https://r0tbyt3.dev/wiki/Recent content in Wikis on Jesus OsegueraHugoen-ushttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/persistence/abusing-wmi-for-persistence/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/persistence/abusing-wmi-for-persistence/Abusing WMI for Persistence Abusing WMI for Persistence - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Introduction to Windows Persistence Persistence via COM Object Hijacking Persistence via Electron Applications Persistence via File System Persistence via Startup Folder Persistence via Windows Registry Persistence via Windows Services Persistence via Windows Taskshttps://r0tbyt3.dev/wiki/content/backend-engineering/security/authorization/access-control-lists-acls/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/security/authorization/access-control-lists-acls/Access control lists (ACLs) Access Control Lists - lists defining which users or systems are granted access to specific resources. Related Links: Attribute-based access control (ABAC) Capability-based access control OAuth OpenID Connect (OIDC) Role-based access control (RBAC)https://r0tbyt3.dev/wiki/content/embedded-systems/c-language/accessing-memory-mapped-registers-with-pointers/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/c-language/accessing-memory-mapped-registers-with-pointers/Accessing Memory-Mapped Registers with Pointers Accessing Memory-Mapped Registers with Pointers - technique for directly reading and writing hardware registers by casting their addresses to typed pointer types in C. Related Links: Bitwise Operators and Bit Manipulation Techniques Compiler Optimization Behavior and volatile Fixes Complex const and volatile Combinations Control Flow for Firmware Data Types, Variables, and Storage Class Specifiers Defensive C Patterns for Vulnerability Prevention ELF File Format, Symbols, Sections, and Segments Functions and Modular Firmware Design Pointers and Casting in Embedded C Register Definitions with C Structures Relocation, Linking, Literal Pools, and Veneers Structures, Bitfields, Unions, and Bit Extraction Toolchain Fundamentalshttps://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-fundamentals/acid/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-fundamentals/acid/ACID ACID - properties (Atomicity, Consistency, Isolation, Durability) that guarantee reliable database transactions. Atomicity - a transaction is either completed or not at all. Consistency - a transaction must bring the database from one valid state to another. Isolation - concurrent transactions must not affect each other. Durability - once a transaction is committed, it must persist even in the event of a system failure. Atomicity Example Scenario Scenario: A transaction to transfer $100 from account A to account B fails due to a system failure.https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/acoustic-communication-exploits/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/acoustic-communication-exploits/Acoustic Communication Exploits Acoustic Communication Exploits - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Bluetooth Exploits Deauth Evil Twin Attacks Infrared Exploits Near-Field Communication (NFC) Exploits Power Line Communication Exploits Quantum Communication Exploits Radio Frequency Exploits Rogue Access Point Satellite Communication Exploits Ultrasonic Communication Exploits Visible Light Communication Exploits WiFi Exploitshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory/Active Directory Active Directory - Microsoft’s directory service for managing users, computers, and policies in Windows domain environments. Active Directory Fundamentals Group Administration IAM Policies Identity and Access Management Fundamentals Identity Federation Pass the Hash Privileged Access Management User Administration Related Links: Active Directory Enumeration Create Shortcut via IShellLink COM Interface File Creation File Operations Windows Administration Windows Exploitation Write File to Diskhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/Active Directory Enumeration Active Directory Enumeration - techniques for querying Active Directory to gather information about users, groups, computers, and domain configuration. Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumeration Related Links: Active Directory Create Shortcut via IShellLink COM Interface File Creation File Operations Windows Administration Windows Exploitation Write File to Diskhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory/active-directory-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory/active-directory-fundamentals/Active Directory Fundamentals Active Directory Fundamentals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Group Administration IAM Policies Identity and Access Management Fundamentals Identity Federation Pass the Hash Privileged Access Management User Administrationhttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/ad-blocker-detection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/ad-blocker-detection/Ad Blocker Detection Ad Blocker Detection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Bot Library Anti-Bot via Advanced JA4 Analysis Anti-Bot via CAPTCHA Anti-Bot via Improper Window Size Anti-Bot via User Agent Filtering Anti-Bot via User Agent Spoofing Detection Anti-Bot via User Interaction Client Analysis via Cloudflare Workers Client Logging Library Collecting and Analyzing Bot Telemetry Collecting and Analyzing JA4 Bot Telemetry Detecting Headless Browsers via WebDriver Property Incognito Mode Detection JA3 JA3S Fingerprinting JA4 Analysis Blacklisting JA4 Fingerprints JA4 Analysis Blacklisting Partial JA4 Fingerprints JA4 Analysis Calculating JA4 Fingerprints JA4 Analysis Whitelisting Partial JA4 Fingerprints JA4 JA4S Fingerprinting JARM Fingerprintinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/add-binary-icon/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/add-binary-icon/Add Binary Icon Add Binary Icon - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/add-user-to-local-group/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/add-user-to-local-group/Add User to Local Group Add User to Local Group - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/backend-engineering/python/language-fundamentals/advanced-functions/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/python/language-fundamentals/advanced-functions/Advanced functions Advanced Functions - higher-order functions, decorators, generators, and closures in Python. Higher-order Functions Higher-order functions - functions that can take other functions as arguments or return them as results. Examples: def apply_function(func, value): return func(value) def square(x): return x ** 2 result = apply_function(square, 5) # calls square(5) inside apply_function print(result) # Output: 25 Decorators Decorators - functions that modify the behavior of other functions or methods. Examples:https://r0tbyt3.dev/wiki/content/backend-engineering/databases/sql/advanced-sql/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/sql/advanced-sql/Advanced