Reverse Dungeon
@reverse_dungeon
4.38K subscribers
733 photos
59 videos
987 files
2.28K links
Reverser's notes
The Mentor
1989
Download Telegram
About
Blog
Apps
Platform
Join
Reverse Dungeon
4.38K subscribers
Reverse Dungeon
ThreadScheduling.pdf
207.7 KB
Windows Kernel Internals Thread Scheduling
640 viewsedited  
Reverse Dungeon
https://brokencore.club/threads/21373

@Eastonia
[BROKENCORE]
Статья - Что такое IRQL и как он работает
Стоит начать с одной картинки Обычно это ставят в конце, но у нас будет в начале Источники информации: Intel Manual Developing Drivers With Windows Driver Foundation: Interrupt Request Levels...
🐳1
534 viewsedited  
Reverse Dungeon
Вариант, как сделать "гдбшные хуки" в windbg

Печатаем строку-название файла, которая передаётся в CreateFile

bp kernel32!CreateFileW ".echotime; .echo====================; du rcx; g"
❤‍🔥1
492 views
Reverse Dungeon
Reverse Dungeon
Setup среды для ядерной отладки Дебаг десятки: install sdk: https://developer.microsoft.com/en-us/windows/downloads/windows-sdk на debuggee: C:\Program Files (x86)\Windows Kits\10\Debuggers\x64 .\kdnet.exe 192.168.0.1 (host addr) Получаем такую строчку:…
myworkspace1.WEW
1.5 KB
мой workspace для windbg
1
483 viewsedited  
Reverse Dungeon
https://www.righto.com/2023/01/reverse-engineering-conditional-jump.html?m=1
Righto
Reverse-engineering the conditional jump circuitry in the 8086 processor
Intel introduced the 8086 microprocessor in 1978 and it had a huge influence on computing. I'm reverse-engineering the 8086 by examining t...
443 views
Reverse Dungeon
😳🫡
🐳6
448 views
Reverse Dungeon
меня кто-то обманывает
пачиму цр8 не меняется.......
🐳3
453 views
Reverse Dungeon
https://ext2fsd.sourceforge.net/documents/irql.htm
ext2fsd.sourceforge.net
Understanding IRQL - http://sysinternals.yeah.net
[ext2fsd]open source ext2 file system driver for winnt/win2k/winxp;[ext2sh]ext2 tools;system internals
485 views
Reverse Dungeon
CVE-2018-8611 Exploiting Windows KTM


https://research.nccgroup.com/2020/04/27/cve-2018-8611-exploiting-windows-ktm-part-1-5-introduction

https://research.nccgroup.com/2020/05/04/cve-2018-8611-exploiting-windows-ktm-part-2-5-patch-analysis-and-basic-triggering

https://research.nccgroup.com/2020/05/11/cve-2018-8611-exploiting-windows-ktm-part-3-5-triggering-the-race-condition-and-debugging-tricks

https://research.nccgroup.com/2020/05/18/cve-2018-8611-exploiting-windows-ktm-part-4-5-from-race-win-to-kernel-read-and-write-primitive

https://research.nccgroup.com/2020/05/25/cve-2018-8611-exploiting-windows-ktm-part-5-5-vulnerability-detection-and-a-better-read-write-primitive
NCC Group Research Blog
CVE-2018-8611 Exploiting Windows KTM Part 1/5 – Introduction
The first of five blog posts exploring the detailed exploitation of CVE-2018-8611.
567 views
Reverse Dungeon
https://www.youtube.com/watch?v=ysWy8fa4IyM&t=707s
YouTube
Windbg: когда у нас не воспроизводится. Александр Головач ➠ CoreHard Autumn 2019
На практике возникают проблемы, которые невозможно воспроизвести и исследовать на стороне разработчика. В таких ситуациях порой бывает невозможно даже организовать удаленный доступ к машине. Во время доклада будут рассмотрены и даны советы по отладке типовых…
2
483 views
Reverse Dungeon
https://github.com/lowleveldesign/debug-recipes/tree/master/debugging-using-windbg
GitHub
debug-recipes/debugging-using-windbg at master · lowleveldesign/debug-recipes
My notes collected while debugging various problems in .NET and native applications. - debug-recipes/debugging-using-windbg at master · lowleveldesign/debug-recipes
464 views
Reverse Dungeon
https://youtu.be/bqubE6m62oM
YouTube
Using WinDbg Episode 1 - Solve a real-world high CPU issue on an Active Directory Domain Controller
Folks kept asking me for publicly-available learning material on how to get started with WinDbg.

Follow me on Twitter @JosephRyanRies
452 views
Reverse Dungeon
https://asciiflow.com
457 views
Reverse Dungeon
Reverse Dungeon
https://youtu.be/bqubE6m62oM
https://www.youtube.com/watch?v=QsqY9joILfo&list=WL&index=3
YouTube
Using WinDbg Episode 2 - Help, the netlogon service won't start!
In which we debug a Windows machine where the netlogon service won't start.

Follow me on Twitter @JosephRyanRies
515 views
Reverse Dungeon
Forwarded from Ralf Hacker Channel (Ralf Hacker)
Только опубликовано крутое исследование по обходу методов анализа EDR на основе трассировки стека

https://0xdarkvortex.dev/proxying-dll-loads-for-hiding-etwti-stack-tracing/

#redtram #maldev
0xdarkvortex.dev
Hiding In PlainSight - Proxying DLL Loads To Hide From ETWTI Stack Tracing
Dark Vortex provides various cybersecurity trainings, products and other services.
1
448 views
Reverse Dungeon
https://hatching.io/blog
hatching.io
Hatching - Automated malware analysis solutions
Automated malware analysis with Hatching Triage, the high-volume sandbox solution for SOCs, CERTs, SOARs, and MSSPs.
508 views
Reverse Dungeon
https://empyreal96.github.io/nt-info-depot/Windows-Kernel-Internals/ObjectManager.pdf
1
514 views
Reverse Dungeon
https://www.youtube.com/watch?v=GM9WQMrSkWk
YouTube
[BSL2022] Windows kernel rootkits for red teams - André Lima
In this presentation, André goes through details of not only things to consider when developing in the kernel but, most importantly, things to consider when developing malware for the Windows kernel.

He explains synchronization when the Operating System…
519 views
Reverse Dungeon
Forwarded from Ralf Hacker Channel (Ralf Hacker)
И ещё одно крутое исследование по обходу EDR!

(По утверждению автора: всех EDR)

https://0xdarkvortex.dev/hiding-in-plainsight/

#redteam #maldev
0xdarkvortex.dev
Hiding In PlainSight - Indirect Syscall is Dead! Long Live Custom Call Stacks
Dark Vortex provides various cybersecurity trainings, products and other services.
428 views
Reverse Dungeon
Forwarded from greg0r0 life&work
Please open Telegram to view this post
VIEW IN TELEGRAM