- https://securityxploded.com/memory-execution-of-executable.php
- https://www.elastic.co/blog/process-ghosting-a-new-executable-image-tampering-attack
- https://ponderthebits.com/2018/02/windows-rdp-related-event-logs-identification-tracking-and-investigation/
- https://j00ru.vexillium.org/syscalls/nt/64/
- https://blog.compass-security.com/2022/11/relaying-to-ad-certificate-services-over-rpc/
- https://specterops.io/wp-content/uploads/sites/3/2022/06/Certified_Pre-Owned.pdf
- https://blog.rchapman.org/posts/Linux_System_Call_Table_for_x86_64/ https://hackeradam.com/x86-64-linux-syscalls/
- https://www.gladir.com/LEXIQUE/ASM/jumpif.htm
- https://visualgdb.com/gdbreference/commands/x
- https://learn.microsoft.com/en-us/windows/win32/secauthz/access-mask-format?redirectedfrom=MSDN
- https://medium.com/@youcef.s.kelouaz/writing-a-sliver-c2-powershell-stager-with-shellcode-compression-and-aes-encryption-9725c0201ea8
- https://m0chan.github.io/2019/07/31/How-To-Attack-Kerberos-101.html#as-rep-roasting
- https://rioasmara.com/2020/07/04/kerberoasting-as-req-pre-auth-vs-non-pre-auth/
- https://www.roguelynn.com/words/explain-like-im-5-kerberos/
- https://orange-cyberdefense.github.io/ocd-mindmaps/img/pentest_ad_dark_2023_02.svg
- https://captmeelo.com/redteam/maldev/2022/02/16/libraries-for-maldev.html
- https://0xpat.github.io/Malware_development_part_1/
- https://ajpc500.github.io/nim/Shellcode-Injection-using-Nim-and-Syscalls/
- https://www.doyler.net/security-not-included/executing-shellcode-with-python
- https://mncmb.github.io/Basic-windows-shellcode-injection-with-python/
- https://blog.f0b.org/2022/05/process-injection-on-linux-injecting-into-processes/
- https://cocomelonc.github.io/tutorial/2021/10/27/windows-shellcoding-1.html
- https://nytrosecurity.com/2019/06/30/writing-shellcodes-for-windows-x64/ https://securitycafe.ro/2015/12/14/introduction-to-windows-shellcode-development-part-2/
- https://en.wikipedia.org/wiki/Executable_and_Linkable_Format https://www.man7.org/linux/man-pages/man5/elf.5.html
- https://hackmd.io/@rayanlecat/SkpuOxDSn
- https://www.cert.ssi.gouv.fr/uploads/guide-ad.html
- https://ad-lab.gitbook.io/building-a-windows-ad-lab/lab-setup/building-the-lab/creating-bank.local/creating-amsterdam.bank.local/creating-fileserver-file01
- https://www.thehacker.recipes/
- https://blog.thc.org/infecting-ssh-public-keys-with-backdoors
- https://posts.specterops.io/pass-the-hash-is-dead-long-live-localaccounttokenfilterpolicy-506c25a7c167
- https://xsleaks.dev/
- https://tracker.viriback.com/
- https://www.semperis.com/blog/golden-gmsa-attack/
- https://offsec.almond.consulting/authenticating-with-certificates-when-pkinit-is-not-supported.html
- https://inf0sec.fr/
- https://lolbas-project.github.io/#
- https://gtfobins.github.io/
- https://atomicredteam.io/command-and-control/T1105/
- https://redcanary.com/blog/
- https://unprotect.it/technique/dll-unhooking/
- https://s3cur3th1ssh1t.github.io/Cat_Mouse_or_Chess/
- https://nuts7.fr/zerologon/
- https://bushido-sec.com/index.php/2023/06/25/the-art-of-fuzzing-windows-binaries/
- https://beta.hackndo.com/
- https://0xinfection.github.io/posts/wmi-recon-enum/
- https://www.blackhat.com/docs/us-15/materials/us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A-Persistent%20Asynchronous-And-Fileless-Backdoor-wp.pdf?%3F%3F%3F%3F%3Futm_source=content