SQL Advanced SQL - complex SQL techniques including window functions, CTEs, and query optimization. Related Links: Aggregate queries Common table expressions (CTEs) Dynamic SQL Join queries Pivot and unpivot operations Recursive queries Select, insert, delete, update statements Stored procedures and triggers Subqueries Views Window functionshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/adversary-in-the-middle-aitm-via-evilginx/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/adversary-in-the-middle-aitm-via-evilginx/Adversary in the Middle (AitM) via Evilginx Adversary in the Middle (AitM) via Evilginx - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Customizing Evilginx OPSEC Configuration Dynamic Device Code Phishing Evilginx Phishlet Development Evilginx URL Rewriting GitHub Device Code Phishing GitLab Device Code Phishing Illicit Consent Grant Invisible Proxy OPSEC Considerations Manual TOTP Harvesting MFA Bypass Azure AitM Phishing MFA Bypass Building an Invisible Proxy MFA Bypass Building an Invisible Proxy via Cloudflare Workers Microsoft Device Code Phishing Protecting Evilginx Server via Caddyhttps://r0tbyt3.dev/wiki/content/cybersecurity/encryption/aes/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/encryption/aes/AES AES - Advanced Encryption Standard implementations across various libraries and APIs for use in security tooling. AES Decryption Encryption via CTAES Library AES Decryption Encryption via Tiny AES Library AES Decryption Encryption via WinAPIs AES Encryption Decryption Related Links: Base N Encoder Entropy Reduction Brute Forcing Key Decryption Caesar Cipher Encryption Decryption ChaCha20 Encryption Algorithm Data Encryption Techniques Encryption Fundamentals Generating Encryption Keys Without WinAPI Calls Random Key Generation RC4 SystemFunction040 Encryption Decryption XOR Encryption Decryption via Multi-Byte Key XOR Encryption Decryption via Single Bytehttps://r0tbyt3.dev/wiki/content/cybersecurity/encryption/aes/aes-decryption-encryption-via-ctaes-library/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/encryption/aes/aes-decryption-encryption-via-ctaes-library/AES Decryption Encryption via CTAES Library AES Decryption Encryption via CTAES Library - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AES Decryption Encryption via Tiny AES Library AES Decryption Encryption via WinAPIs AES Encryption Decryptionhttps://r0tbyt3.dev/wiki/content/cybersecurity/encryption/aes/aes-decryption-encryption-via-tiny-aes-library/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/encryption/aes/aes-decryption-encryption-via-tiny-aes-library/AES Decryption Encryption via Tiny AES Library AES Decryption Encryption via Tiny AES Library - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AES Decryption Encryption via CTAES Library AES Decryption Encryption via WinAPIs AES Encryption Decryptionhttps://r0tbyt3.dev/wiki/content/cybersecurity/encryption/aes/aes-decryption-encryption-via-winapis/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/encryption/aes/aes-decryption-encryption-via-winapis/AES Decryption Encryption via WinAPIs AES Decryption Encryption via WinAPIs - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AES Decryption Encryption via CTAES Library AES Decryption Encryption via Tiny AES Library AES Encryption Decryptionhttps://r0tbyt3.dev/wiki/content/cybersecurity/encryption/aes/aes-encryption-decryption/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/encryption/aes/aes-encryption-decryption/AES Encryption Decryption AES Encryption Decryption - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AES Decryption Encryption via CTAES Library AES Decryption Encryption via Tiny AES Library AES Decryption Encryption via WinAPIshttps://r0tbyt3.dev/wiki/content/backend-engineering/databases/sql/aggregate-queries/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/sql/aggregate-queries/Aggregate queries Aggregate Queries - SQL queries using functions like COUNT, SUM, and AVG to summarize data. Related Links: Advanced SQL Common table expressions (CTEs) Dynamic SQL Join queries Pivot and unpivot operations Recursive queries Select, insert, delete, update statements Stored procedures and triggers Subqueries Views Window functionshttps://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/ci-cd/devops-fundamentals/agile-and-scrum/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/ci-cd/devops-fundamentals/agile-and-scrum/Agile and Scrum Agile and Scrum - iterative software development methodology using sprints, standups, and retrospectives for continuous delivery. Related Links: DevOps and DevSecOps Fundamentals Phases of DevOps Software Delivery Models Waterfall vs Agile vs DevOpshttps://r0tbyt3.dev/wiki/content/backend-engineering/python/ai-and-llms/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/python/ai-and-llms/AI and LLMs AI and LLMs - integrating AI models and large language model capabilities into Python backend applications. Ai in development Embeddings Function calling RAGs Structured outputs Related Links: Language Fundamentals Software Engineeringhttps://r0tbyt3.dev/wiki/content/backend-engineering/python/ai-and-llms/ai-in-development/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/python/ai-and-llms/ai-in-development/Ai in development AI in Development - using AI tools and LLMs to enhance developer workflows and productivity. Related Links: Embeddings Function calling RAGs Structured outputshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/ai-generated-malware/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/ai-generated-malware/AI-Generated Malware AI-Generated Malware - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/AitM and MFA Bypass AitM and MFA Bypass - adversary-in-the-middle proxy techniques and OAuth device code flows used to bypass multi-factor authentication. Adversary in the Middle (AitM) via Evilginx Customizing Evilginx OPSEC Configuration Dynamic Device Code Phishing Evilginx Phishlet Development Evilginx URL Rewriting GitHub Device Code Phishing GitLab Device Code Phishing Illicit Consent Grant Invisible Proxy OPSEC Considerations Manual TOTP Harvesting MFA Bypass Azure AitM Phishing MFA Bypass Building an Invisible Proxy MFA Bypass Building an Invisible Proxy via Cloudflare Workers Microsoft Device Code Phishing Protecting Evilginx Server via Caddy Related Links: Anti-Bot Email Attachments and Phishing Campaigns HTML Smuggling Infrastructure Introduction to Phishing Page Design and Delivery Phishing Anti-Analysis Phishing Requirementshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/alertable-functions/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/alertable-functions/Alertable Functions Alertable Functions - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/backend-engineering/dsa/algorithms/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/dsa/algorithms/Algorithms Algorithms - core algorithmic techniques and their Python 3 implementations for technical interview preparation. Backtracking Big O Notation