Posts organized by category
This page contains the posts of this website organized by category
API lookup
- iphlpapi.dll API hash lookup table
- kernel32.dll API hash lookup table
- ntdll.dll API hash lookup table
- ntoskrnl.exe API hash lookup table
- rpcrt4.dll API hash lookup table
- Index of posts with exported functions from Windows link library files
DLL Hijacking
Microsoft 365 and Azure Active Directory
Windows API
- Encoding functions in C/C++
- Enumerating Device Drivers: implementation and connection with APTs
- Map file to process memory utilizing NtCreateSection and NtMapViewOfSection
- Random Windows API code snippets
- Skeleton Code to Create Control Panel Items
- Skeleton Code to Create PoC DLL
- Exporting functions from DLL using the actual function name
- PE Parser in Windows API
- Windows shellcode launching techniques
- Reinventing the wheel: DLL Injection via CreateRemoteThread
- Reinventing the wheel: DLL Injection via SetWindowsHookExA
active directory
- BloodHound Cypher Queries
- Attack Paths in Active Directory: RDP Hijacking
- Attacks in Active Directory: Kerberoast
assembly
detection evasion
kiosk breakout
other
- How to compile/build openssl
- Notes on NetNTLM, relaying and more
- Apache Tomcat Directory Tree
- How to compile/build openssl
- Troubleshooting the error message: A dynamic link library (DLL) initialization routine failed
persistence
- Persistence: Component Object Model (COM) hijacking
- Persistence 101: Looking at the Startup directory as attacker and defender
- Anthology of persistent execution techniques on Linux
- Persistence and Privilege Escalation on Windows via Print Monitors
- Persistence and Privilege Escalation on Windows via Print Processors
- Persistence 101: Looking at the Scheduled Tasks
- Persistence and Privilege Escalation on Windows via Time Providers
- Persistence and Privilege Escalation on Windows via Windows Management Instrumentation Event Subscription