- https://dmcxblue.gitbook.io/red-team-notes/execution/windows-management-instrumentation-wmi
- https://check.merox.io/advanced?domain=hardis.fr&type=dmarc&selector=
- https://start.me/p/wMrA5z/cyber-threat-intelligence
- https://portswigger.net/research/exploiting-xss-in-hidden-inputs-and-meta-tags
- https://www.trustedsec.com/blog/hacking-your-cloud-tokens-edition-2-0/
- https://deobfuscate.relative.im/
- https://www.cisa.gov/sites/default/files/2023-07/aa23-201a_csa_threat_actors_exploiting_citrix-cve-2023-3519_to_implant_webshells.pdf
- https://research.aurainfosec.io/pentest/hook-line-and-phishlet/
- https://beginninghacking.net/2022/07/29/letsdefend-pdf-analysis/
- https://videos.didierstevens.com/2022/10/14/png-mimikatz-exe/
- https://media.defcon.org/DEF%20CON%2031/DEF%20CON%2031%20presentations/Ron%20Ben-Yizhak%20-%20NoFilter%20Abusing%20Windows%20Filtering%20Platform%20for%20privilege%20escalation.pdf
- https://www.synacktiv.com/publications/old-bug-shallow-bug-exploiting-ubuntu-at-pwn2own-vancouver-2023
- https://www.crowdstrike.com/blog/falcon-complete-zero-day-exploit-cve-2023-36874/
- https://mystic0x1.github.io/posts/methods-to-backdoor-an-aws-account/
- https://www.ired.team/offensive-security/persistence/dll-proxying-for-persistence
- https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation/dll-hijacking
- https://itm4n.github.io/dll-proxying/
- https://www.wietzebeukema.nl/blog/hijacking-dlls-in-windows
- https://mcsi-library.readthedocs.io/articles/2022/10/powershell-shellcode-part-2.html
- https://san3ncrypt3d.com/2021/08/13/VBAShell/
- https://devblogs.microsoft.com/scripting/learn-how-it-pros-can-use-the-powershell-ast/
- https://pen300.hide01.ir/index.html#video-path=media/video/CSCEO_06_04.mp4&time-offset=91
- https://themayor.notion.site/53512dc072c241589fc45c577ccea2ee?v=7b908e7e76a9416f98f40d9d3843d3cb&p=c5402d9f520a4cd68d4f903019e11f26
- https://research.openanalysis.net/powershell/shellcode/noobsnight/2022/11/24/powershell-shellcode.html
- https://www.youtube.com/watch?v=OuL-7GPhhAQ
- https://www.reddit.com/r/rfelectronics/comments/i4tbu2/an_rf_book_list/?rdt=47958
- https://infocon.org/skills/Ham%20Radio%20Crash%20Course%20-%20Radio/
- https://biot.com/capstats/bpf.html scapy filter syntax
- https://web.archive.org/web/20230403234851/https://pre.empt.dev/posts/maelstrom-the-implant/
- https://www.onworks.net/os-distributions/debian-based/free-kali-linux-online
- https://unix.stackexchange.com/questions/517524/install-tails-with-persistent-storage-on-virtualbox
- https://search.censys.io/
- https://www.shodan.io/
- https://exposingtheinvisible.org/en/guides/vpn-over-tor/
- https://web-check.xyz/
- https://book.blueteamguides.com/
- https://montysecurity.medium.com/analyzing-a-multi-stage-lnk-dropper-d9f0f97fcb02
- https://www.thalesgroup.com/fr/group/journaliste/press-release/cyberthreat-handbook-thales-et-verint-presentent-leur-whos-who-des
- https://www.protect.airbus.com/blog/active-directory-a-canary-under-your-hat/
- https://www.unifiedkillchain.com/assets/The-Unified-Kill-Chain.pdf
- https://exploit.in/
- https://thehackernews.com/
- https://www.rapid7.com/blog/series/emergent-threats/emergent-threats/
