spotless

Some study notes on LSASS hooking for harvesting interactive logon credentials. https://ired.team/offensive-security/credential-access-and-credential-dumping/intercepting-logon-credentials-by-hooking-msv1_0-spacceptcredentials … Thanks to @_xpn_ for his inspiring posts about mimikatz.

Updated old notes with some C++https://ired.team/offensive-security/persistence/abusing-security-support-provider-and-authentication-packages …

Maybe will be useful to someone at some point: Pulling Web Application Password by Hooking HTML Input Fieldhttps://ired.team/offensive-security/credential-access-and-credential-dumping/stealing-web-application-credentials-by-hooking-input-fields …

A quick note on the last code injection this yearhttps://ired.team/offensive-security/code-injection-process-injection/addressofentrypoint-code-injection-from-an-injected-dll …

Some technical notes on how Windows rootkits hide processes from userland programshttps://ired.team/miscellaneous-reversing-forensics/windows-kernel/manipulating-activeprocesslinks-to-unlink-processes-in-userland …

Some notes on a couple of ways kernel exploits abuse process tokens for privilege escalationhttps://ired.team/miscellaneous-reversing-forensics/windows-kernel/how-kernel-exploits-abuse-tokens-for-privilege-escalation …

Some notes after exploring the Interrupt Descriptor Table in Windows Kernelhttps://ired.team/miscellaneous-reversing-forensics/windows-kernel/interrupt-descriptor-table-idt …

Some notes on an Import Address Table (IAT) Hookinghttps://ired.team/offensive-security/code-injection-process-injection/import-adress-table-iat-hooking …

Some notes on System Service Dispatch Table in Windows Kernelhttps://ired.team/miscellaneous-reversing-forensics/windows-kernel/glimpse-into-ssdt-in-windows-x64-kernel …

Some notes on API hooking for offensive tooling. Credits to @0x09AL and his nifty RdpThief!https://ired.team/offensive-security/code-injection-process-injection/api-monitoring-and-hooking-for-offensive-tooling …

A quick note on how to prevent 3rd party DLLs from injecting into your malwarehttps://ired.team/offensive-security/defense-evasion/preventing-3rd-party-dlls-from-injecting-into-your-processes …

A quick note on Injecting Portable Executables to Remote Processeshttps://ired.team/offensive-security/code-injection-process-injection/pe-injection-executing-pes-inside-remote-processes …

A quick note on code execution via Control Panel items:https://ired.team/offensive-security/code-execution/executing-code-in-control-panel-item-through-an-exported-cplapplet-function …

My notes on Reflective DLL Injection including a simplified POC:https://ired.team/offensive-security/code-injection-process-injection/reflective-dll-injection …