Bit Manipulation Divide and Conquer Dynamic Programming Graph Algorithms Greedy Algorithms Recursion Searching Sorting Related Links: Data Structures Patternshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/alwaysinstallelevated-privilege-escalation-check/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/alwaysinstallelevated-privilege-escalation-check/AlwaysInstallElevated Privilege Escalation Check AlwaysInstallElevated Privilege Escalation Check - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Brute Force vs Password Spraying Windows Check HKCU AlwaysInstallElevated Check HKLM AlwaysInstallElevated DLL Hijacking Elevate Process to SYSTEM Enable SeDebugPrivilege Exploitation Enable WDigest for Credential Capture Jail Breaking Lateral Movement Techniques Living Off the Land (LOTL) Techniques Maintaining Persistence Techniques Move File to Startup Folder Persistence via Startup Folder Privilege Escalation Techniques Python Jail Breaking Registry Kill Switchhttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/amsi-bypass/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/amsi-bypass/AMSI Bypass AMSI Bypass - techniques for disabling or circumventing the Antimalware Scan Interface to prevent PowerShell and script content from being scanned. AMSI Bypass Byte Patching AMSI Evasion AMSI Evasion via Hardware Breakpoint Hooks AMSI Evasion via Patching Introduction to AMSI Patchless AMSI Bypass via Hardware Breakpoints Related Links: Anti-Analysis Automated Obfuscation Techniques Code Obfuscation Covering Tracks ETW Bypass NTDLL Unhooking and API Hookinghttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/amsi-bypass/amsi-bypass-byte-patching/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/amsi-bypass/amsi-bypass-byte-patching/AMSI Bypass Byte Patching AMSI Bypass Byte Patching - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AMSI Evasion AMSI Evasion via Hardware Breakpoint Hooks AMSI Evasion via Patching Introduction to AMSI Patchless AMSI Bypass via Hardware Breakpointshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/amsi-bypass/amsi-evasion/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/amsi-bypass/amsi-evasion/AMSI Evasion AMSI Evasion - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AMSI Bypass Byte Patching AMSI Evasion via Hardware Breakpoint Hooks AMSI Evasion via Patching Introduction to AMSI Patchless AMSI Bypass via Hardware Breakpointshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/amsi-bypass/amsi-evasion-via-hardware-breakpoint-hooks/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/amsi-bypass/amsi-evasion-via-hardware-breakpoint-hooks/AMSI Evasion via Hardware Breakpoint Hooks AMSI Evasion via Hardware Breakpoint Hooks - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AMSI Bypass Byte Patching AMSI Evasion AMSI Evasion via Patching Introduction to AMSI Patchless AMSI Bypass via Hardware Breakpointshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/amsi-bypass/amsi-evasion-via-patching/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/amsi-bypass/amsi-evasion-via-patching/AMSI Evasion via Patching AMSI Evasion via Patching - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AMSI Bypass Byte Patching AMSI Evasion AMSI Evasion via Hardware Breakpoint Hooks Introduction to AMSI Patchless AMSI Bypass via Hardware Breakpointshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-analysis/analysis-methods/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-analysis/analysis-methods/Analysis Methods Analysis Methods - techniques and methodologies for examining malware through static inspection and dynamic execution. Dynamic Analysis Malware Analysis Techniques Static Analysis Related Links: Automated Malware Analysis Maltego Memory Leaks Metasploit Reverse Engineering Urlvoid Virustotalhttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/html-smuggling/analyzing-and-evading-smuggleshield/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/html-smuggling/analyzing-and-evading-smuggleshield/Analyzing and Evading SmuggleShield Analyzing and Evading SmuggleShield - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: HTML Smuggling HTML Smuggling Strategies Integrating Anti-Bot with HTML Smuggling MOTW Bypass via FileFix Variations SVG Smuggling WebAssembly Smugglinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/analyzing-server-security/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/analyzing-server-security/Analyzing Server Security Analyzing Server Security - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Analysis Approve Access via Discord Anti-Analysis Approve Access via Email Anti-Analysis Approve Access via Push Notifications Anti-Analysis Dynamic Obfuscation via Obfuscatorio Anti-Analysis via AES Encryption Anti-Analysis via Base64 Obfuscation Anti-Analysis via Cookie Check Anti-Analysis via Dynamic Encryption Anti-Analysis via Dynamic HTML Generation Anti-Analysis via Fetching Remote Content Anti-Analysis via Honeypots Anti-Analysis via Invisible Encoding Anti-Analysis via IP Restrictions Anti-Analysis via Reverse DNS Query Anti-Analysis via Website Keying Anti-Analysis via XOR Obfuscation Cloning Detection Mechanisms Evading Google Safe Browsing Hiding Domain via Referrer Policy Phishing Detection Methods Practical Phishing Detection Exampleshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/anonymous-smb-login/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/anonymous-smb-login/Anonymous SMB Login Anonymous SMB Login - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/Anti-Analysis Anti-Analysis - techniques that detect and subvert debugging, virtual machine, and sandbox environments to prevent dynamic malware analysis. Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniques Related Links: AMSI Bypass Automated Obfuscation Techniques Code Obfuscation Covering Tracks ETW Bypass NTDLL Unhooking and API Hookinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-approve-access-via-discord/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-approve-access-via-discord/Anti-Analysis Approve Access via Discord Anti-Analysis Approve Access via Discord - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing Server Security Anti-Analysis Approve Access via Email Anti-Analysis Approve Access via Push Notifications Anti-Analysis Dynamic Obfuscation via Obfuscatorio Anti-Analysis via AES Encryption Anti-Analysis via Base64 Obfuscation Anti-Analysis via Cookie Check Anti-Analysis via Dynamic Encryption Anti-Analysis via Dynamic HTML Generation Anti-Analysis via Fetching Remote Content Anti-Analysis via Honeypots Anti-Analysis via Invisible Encoding Anti-Analysis via IP Restrictions Anti-Analysis via Reverse DNS Query Anti-Analysis via Website Keying Anti-Analysis via XOR Obfuscation Cloning Detection Mechanisms Evading Google Safe Browsing Hiding Domain via Referrer Policy Phishing Detection Methods Practical Phishing Detection Exampleshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-approve-access-via-email/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-approve-access-via-email/Anti-Analysis