- https://attackerkb.com/activity-feed
- https://attackerkb.com/topics
- https://specterops.github.io/TierZeroTable/ https://posts.specterops.io/what-is-tier-zero-part-1-e0da9b7cdfca https://posts.specterops.io/what-is-tier-zero-part-2-6e1d14fddcaf
- https://malpedia.caad.fkie.fraunhofer.de/
- https://thedfirreport.com/
- https://mitre-attack.github.io/attack-navigator/
- https://caldera.mitre.org/
- https://www.youtube.com/watch?v=78RIsFqo9pM
- https://posts.specterops.io/uncovering-the-unknowns-a47c93bb6971
- https://docs.docker.com/network/packet-filtering-firewalls/ https://docs.docker.com/network/
- https://www.microsoft.com/fr-fr/evalcenter/download-windows-server-2022
- https://www.packetlevel.ch/html/scapy/scapyipv6.html
- https://www.kernel.org/doc/html/latest/filesystems/proc.html
- https://www.forensicxlab.com/posts/hibernation/
- https://invictus-ir.medium.com/a-defenders-guide-to-graphrunner-part-i-e01dcc6b6fa7
- https://luemmelsec.github.io/Relaying-101/
- https://tria.ge/
- https://hybrid-analysis.com/
- https://www.virustotal.com/
- https://www.filescan.io/scan
- https://www.joesandbox.com/
- https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dump-credentials-from-lsass-process-without-mimikatz
- https://0xrick.github.io/
- https://www.exploit-db.com/
- https://wikileaks.org/vault7/ (https://wikileaks.org/ciav7p1/cms/page_14587109.html)
- https://unprotect.it/
- https://otx.alienvault.com/
- https://bazaar.abuse.ch/
- https://www.malshare.com/
- https://soc6s.fr/blog-cti/
- https://cybernews.com/news/
- https://www.darkreading.com/attacks-breaches https://www.darkreading.com/threat-intelligence https://www.darkreading.com/vulnerabilities-threats
- https://connect.ed-diamond.com/misc
- https://gbhackers.com/category/vulnerability-android-2/
- https://gbhackers.com/category/threatsattacks/
- https://ntlm.info/
- https://www.tomtombinary.xyz/articles/aliens-versus-predators-2/
- https://www.ledger.com/blog/hacking-adhd-strategies-for-the-modern-developer
- https://davidebove.com/blog/2021/03/27/how-to-dump-process-memory-in-linux/ linux memory dump
- https://andreacristaldi.github.io/APTmap/
- https://icanhaspii.github.io/
- https://www.youtube.com/watch?v=Kqwa-9Tanzw AWS forensic DFIR
- https://apackets.com/
- https://gitlab.com/akihe/radamsa
- https://www.acceis.fr/attaque-par-retro-passage-ldap/
- https://maldevacademy.com/
- https://publication.osintambition.org/8-basic-methods-of-automating-the-collection-of-information-from-company-websites-9757f3cd1e06
- https://www.jamf.com/blog/punycode-attacks/#:~:text=By%20default%2C%20many%20web%20browsers%20use%20the%20xn--,a%20measure%20to%20defend%20against%20Homograph%20phishing%20attacks
- https://hackropole.fr/fr/challenges/web/fcsc2020-web-babel-web/
- https://darkcoding.net/software/a-very-small-rust-binary-indeed/
- https://whoamianony.top/posts/ad-cs-new-ways-to-abuse-manageca-permissions/
- https://otterhacker.github.io/
- https://redlabs.enterprisesecurity.io/
- https://pwnedlabs.io/
- https://azure.enterprisesecurity.io
- https://www.youtube.com/watch?v=SqfDFIQ8kkk
- https://www.youtube.com/watch?app=desktop&v=ggTDxrtxWyM
- https://elixir.bootlin.com/linux/v5.15.137/A/ident/inet_addr
- https://www.akamai.com/blog/security-research/spoofing-dns-by-abusing-dhcp?filter=123
