Index of ingest resources
https://csandker.io/2021/01/10/Offensive-Windows-IPC-1-NamedPipes.html
https://csandker.io/2021/02/21/Offensive-Windows-IPC-2-RPC.html
https://csandker.io/2022/05/24/Offensive-Windows-IPC-3-ALPC.html
This blog has more interesting Windows Internals topics
Interesting Linux Syscalls Tables
https://syscalls.mebeim.net/?table=x86/64/x64/latest
Living Off The Land
https://lolbas-project.github.io/#
Iptables cheatsheet
Windows API Cheatsheet
https://github.com/7etsuo/windows-api-function-cheatsheets
AD credentials harvesting from Request Smuggling
https://tij.me/blog/harvesting-active-directory-credentials-via-http-request-smuggling/
Multithreading in C (Linux)
https://x.com/7etsuo/status/1823584755398664370
Intro to Linux Kernel Exploitation
https://blog.k3170makan.com/2020/11/linux-kernel-exploitation-0x0-debugging.html
http://blog.k3170makan.com/2020/11/linux-kernel-exploitation-0x1-smashing.html
https://blog.k3170makan.com/2021/01/linux-kernel-exploitation-0x2.html
Useful LPE workshop Linux and Windows
https://github.com/sagishahar/lpeworkshop?tab=readme-ov-file
tooling for SUID enum
https://github.com/Anon-Exploiter/SUID3NUM
FUSE based Linux Kernel exploitation
https://exploiter.dev/blog/2022/FUSE-exploit.html
Linux LPE cheatsheet
Windows Security Descriptor
Android Drivers Exploitation
https://googleprojectzero.blogspot.com/2024/06/driving-forward-in-android-drivers.html
Linux System Call Tracer: https://sh4dy.com/2024/08/03/beetracer/
Chromium V8 Heap Sandbox Evasion
https://anvbis.au/posts/code-execution-in-chromiums-v8-heap-sandbox/
Heap Exploitation Series
https://x.com/0xor0ne/status/1818663168517767544
Reverse Engineering AWS Session Tokens
https://medium.com/@TalBeerySec/revealing-the-inner-structure-of-aws-session-tokens-a6c76469cba7
Chrome Exploitation Introduction
https://www.matteomalvica.com/blog/2024/06/05/intro-v8-exploitation-maglev/
Cool Windows Kernel Exploitation adn Reversing resources
https://x.com/7etsuo/status/1816285806547591371
Certs in MSIX ???
https://x.com/SquiblydooBlog/status/1811003687566754034
Linux Process Memory Layout
https://x.com/7etsuo/status/1810523604217639357
Windows Access Tokens
Active Directory Cheatsheet
https://aas-s3curity.gitbook.io/cheatsheet/internalpentest/active-directory
iOS mobile auth attack
https://evanconnelly.github.io/post/ios-oauth/
Forest Compromise through AMA abuse
https://blog.qdsecurity.se/2024/04/07/forest-compromise-through-ama-abuse/
ARM64 Reversing and Exploitation Series
https://8ksec.io/arm-64-reversing-and-exploitation-series/
LDAP offensive queries
https://www.politoinc.com/post/ldap-queries-for-offensive-and-defensive-operations
Sockets without Winsocks!!!
https://www.x86matthew.com/view_post?id=ntsockets
Some interesting pentest notes
https://securitycipher.com/docs/security/penetration-testing-tricks/
Cloud hacking cheatsheets
Javascript files and wayback
waybackurls url | grep '.js$' | awk -F '?' '{print $1}' | sort -u | xargs -I{} python lazyegg[.]py "{}" --js_urls --domains --ips > urls && cat urls | grep '.' | sort -u | xargs -I{} httpx -silent -u {} -sc -title -td
Win32 memory internals
IOT exploitation series
https://x.com/0xor0ne/status/1797297237032153478
Android ART Hijacking based obfuscation
https://blog.quarkslab.com/dji-the-art-of-obfuscation.html
Linux Kernel Internals
https://linux-kernel-labs.github.io/refs/heads/master/index.html
Mega Awesome List
https://github.com/0xor0ne/awesome-list/tree/main
IDOR cheathseet
SSTI
sdclt.exe fileless uac bypass
https://posts.specterops.io/fileless-uac-bypass-using-sdclt-exe-3e9f9ad4e2b3
Websec mindmap
Stack Spoofing Intro
https://dtsec.us/2023-09-15-StackSpoofin/
Signing Trusted in Azure
AD mind map
https://xmind.ai/share/uA1rWwCT
SS7 exploitation
https://www.enea.com/insights/the-hunt-for-hiddenart/
Azure Agents and Defender for Endpoints
Windows UEFI bootkit
https://github.com/memN0ps/redlotus-rs
LTE Sniffer
https://github.com/SysSec-KAIST/LTESniffer
Browser Fingerprinting Checker
https://niespodd.github.io/browser-fingerprinting/
Akamai
https://github.com/luluhoc/akamai_v2_toolkit https://github.com/xvertile/akamai-bmp-generator https://github.com/HypePhilosophy/Akamai_Sensor_Generator
Hcaptca anaylsis
https://github.com/d4c5d1e0/hcaptcha
Hardware Hacking BIOS
https://cybercx.co.nz/blog/bypassing-bios-password/
Active Directory Cheatsheet
https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet
SIM hijacking
https://sensepost.com/blog/2022/sim-hijacking/
.NET deserealization attack using XAML formatter
https://knifecoat.com/Posts/ObjectDataProvider+Deserialization+using+a+Xaml+Formatter
Binary Diffing
Bitlocker key tpm
https://astralvx.com/stealing-the-bitlocker-key-from-a-tpm/
OLE object exploitaiton
https://github.com/edwardzpeng/presentations/tree/main/POC%202023
Abusing OAUTH
https://salt.security/blog/oh-auth-abusing-oauth-to-take-over-millions-of-accounts
Trickbot Webinjects analysis
https://unit42.paloaltonetworks.com/banking-trojan-techniques/
Segment Selectors and Segmentation Registers
https://pokhym.com/2016/12/31/segment-selectors-and-segmentation-registers/
https://www.cybereason.com/blog/dcom-lateral-movement-techniques
https://securityonline.info/cve-2024-8105-an-uefi-flaw-putting-millions-of-devices-at-risk/
https://0xinfection.github.io/reversing/
https://github.com/enigma0x3/Misc-PowerShell-Stuff/blob/master/Get-ScheduledTaskComHandler.ps1
https://github.com/3gstudent/COM-Object-hijacking
https://github.com/nccgroup/acCOMplice
https://bohops.com/2018/06/28/abusing-com-registry-structure-clsid-localserver32-inprocserver32/
https://pentestlab.blog/2020/05/20/persistence-com-hijacking/
https://void-stack.github.io/blog/post-VMUnprotect-PART1/
https://www.cencenelec.eu/areas-of-work/xfs_cwa15748_310_release/
https://www.codeproject.com/Articles/662735/Internals-of-Windows-Thread https://blog.deeb.ch/posts/how-edr-works/#intro
Last updated
Was this helpful?