Approve Access via Email Anti-Analysis Approve Access via Email - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing Server Security Anti-Analysis Approve Access via Discord Anti-Analysis Approve Access via Push Notifications Anti-Analysis Dynamic Obfuscation via Obfuscatorio Anti-Analysis via AES Encryption Anti-Analysis via Base64 Obfuscation Anti-Analysis via Cookie Check Anti-Analysis via Dynamic Encryption Anti-Analysis via Dynamic HTML Generation Anti-Analysis via Fetching Remote Content Anti-Analysis via Honeypots Anti-Analysis via Invisible Encoding Anti-Analysis via IP Restrictions Anti-Analysis via Reverse DNS Query Anti-Analysis via Website Keying Anti-Analysis via XOR Obfuscation Cloning Detection Mechanisms Evading Google Safe Browsing Hiding Domain via Referrer Policy Phishing Detection Methods Practical Phishing Detection Exampleshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-approve-access-via-push-notifications/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-approve-access-via-push-notifications/Anti-Analysis Approve Access via Push Notifications Anti-Analysis Approve Access via Push Notifications - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing Server Security Anti-Analysis Approve Access via Discord Anti-Analysis Approve Access via Email Anti-Analysis Dynamic Obfuscation via Obfuscatorio Anti-Analysis via AES Encryption Anti-Analysis via Base64 Obfuscation Anti-Analysis via Cookie Check Anti-Analysis via Dynamic Encryption Anti-Analysis via Dynamic HTML Generation Anti-Analysis via Fetching Remote Content Anti-Analysis via Honeypots Anti-Analysis via Invisible Encoding Anti-Analysis via IP Restrictions Anti-Analysis via Reverse DNS Query Anti-Analysis via Website Keying Anti-Analysis via XOR Obfuscation Cloning Detection Mechanisms Evading Google Safe Browsing Hiding Domain via Referrer Policy Phishing Detection Methods Practical Phishing Detection Exampleshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-dynamic-obfuscation-via-obfuscatorio/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-dynamic-obfuscation-via-obfuscatorio/Anti-Analysis Dynamic Obfuscation via Obfuscatorio Anti-Analysis Dynamic Obfuscation via Obfuscatorio - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing Server Security Anti-Analysis Approve Access via Discord Anti-Analysis Approve Access via Email Anti-Analysis Approve Access via Push Notifications Anti-Analysis via AES Encryption Anti-Analysis via Base64 Obfuscation Anti-Analysis via Cookie Check Anti-Analysis via Dynamic Encryption Anti-Analysis via Dynamic HTML Generation Anti-Analysis via Fetching Remote Content Anti-Analysis via Honeypots Anti-Analysis via Invisible Encoding Anti-Analysis via IP Restrictions Anti-Analysis via Reverse DNS Query Anti-Analysis via Website Keying Anti-Analysis via XOR Obfuscation Cloning Detection Mechanisms Evading Google Safe Browsing Hiding Domain via Referrer Policy Phishing Detection Methods Practical Phishing Detection Exampleshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-via-aes-encryption/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-via-aes-encryption/Anti-Analysis via AES Encryption Anti-Analysis via AES Encryption - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing Server Security Anti-Analysis Approve Access via Discord Anti-Analysis Approve Access via Email Anti-Analysis Approve Access via Push Notifications Anti-Analysis Dynamic Obfuscation via Obfuscatorio Anti-Analysis via Base64 Obfuscation Anti-Analysis via Cookie Check Anti-Analysis via Dynamic Encryption Anti-Analysis via Dynamic HTML Generation Anti-Analysis via Fetching Remote Content Anti-Analysis via Honeypots Anti-Analysis via Invisible Encoding Anti-Analysis via IP Restrictions Anti-Analysis via Reverse DNS Query Anti-Analysis via Website Keying Anti-Analysis via XOR Obfuscation Cloning Detection Mechanisms Evading Google Safe Browsing Hiding Domain via Referrer Policy Phishing Detection Methods Practical Phishing Detection Exampleshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-via-base64-obfuscation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-via-base64-obfuscation/Anti-Analysis via Base64 Obfuscation Anti-Analysis via Base64 Obfuscation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing Server Security Anti-Analysis Approve Access via Discord Anti-Analysis Approve Access via Email Anti-Analysis Approve Access via Push Notifications Anti-Analysis Dynamic Obfuscation via Obfuscatorio Anti-Analysis via AES Encryption Anti-Analysis via Cookie Check Anti-Analysis via Dynamic Encryption Anti-Analysis via Dynamic HTML Generation Anti-Analysis via Fetching Remote Content Anti-Analysis via Honeypots Anti-Analysis via Invisible Encoding Anti-Analysis via IP Restrictions Anti-Analysis via Reverse DNS Query Anti-Analysis via Website Keying Anti-Analysis via XOR Obfuscation Cloning Detection Mechanisms Evading Google Safe Browsing Hiding Domain via Referrer Policy Phishing Detection Methods Practical Phishing Detection Exampleshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-via-cookie-check/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-via-cookie-check/Anti-Analysis via Cookie Check Anti-Analysis via Cookie Check - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing Server Security Anti-Analysis Approve Access via Discord Anti-Analysis Approve Access via Email Anti-Analysis Approve Access via Push Notifications Anti-Analysis Dynamic Obfuscation via Obfuscatorio Anti-Analysis via AES Encryption Anti-Analysis via Base64 Obfuscation Anti-Analysis via Dynamic Encryption Anti-Analysis via Dynamic HTML Generation Anti-Analysis via Fetching Remote Content Anti-Analysis via Honeypots Anti-Analysis via Invisible Encoding Anti-Analysis via IP Restrictions Anti-Analysis via Reverse DNS Query Anti-Analysis via Website Keying Anti-Analysis via XOR Obfuscation Cloning Detection Mechanisms Evading Google Safe Browsing Hiding Domain via Referrer Policy Phishing Detection Methods Practical Phishing Detection Exampleshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-via-dynamic-encryption/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-via-dynamic-encryption/Anti-Analysis via Dynamic Encryption Anti-Analysis via Dynamic Encryption - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing Server Security Anti-Analysis Approve Access via Discord Anti-Analysis Approve Access via Email Anti-Analysis Approve Access via Push Notifications Anti-Analysis Dynamic Obfuscation via Obfuscatorio Anti-Analysis via AES Encryption Anti-Analysis via Base64 Obfuscation Anti-Analysis via Cookie Check Anti-Analysis via Dynamic HTML Generation Anti-Analysis via Fetching Remote Content Anti-Analysis via Honeypots Anti-Analysis via Invisible Encoding Anti-Analysis via IP Restrictions Anti-Analysis via Reverse DNS Query Anti-Analysis via Website Keying Anti-Analysis via XOR Obfuscation Cloning Detection Mechanisms Evading Google Safe Browsing Hiding Domain via Referrer Policy Phishing Detection Methods Practical