- https://youtube.com/watch?v=QskRb95sQNI
- https://www.rayanle.cat/umbrella-htb-uni-ctf-2023/
- https://0xfa7e.github.io/post/cpts-vs-oscp/
- https://www.outflank.nl/free-training-course-microsoft-office-offensive-tradecraft-for-red-teamers/?source=oftw
- https://archive.is/2019.01.16-232458/https://x89k.cf/infosec/2018/11/03/oscpsurvivalguide.html
- https://www.synacktiv.com/publications/writing-a-decent-win32-keylogger-13
- https://ss64.com/bash/syntax-keyboard.html
- https://hunter.how/
- https://rbaskets.in/web
- https://r3kapig-not1on.notion.site/2023-4828bf0bb74e45cabce2288370402dc0
- https://swisskyrepo.github.io/InternalAllTheThings/
- https://secret.club/2020/04/23/directory-deletion-shell.html
- https://www.synacktiv.com/en/publications/kubernetes-namespaces-isolation-what-it-is-what-it-isnt-life-universe-and-everything
- https://labs.nettitude.com/blog/creating-an-opsec-safe-loader-for-red-team-operations/
- https://malwaretech.com/2023/12/an-introduction-to-bypassing-user-mode-edr-hooks.html
- https://malwaretech.com/2024/02/bypassing-edrs-with-edr-preload.html
- https://drive.google.com/drive/u/0/folders/1if6MCeBCj8sxWwJIKhtgwU0GBuBW8uLx?s=09
- https://blog.redteam-pentesting.de/2024/bitwarden-heist/
- https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDAC-policy-for-BYOVD-Kernel-mode-only-protection
- https://www.vergiliusproject.com/kernels/x64/Windows%2011/23H2%20(2023%20Update)
- https://ntdoc.m417z.com/
- http://undocumented.ntinternals.net/
- http://terminus.rewolf.pl/terminus/
- http://ropgadget.com/posts/abusing_win_functions.html
- https://www.rapid7.com/blog/post/2019/01/03/santas-elfs-running-linux-executables-without-execve/
- https://www.mdsec.co.uk/2024/01/cve-2024-20656-local-privilege-escalation-in-vsstandardcollectorservice150-service/
- https://itm4n.github.io/insomnihack-2024-cache-cache/
- https://www.hudsonrock.com/search
- https://www.offensiveosint.io/
- https://www.whoxy.com/
- https://crt.sh/
- https://dnsdumpster.com/
- https://epieos.com/
- https://castrickclues.com/
- https://app.ens.domains/
- https://dns.decentraweb.org/sld
- https://0x434b.dev/overview-of-glibc-heap-exploitation-techniques/
- https://iter.ca/post/gh-sig-pwn/
- https://hunter.io/
- https://phonebook.cz/
- https://intelx.io/
- https://wigle.net/
- https://publicwww.com/
- https://exploit.in/
- https://xss.is/
- https://www.hackcyom.com/2024/01/from-zero-to-hero-ad-adventure-1/
- https://osintframework.com/
- https://map.malfrats.industries/
- https://start.me/
- https://inteltechniques.com/
- https://www.pappers.fr/recherche
- https://www.info-clipper.com/
- https://www.own.security/blog/probiv-an-illegal-service-used-for-many-purposes
- https://www.thispersondoesnotexist.com/
- https://thispersonnotexist.org/
- https://this-person-does-not-exist.com/en
- https://thispersondoesnotexist.tools/
- https://fmhy.xyz/
- https://app.osintracker.com/investigations
- https://app.apollo.io/
- https://www.falstad.com/circuit/circuitjs.html
- https://everycircuit.com/
- https://illicit.services/
- https://www.blackhillsinfosec.com/wp-content/uploads/2021/03/SLIDES_OPSECFundamentalsRemoteRedTeams-1.pdf
- https://sensepost.com/blog/2024/sensecon-23-from-windows-drivers-to-an-almost-fully-working-edr/
