/windows-exploitation

Fully based on Advanced Windows exploitation. Kernel driver exploitation, browser exploitation, heap spraying etc....

Advanced Windows exploit development resources

Some resources, links, books, and papers related to mostly Windows Internals and anything Windows kernel related. Mostly talks and videos that I enjoyed watching.

Really important resources

Must watch / read (if you could chose a few) - all time favorites

Windows Rootkits

Talks / video recordings

Articles / papers

Windows kernel mitigations

Talks / video recordings

Articles / papers

General mitigation papers

kASLR

SMEP

CET

Windows kernel shellcode

Articles / papers

Windows kernel exploitation

Talks / video recordings

Articles / papers

Windows kernel GDI exploitation

Talks / video recordings

Articles / papers

Windows kernel Win32k.sys research

Talks / video recordings

Articles / papers

Windows Kernel logic bugs

Talks / video recordings

Articles / papers

Windows kernel driver development

Talks / video recordings

Articles / papers

Windows internals

Talks / video recordings

Articles / papers

Advanced Windows debugging

Talks / video recordings

Articles / papers

0days - APT advanced malware research

Talks / video recordings

Articles / papers

Video game cheating (kernel mode stuff sometimes)

Talks / video recordings

Articles / papers

Hyper-V and VM / sandbox escape

Talks / video recordings

Articles / papers

Fuzzing

Talks / video recordings

Articles / papers

Windows browser exploitation

Talks / video recordings

Favorite books of mine

  • Windows Internals, Part 1 (Pavel Yosifovich, and some others)
  • Windows 10 System Programming, Part 1 (Pavel Yosifovich)
  • Windows 10 System Programming, Part 2 (Pavel Yosifovich)
  • Windows Kernel Programming (Pavel Yosifovich)
  • Rootkits: Subverting the Windows Kernel
  • The Rootkit Arsenal
  • Intel® 64 and IA-32 Architectures Software Developer Manuals

Related certifications and courses

Courses

  • Advanced Windows Exploitation (AWE)
  • Sans 660
  • Sans 760
  • Corelan "Bootcamp" training
  • Corelan "Advanced" training

Certifications

  • Offensive Security Exploitation Expert (OSEE)
  • Giac GXPN