Phishing Detection Exampleshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-via-dynamic-html-generation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-via-dynamic-html-generation/Anti-Analysis via Dynamic HTML Generation Anti-Analysis via Dynamic HTML Generation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing Server Security Anti-Analysis Approve Access via Discord Anti-Analysis Approve Access via Email Anti-Analysis Approve Access via Push Notifications Anti-Analysis Dynamic Obfuscation via Obfuscatorio Anti-Analysis via AES Encryption Anti-Analysis via Base64 Obfuscation Anti-Analysis via Cookie Check Anti-Analysis via Dynamic Encryption Anti-Analysis via Fetching Remote Content Anti-Analysis via Honeypots Anti-Analysis via Invisible Encoding Anti-Analysis via IP Restrictions Anti-Analysis via Reverse DNS Query Anti-Analysis via Website Keying Anti-Analysis via XOR Obfuscation Cloning Detection Mechanisms Evading Google Safe Browsing Hiding Domain via Referrer Policy Phishing Detection Methods Practical Phishing Detection Exampleshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-via-fetching-remote-content/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-via-fetching-remote-content/Anti-Analysis via Fetching Remote Content Anti-Analysis via Fetching Remote Content - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing Server Security Anti-Analysis Approve Access via Discord Anti-Analysis Approve Access via Email Anti-Analysis Approve Access via Push Notifications Anti-Analysis Dynamic Obfuscation via Obfuscatorio Anti-Analysis via AES Encryption Anti-Analysis via Base64 Obfuscation Anti-Analysis via Cookie Check Anti-Analysis via Dynamic Encryption Anti-Analysis via Dynamic HTML Generation Anti-Analysis via Honeypots Anti-Analysis via Invisible Encoding Anti-Analysis via IP Restrictions Anti-Analysis via Reverse DNS Query Anti-Analysis via Website Keying Anti-Analysis via XOR Obfuscation Cloning Detection Mechanisms Evading Google Safe Browsing Hiding Domain via Referrer Policy Phishing Detection Methods Practical Phishing Detection Exampleshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-via-honeypots/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-via-honeypots/Anti-Analysis via Honeypots Anti-Analysis via Honeypots - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing Server Security Anti-Analysis Approve Access via Discord Anti-Analysis Approve Access via Email Anti-Analysis Approve Access via Push Notifications Anti-Analysis Dynamic Obfuscation via Obfuscatorio Anti-Analysis via AES Encryption Anti-Analysis via Base64 Obfuscation Anti-Analysis via Cookie Check Anti-Analysis via Dynamic Encryption Anti-Analysis via Dynamic HTML Generation Anti-Analysis via Fetching Remote Content Anti-Analysis via Invisible Encoding Anti-Analysis via IP Restrictions Anti-Analysis via Reverse DNS Query Anti-Analysis via Website Keying Anti-Analysis via XOR Obfuscation Cloning Detection Mechanisms Evading Google Safe Browsing Hiding Domain via Referrer Policy Phishing Detection Methods Practical Phishing Detection Exampleshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-via-invisible-encoding/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-via-invisible-encoding/Anti-Analysis via Invisible Encoding Anti-Analysis via Invisible Encoding - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing Server Security Anti-Analysis Approve Access via Discord Anti-Analysis Approve Access via Email Anti-Analysis Approve Access via Push Notifications Anti-Analysis Dynamic Obfuscation via Obfuscatorio Anti-Analysis via AES Encryption Anti-Analysis via Base64 Obfuscation Anti-Analysis via Cookie Check Anti-Analysis via Dynamic Encryption Anti-Analysis via Dynamic HTML Generation Anti-Analysis via Fetching Remote Content Anti-Analysis via Honeypots Anti-Analysis via IP Restrictions Anti-Analysis via Reverse DNS Query Anti-Analysis via Website Keying Anti-Analysis via XOR Obfuscation Cloning Detection Mechanisms Evading Google Safe Browsing Hiding Domain via Referrer Policy Phishing Detection Methods Practical Phishing Detection Exampleshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-via-ip-restrictions/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-via-ip-restrictions/Anti-Analysis via IP Restrictions Anti-Analysis via IP Restrictions - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing Server Security Anti-Analysis Approve Access via Discord Anti-Analysis Approve Access via Email Anti-Analysis Approve Access via Push Notifications Anti-Analysis Dynamic Obfuscation via Obfuscatorio Anti-Analysis via AES Encryption Anti-Analysis via Base64 Obfuscation Anti-Analysis via Cookie Check Anti-Analysis via Dynamic Encryption Anti-Analysis via Dynamic HTML Generation Anti-Analysis via Fetching Remote Content Anti-Analysis via Honeypots Anti-Analysis via Invisible Encoding Anti-Analysis via Reverse DNS Query Anti-Analysis via Website Keying Anti-Analysis via XOR Obfuscation Cloning Detection Mechanisms Evading Google Safe Browsing Hiding Domain via Referrer Policy Phishing Detection Methods Practical Phishing Detection Exampleshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-via-reverse-dns-query/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-via-reverse-dns-query/Anti-Analysis via Reverse DNS Query Anti-Analysis via Reverse DNS Query - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing Server Security Anti-Analysis Approve Access via Discord Anti-Analysis Approve Access via Email Anti-Analysis Approve Access via Push Notifications Anti-Analysis Dynamic Obfuscation via Obfuscatorio Anti-Analysis via AES Encryption Anti-Analysis via Base64 Obfuscation Anti-Analysis via Cookie Check Anti-Analysis via Dynamic Encryption Anti-Analysis via Dynamic HTML Generation Anti-Analysis via Fetching Remote Content Anti-Analysis via Honeypots Anti-Analysis via Invisible Encoding Anti-Analysis via IP Restrictions Anti-Analysis via Website Keying Anti-Analysis via XOR Obfuscation Cloning Detection Mechanisms Evading Google Safe Browsing Hiding Domain via Referrer Policy Phishing Detection Methods Practical Phishing Detection Exampleshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-via-website-keying/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-via-website-keying/Anti-Analysis via Website Keying Anti-Analysis via Website Keying - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing Server Security Anti-Analysis Approve Access via Discord Anti-Analysis Approve Access via Email Anti-Analysis Approve Access via Push Notifications Anti-Analysis Dynamic Obfuscation via Obfuscatorio Anti-Analysis via AES Encryption Anti-Analysis via Base64 Obfuscation Anti-Analysis via Cookie Check Anti-Analysis via Dynamic Encryption Anti-Analysis via Dynamic HTML Generation Anti-Analysis via Fetching Remote Content Anti-Analysis via Honeypots Anti-Analysis via Invisible Encoding Anti-Analysis via IP Restrictions Anti-Analysis via Reverse DNS Query Anti-Analysis via XOR Obfuscation Cloning Detection Mechanisms Evading Google Safe Browsing Hiding