- https://trustedsec.com/blog/js-tap-weaponizing-javascript-for-red-teams
- https://blog.malicious.group/automating-c2-infrastructure-with-terraform-nebula-caddy-and-cobalt-strike/
- https://cube0x0.github.io/Pocing-Beyond-DA/
- https://www.netspi.com/blog/technical/network-penetration-testing/exploiting-adidns/
- https://janbakker.tech/evilginx-resources-for-microsoft-365/
- https://msrc.microsoft.com/update-guide/
- https://0xswitch.fr/
- https://zweilosec.gitbook.io/
- https://0xdf.gitlab.io/
- https://axelp.io/MouseTrap
- https://www.freecodecamp.org/news/rtlo-in-hacking/
- https://redops.at/en/blog/exploring-hells-gate
- https://redops.at/en/blog/edr-analysis-leveraging-fake-dlls-guard-pages-and-veh-for-enhanced-detection
- https://chrollo-dll.gitbook.io/chrollo/security-blogs/cloud-pentesting/aws/cloudgoat-vulnerable-lambda
- https://medium.com/@sam.rothlisberger/embed-a-malicious-executable-in-a-normal-pdf-or-exe-81ee5339707e
- https://whiteknightlabs.com/2023/05/23/unleashing-the-unseen-harnessing-the-power-of-cobalt-strike-profiles-for-edr-evasion/
- https://pauljerimy.com/security-certification-roadmap/
- https://riccardoancarani.github.io/
- https://her0ness.github.io/
- https://posts.specterops.io/adcs-esc13-abuse-technique-fda4272fbd53
- https://medium.com/@lsecqt/weaponizing-dll-hijacking-via-dll-proxying-3983a8249de0
- https://matheuzsecurity.github.io/hacking/linux-threat-hunting-persistence/
- https://godbolt.org/
- https://decoder.cloud/2024/02/26/hello-im-your-adcs-server-and-i-want-to-authenticate-against-you/
- https://www.outflank.nl/blog/2019/05/05/evil-clippy-ms-office-maldoc-assistant/
- https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/
- https://medium.com/@airlockdigital/make-phishing-great-again-vsto-office-files-are-the-new-macro-nightmare-e09fcadef010
- https://sabotagesec.com/the-lazy-guide-to-reverse-rpc/
- https://itm4n.github.io/fuzzing-windows-rpc-rpcview/
- https://forensics.wiki/
- https://docs.google.com/document/d/1KByZzrdwQhrXGPPCf9tUzERZyRzg0xOpGbWoDURZxTI/edit
- https://www.dre.vanderbilt.edu/~schmidt/android/android-4.0/dalvik/docs/dex-format.html
- https://source.android.com/docs/core/runtime/dex-format?hl=fr
- https://torrentcome.github.io/def/dex/
- https://www.guitmz.com/page/4/
- https://magisterquis.github.io/2018/03/31/in-memory-only-elf-execution.html
- https://reverse.zip/categories/introduction-au-reverse/
- https://graphviz.org/
- https://blu3eye.gitbook.io/malware-insight
- https://medium.com/tenable-techblog/uac-bypass-by-mocking-trusted-directories-24a96675f6e
- https://blog.lexfo.fr/lockbit-malware.html
- https://fy.blackhats.net.au/
- https://blog.malicious.group/writing-your-own-rdi-srdi-loader-using-c-and-asm/
- http://www.cse.yorku.ca/~oz/hash.html
- https://noman-minhas.surge.sh/malware_research/rust_remote_shellcode_injection
- https://ajpc500.github.io/nim/Shellcode-Injection-using-Nim-and-Syscalls/
- https://pyinstxtractor-web.netlify.app/
- https://pylingual.io/
- https://malapi.io/
- https://redops.at/en/knowledge-base
- https://www.ired.team/offensive-security/code-injection-process-injection/backdooring-portable-executables-pe-with-shellcode
- https://research.checkpoint.com/2023/rust-binary-analysis-feature-by-feature/
- https://lots-project.com/
