdf
43 | - https://www.blackhat.com/docs/us-17/wednesday/us-17-Schenk-Taking-Windows-10-Kernel-Exploitation-To-The-Next-Level%E2%80%93Leveraging-Write-What-Where-Vulnerabilities-In-Creators-Update-wp.pdf
44 |
45 | Morten Schenk - Windows Kernel Shellcode on Windows 10
46 | - https://improsec.com/tech-blog/windows-kernel-shellcode-on-windows-10-part-1
47 | - https://improsec.com/tech-blog/windows-kernel-shellcode-on-windows-10-part-2
48 | - https://improsec.com/tech-blog/windows-kernel-shellcode-on-windows-10-part-3
49 | - https://improsec.com/tech-blog/windows-kernel-shellcode-on-windows-10-part-4-there-is-no-code
50 |
51 | ## Extra Mile - Exploit
52 |
53 | ### Avast! 4.7 - 'aavmker4.sys' Local Privilege Escalation
54 | - AWE v2.0 Module 0x5
55 | - https://www.exploit-db.com/exploits/12406/
56 |
57 | ### Microsoft Windows XP/2003 - 'afd.sys' Local Privilege Escalation (MS11-080)
58 | - https://www.offensive-security.com/vulndev/ms11-080-voyage-into-ring-zero/
59 | - https://www.exploit-db.com/exploits/18176/
60 |
61 | ### Microsoft Windows 8.0/8.1 (x64) - 'TrackPopupMenu' Local Privilege Escalation (MS14-058)
62 | - https://blog.trendmicro.com/trendlabs-security-intelligence/an-analysis-of-a-windows-kernel-mode-vulnerability-cve-2014-4113/
63 | - https://dl.packetstormsecurity.net/papers/attack/CVE-2014-4113.pdf
64 | - https://www.exploit-db.com/exploits/37064/
65 |
66 | ### HackSys Extreme Vulnerable Driver (HEVD)
67 | - https://github.com/hacksysteam/HackSysExtremeVulnerableDriver
68 |
--------------------------------------------------------------------------------
/reference_link.txt:
--------------------------------------------------------------------------------
1 | https://www.fuzzysecurity.com/tutorials/expDev/14.html
2 | https://www.abatchy.com/2018/01/kernel-exploitation-1
3 |
4 | pykd: https://githomelab.ru/pykd/
5 |
--------------------------------------------------------------------------------