Domain via Referrer Policy Phishing Detection Methods Practical Phishing Detection Exampleshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-via-xor-obfuscation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/anti-analysis-via-xor-obfuscation/Anti-Analysis via XOR Obfuscation Anti-Analysis via XOR Obfuscation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing Server Security Anti-Analysis Approve Access via Discord Anti-Analysis Approve Access via Email Anti-Analysis Approve Access via Push Notifications Anti-Analysis Dynamic Obfuscation via Obfuscatorio Anti-Analysis via AES Encryption Anti-Analysis via Base64 Obfuscation Anti-Analysis via Cookie Check Anti-Analysis via Dynamic Encryption Anti-Analysis via Dynamic HTML Generation Anti-Analysis via Fetching Remote Content Anti-Analysis via Honeypots Anti-Analysis via Invisible Encoding Anti-Analysis via IP Restrictions Anti-Analysis via Reverse DNS Query Anti-Analysis via Website Keying Cloning Detection Mechanisms Evading Google Safe Browsing Hiding Domain via Referrer Policy Phishing Detection Methods Practical Phishing Detection Exampleshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/Anti-Bot Anti-Bot - techniques for detecting and blocking automated scanners, security bots, and analysis tools from accessing phishing pages. Ad Blocker Detection Anti-Bot Library Anti-Bot via Advanced JA4 Analysis Anti-Bot via CAPTCHA Anti-Bot via Improper Window Size Anti-Bot via User Agent Filtering Anti-Bot via User Agent Spoofing Detection Anti-Bot via User Interaction Client Analysis via Cloudflare Workers Client Logging Library Collecting and Analyzing Bot Telemetry Collecting and Analyzing JA4 Bot Telemetry Detecting Headless Browsers via WebDriver Property Incognito Mode Detection JA3 JA3S Fingerprinting JA4 Analysis Blacklisting JA4 Fingerprints JA4 Analysis Blacklisting Partial JA4 Fingerprints JA4 Analysis Calculating JA4 Fingerprints JA4 Analysis Whitelisting Partial JA4 Fingerprints JA4 JA4S Fingerprinting JARM Fingerprinting Related Links: AitM and MFA Bypass Email Attachments and Phishing Campaigns HTML Smuggling Infrastructure Introduction to Phishing Page Design and Delivery Phishing Anti-Analysis Phishing Requirementshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/anti-bot-library/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/anti-bot-library/Anti-Bot Library Anti-Bot Library - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ad Blocker Detection Anti-Bot via Advanced JA4 Analysis Anti-Bot via CAPTCHA Anti-Bot via Improper Window Size Anti-Bot via User Agent Filtering Anti-Bot via User Agent Spoofing Detection Anti-Bot via User Interaction Client Analysis via Cloudflare Workers Client Logging Library Collecting and Analyzing Bot Telemetry Collecting and Analyzing JA4 Bot Telemetry Detecting Headless Browsers via WebDriver Property Incognito Mode Detection JA3 JA3S Fingerprinting JA4 Analysis Blacklisting JA4 Fingerprints JA4 Analysis Blacklisting Partial JA4 Fingerprints JA4 Analysis Calculating JA4 Fingerprints JA4 Analysis Whitelisting Partial JA4 Fingerprints JA4 JA4S Fingerprinting JARM Fingerprintinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/anti-bot-via-advanced-ja4-analysis/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/anti-bot-via-advanced-ja4-analysis/Anti-Bot via Advanced JA4 Analysis Anti-Bot via Advanced JA4 Analysis - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ad Blocker Detection Anti-Bot Library Anti-Bot via CAPTCHA Anti-Bot via Improper Window Size Anti-Bot via User Agent Filtering Anti-Bot via User Agent Spoofing Detection Anti-Bot via User Interaction Client Analysis via Cloudflare Workers Client Logging Library Collecting and Analyzing Bot Telemetry Collecting and Analyzing JA4 Bot Telemetry Detecting Headless Browsers via WebDriver Property Incognito Mode Detection JA3 JA3S Fingerprinting JA4 Analysis Blacklisting JA4 Fingerprints JA4 Analysis Blacklisting Partial JA4 Fingerprints JA4 Analysis Calculating JA4 Fingerprints JA4 Analysis Whitelisting Partial JA4 Fingerprints JA4 JA4S Fingerprinting JARM Fingerprintinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/anti-bot-via-captcha/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/anti-bot-via-captcha/Anti-Bot via CAPTCHA Anti-Bot via CAPTCHA - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ad Blocker Detection Anti-Bot Library Anti-Bot via Advanced JA4 Analysis Anti-Bot via Improper Window Size Anti-Bot via User Agent Filtering Anti-Bot via User Agent Spoofing Detection Anti-Bot via User Interaction Client Analysis via Cloudflare Workers Client Logging Library Collecting and Analyzing Bot Telemetry Collecting and Analyzing JA4 Bot Telemetry Detecting Headless Browsers via WebDriver Property Incognito Mode Detection JA3 JA3S Fingerprinting JA4 Analysis Blacklisting JA4 Fingerprints JA4 Analysis Blacklisting Partial JA4 Fingerprints JA4 Analysis Calculating JA4 Fingerprints JA4 Analysis Whitelisting Partial JA4 Fingerprints JA4 JA4S Fingerprinting JARM Fingerprintinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/anti-bot-via-improper-window-size/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/anti-bot-via-improper-window-size/Anti-Bot via Improper Window Size Anti-Bot via Improper Window Size - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ad Blocker Detection Anti-Bot Library Anti-Bot via Advanced JA4 Analysis Anti-Bot via CAPTCHA Anti-Bot via User Agent Filtering Anti-Bot via User Agent Spoofing Detection Anti-Bot via User Interaction Client Analysis via Cloudflare Workers Client Logging Library Collecting and Analyzing Bot Telemetry Collecting and Analyzing JA4 Bot Telemetry Detecting Headless Browsers via WebDriver Property Incognito Mode Detection JA3 JA3S Fingerprinting JA4 Analysis Blacklisting JA4 Fingerprints JA4 Analysis Blacklisting Partial JA4 Fingerprints JA4 Analysis Calculating JA4 Fingerprints JA4 Analysis Whitelisting Partial JA4 Fingerprints JA4 JA4S Fingerprinting JARM Fingerprintinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/anti-bot-via-user-agent-filtering/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/anti-bot-via-user-agent-filtering/Anti-Bot via User Agent Filtering Anti-Bot via User Agent Filtering - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ad Blocker Detection Anti-Bot Library Anti-Bot via Advanced JA4 Analysis Anti-Bot via CAPTCHA Anti-Bot via Improper Window Size Anti-Bot via User Agent Spoofing Detection Anti-Bot via User Interaction Client Analysis via Cloudflare Workers Client Logging Library Collecting and Analyzing Bot Telemetry Collecting and Analyzing JA4 Bot Telemetry Detecting Headless Browsers via WebDriver Property Incognito Mode Detection JA3 JA3S Fingerprinting JA4 Analysis Blacklisting JA4 Fingerprints JA4 Analysis Blacklisting Partial JA4 Fingerprints JA4 Analysis Calculating JA4 Fingerprints JA4 Analysis Whitelisting Partial JA4 Fingerprints JA4 JA4S Fingerprinting JARM Fingerprintinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/anti-bot-via-user-agent-spoofing-detection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/anti-bot-via-user-agent-spoofing-detection/Anti-Bot