- https://zenalt.fr/
- https://docs.nats.io/
- https://isecjobs.com/
- https://media.defcon.org/DEF%20CON%2032/DEF%20CON%2032%20presentations/
- https://maester.dev/
- https://dirkjanm.io/
- https://hackingthe.cloud/
- https://swisskyrepo.github.io/InternalAllTheThings/cloud/aws/AWS%20Pentest/
- https://swisskyrepo.github.io/InternalAllTheThings/cloud/azure/azure-access-and-token/
- https://redcanary.com/threat-detection-report/techniques/mark-of-the-web-bypass/
- https://cloud.hacktricks.xyz/welcome/readme
- https://computernewb.com/isos/windows/
- https://files.rg-adguard.net/files/d2aebbf5-32ca-c317-4652-7ef7cac3c6cf
- https://massgrave.dev/genuine-installation-media
- https://www.edr-telemetry.com/windows.html
- https://detect.fyi/edr-telemetry-project-a-comprehensive-comparison-d5ed1745384b (https://docs.google.com/spreadsheets/d/1ZMFrD6F6tvPtf_8McC-kWrNBBec_6Si3NW6AoWf3Kbg/edit?gid=1993314609#gid=1993314609)
- https://support.microsoft.com/en-us/office/blocked-attachments-in-outlook-434752e1-02d3-4e90-9124-8b81e49a8519
- https://www.blackhillsinfosec.com/rogue-rdp-revisiting-initial-access-methods/
- https://hardwear.io/archives/
- https://docs.velociraptor.app/
- https://www.sans.org/posters/
- https://paracyberbellum.io/
- https://bonjourlafuite.eu.org/
- https://canarytokens.org/nest/
- https://zeltser.com/security-incident-questionnaire-cheat-sheet/
- https://face.co/
- https://blog.quarkslab.com/why-is-exposing-the-docker-socket-a-really-bad-idea.html
- https://chocolatecoat4n6.com/
- https://www.gdatasoftware.com/blog/2021/09/an-overview-of-malware-hashing-algorithms
- https://wirediver.com/tutorial-writing-a-pe-packer-intro/
- https://github.com/frank2/packer-tutorial
- https://dbus.freedesktop.org/doc/dbus-specification.html
- https://security-links.hdks.org/
- https://cloudbrothers.info/en/current-limits-defender-av-tamper-protection/
- https://www.boiteaklou.fr/Abusing-Shared-Libraries.html
- https://infosecwriteups.com/free-vps-for-ethical-hacking-and-bug-bounty-hunting-d9098c2fbe2a
- https://shell.segfault.net/#/dashboard
- https://erpaciocco.github.io/2025/windows-ipc-in-depth-5/
- https://doc.fedora-fr.org/wiki/Obsol%C3%A8te_-_Parefeu_-_firewall_-_netfilter_-_iptables
- https://connect.ed-diamond.com/MISC/misc-064/discussion-autour-de-netfilter
- https://krptyk.com/2023/09/20/dll-shellcode-loader-bypass-defender/
- https://www.akamai.com/blog/security-research/2025-february-abusing-vbs-enclaves-evasive-malware
- https://www.unicode.org/versions/Unicode15.0.0/
- https://www.sans.org/blog/the-ultimate-list-of-sans-cheat-sheets/
- https://flatcap.github.io/linux-ntfs/ntfs/attributes/index.html
- https://medium.com/@mathias.fuchs/the-impact-of-microsofts-refs-on-dfir-cdb78f401bfd (https://blog.bi0s.in/2024/03/12/Forensics/ReAL-File-System-bi0sCTF2024/)
- https://blog.lexfo.fr/the-business-of-forged-documents-investigation.html
- https://www.theregister.com/2025/05/11/cpu_ransomware_rapid7
- https://notebooklm.google.com/
-
Notifications
You must be signed in to change notification settings - Fork 0
grgmrtn255/Links
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
 |  | |||
Repository files navigation
About
No description, website, or topics provided.
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published