via User Agent Spoofing Detection Anti-Bot via User Agent Spoofing Detection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ad Blocker Detection Anti-Bot Library Anti-Bot via Advanced JA4 Analysis Anti-Bot via CAPTCHA Anti-Bot via Improper Window Size Anti-Bot via User Agent Filtering Anti-Bot via User Interaction Client Analysis via Cloudflare Workers Client Logging Library Collecting and Analyzing Bot Telemetry Collecting and Analyzing JA4 Bot Telemetry Detecting Headless Browsers via WebDriver Property Incognito Mode Detection JA3 JA3S Fingerprinting JA4 Analysis Blacklisting JA4 Fingerprints JA4 Analysis Blacklisting Partial JA4 Fingerprints JA4 Analysis Calculating JA4 Fingerprints JA4 Analysis Whitelisting Partial JA4 Fingerprints JA4 JA4S Fingerprinting JARM Fingerprintinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/anti-bot-via-user-interaction/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/anti-bot-via-user-interaction/Anti-Bot via User Interaction Anti-Bot via User Interaction - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ad Blocker Detection Anti-Bot Library Anti-Bot via Advanced JA4 Analysis Anti-Bot via CAPTCHA Anti-Bot via Improper Window Size Anti-Bot via User Agent Filtering Anti-Bot via User Agent Spoofing Detection Client Analysis via Cloudflare Workers Client Logging Library Collecting and Analyzing Bot Telemetry Collecting and Analyzing JA4 Bot Telemetry Detecting Headless Browsers via WebDriver Property Incognito Mode Detection JA3 JA3S Fingerprinting JA4 Analysis Blacklisting JA4 Fingerprints JA4 Analysis Blacklisting Partial JA4 Fingerprints JA4 Analysis Calculating JA4 Fingerprints JA4 Analysis Whitelisting Partial JA4 Fingerprints JA4 JA4S Fingerprinting JARM Fingerprintinghttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/anti-debugging-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/anti-debugging-techniques/Anti-Debugging Techniques Anti-Debugging Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/anti-debugging-via-ntglobalflag/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/anti-debugging-via-ntglobalflag/Anti-Debugging via NtGlobalFlag Anti-Debugging via NtGlobalFlag - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/anti-debugging-via-ntsystemdebugcontrol/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/anti-debugging-via-ntsystemdebugcontrol/Anti-Debugging via NtSystemDebugControl Anti-Debugging via NtSystemDebugControl - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/anti-debugging-via-processdebugflags/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/anti-debugging-via-processdebugflags/Anti-Debugging via ProcessDebugFlags Anti-Debugging via ProcessDebugFlags - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/anti-debugging-via-ptrace/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/anti-debugging-via-ptrace/Anti-Debugging via Ptrace Anti-Debugging via Ptrace - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/anti-debugging-via-tls-callbacks/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/anti-debugging-via-tls-callbacks/Anti-Debugging via TLS Callbacks Anti-Debugging via TLS Callbacks - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/anti-forensic-evasion-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/anti-forensic-evasion-techniques/Anti-Forensic Evasion Techniques Anti-Forensic Evasion Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/incident-response-and-forensics/anti-forensic-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/incident-response-and-forensics/anti-forensic-techniques/Anti-Forensic Techniques Anti-Forensic Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automated Reverse Engineering Digital Forensics Forensics Hayabusa Incident Response Threat Hunting Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/covering-tracks/anti-forensic-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/covering-tracks/anti-forensic-techniques/Anti-Forensic Techniques Anti-Forensic Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Covering Tracks Techniques Data Destruction Techniques File Time Stomping Log Tampering Techniques Self-Deletion Techniques Shadow Copy Deletion Timestomping Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/anti-malware-evasion-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/anti-malware-evasion-techniques/Anti-Malware Evasion Techniques Anti-Malware Evasion Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/anti-virtualization-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/anti-virtualization-techniques/Anti-Virtualization Techniques Anti-Virtualization Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/anti-virus-evasion-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/anti-virus-evasion-techniques/Anti-Virus Evasion Techniques Anti-Virus Evasion Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/ap-string-hashing-algorithm/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/ap-string-hashing-algorithm/AP String Hashing Algorithm AP String Hashing Algorithm - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/ap-string-hashing-algorithm-ascii/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/ap-string-hashing-algorithm-ascii/AP String Hashing Algorithm ASCII AP String Hashing Algorithm ASCII - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/ap-string-hashing-syscalls-hash-values-nt/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/ap-string-hashing-syscalls-hash-values-nt/AP String Hashing Syscalls Hash Values NT AP String Hashing Syscalls Hash Values NT - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/ap-syscalls-hash-values-zw/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/ap-syscalls-hash-values-zw/AP Syscalls Hash Values ZW AP Syscalls Hash Values ZW - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/ap-winapis-hash-values/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/ap-winapis-hash-values/AP WinAPIs Hash Values AP WinAPIs Hash Values - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/backend-engineering/web/web-infrastructure/apache/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/web/web-infrastructure/apache/Apache Apache - open-source HTTP server software widely used for serving web content. Related Links: Caddy Domain name Domain name system Http caching Https Nginx Fundamentals Web servershttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/apc-injection-via-write-to-process-memory/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/apc-injection-via-write-to-process-memory/APC Injection via Write to Process Memory APC Injection via Write to Process Memory - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/apc-queues/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/apc-queues/APC Queues APC Queues - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/backend-engineering/web/apis/api/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/web/apis/api/API API - the set of rules and protocols defining how software components communicate with each other. Related Links: API Design API styles GraphQL GraphQL Fundamentals GRPC HTTP and API Fundamentals Open API Specification (OAS) REST REST API Design SOAPhttps://r0tbyt3.dev/wiki/content/backend-engineering/web/apis/api-design/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/web/apis/api-design/API Design API Design - principles and patterns for designing clear, consistent, and usable application interfaces. Related Links: API API styles GraphQL GraphQL Fundamentals GRPC HTTP and API Fundamentals Open API Specification (OAS) REST REST API Design SOAPhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/api-hooking/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/api-hooking/API Hooking API Hooking - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/ntdll-unhooking-and-api-hooking/api-hooking-variants/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/ntdll-unhooking-and-api-hooking/api-hooking-variants/API Hooking Variants API Hooking Variants - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Hardware Hooks NTDLL Unhooking NTDLL Unhooking Variants Unhooking All DLLs Utilizing Hardware Breakpoints for Hooking 1 Utilizing Hardware Breakpoints for Hooking 2https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/ci-cd/devsecops/api-security/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/ci-cd/devsecops/api-security/API Security API Security - securing APIs in CI/CD pipelines through authentication, rate limiting, input validation, and automated scanning. Related Links: Arachni Dynamic application security testing (DAST) Nikto Pipeline Security Shift Left Security Software composition analysis (SCA) Static application security testing (SAST) W3afhttps://r0tbyt3.dev/wiki/content/backend-engineering/security/web-security/api-security-best-practices/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/security/web-security/api-security-best-practices/API security best practices API Security Best Practices - techniques for securing APIs against common vulnerabilities and attacks. Related Links: Container security best practices CORS CSP Mitigation techniques OWASP risks Server securityhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/api-set-resolution/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/api-set-resolution/API Set Resolution API Set Resolution - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/backend-engineering/web/apis/api-styles/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/web/apis/api-styles/API styles API Styles - comparison of REST, RPC, GraphQL, and other API architectural styles. Related Links: API API Design GraphQL GraphQL Fundamentals GRPC HTTP and API Fundamentals Open API Specification (OAS) REST REST API Design SOAPhttps://r0tbyt3.dev/wiki/content/backend-engineering/web/apis/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/web/apis/APIs APIs - protocols, styles, and standards for designing and consuming application programming interfaces. API API Design API styles GraphQL GraphQL Fundamentals GRPC HTTP and API Fundamentals Open API Specification (OAS) REST REST API Design SOAP Related Links: Web Infrastructurehttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/Application Security Application Security - the practice of identifying and mitigating vulnerabilities in software applications throughout the development lifecycle. Authentication and Authorization Automated Exploit Generation Automated Vulnerability Discovery Common Exploit Frameworks and Tools Injection Attacks OWASP Top 10 Secure Coding Fundamentals Software Vulnerabilities and Exploits Target-Specific Exploitation Web Based Attacks Related Links: Bash Burp Suite Cryptography Cybersecurity Encryption Firewalls Ghidra Hashing Incident Response and Forensics Information Security Models Linux Operating System Malware Analysis Malware Development Network Security Nginx Nmap Obfuscation and Detection Evasion Offensive Phishing Operations Ransomware SOC and Detection Engineering Social Engineering Threat Modeling Windows Security and Administration Wiresharkhttps://r0tbyt3.dev/wiki/content/cybersecurity/threat-modeling/apt/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/threat-modeling/apt/APT APT - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: OSINT Reconnaissance Techniques Supply Chain Attacks Threat Modeling Fundamentals Zero Dayhttps://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/ci-cd/devsecops/arachni/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/ci-cd/devsecops/arachni/Arachni Arachni - open-source web application security scanner used for automated vulnerability discovery. Related Links: API Security Dynamic application security testing (DAST) Nikto Pipeline Security Shift Left Security Software composition analysis (SCA) Static application security testing (SAST) W3afhttps://r0tbyt3.dev/wiki/content/backend-engineering/system-design/architecture-patterns/architectural-patterns/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/system-design/architecture-patterns/architectural-patterns/Architectural patterns Architectural Patterns - reusable solutions to common software architecture problems at a system level. Related Links: Backend Architecture Microservices Monolith Monolith vs Microservices Serverless Serverless computing Service mesh architecture Service meshes Service-oriented architecture (SOA) Twelve-factor apphttps://r0tbyt3.dev/wiki/content/backend-engineering/system-design/architecture-patterns/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/system-design/architecture-patterns/Architecture Patterns Architecture Patterns - high-level structural patterns for organizing backend systems including monoliths, microservices, and serverless. Architectural patterns Backend Architecture Microservices Monolith Monolith vs Microservices Serverless Serverless computing Service mesh architecture Service meshes Service-oriented architecture (SOA) Twelve-factor app Related Links: Scalability and Infrastructurehttps://r0tbyt3.dev/wiki/content/backend-engineering/security/cryptography/argon2/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/security/cryptography/argon2/Argon2 Argon2 - memory-hard password hashing algorithm designed to resist GPU and brute-force attacks. Related Links: Bcrypt Hashing algorithms MD5 Scrypt SHA-1 SHA-256 TLShttps://r0tbyt3.dev/wiki/content/embedded-systems/architectures/arm-m-profile/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/architectures/arm-m-profile/Arm M-profile Arm M-profile - the family of Arm processor cores designed for embedded and microcontroller applications, including the Cortex-M series with its NVIC, MPU, and TrustZone-M security extensions. Boot Flow on Cortex-M Exceptions Interruptions MPU Usage Patterns NVIC TrustZone-M Related Links: Bus Fabrics and On-Chip Interconnects CPU Core Concepts Heterogeneous SoCs and Co-processors Memory Architecture Power and Clock Domain Architecture RISC-V Single Core vs Multi-Core Architectureshttps://r0tbyt3.dev/wiki/content/backend-engineering/dsa/data-structures/arrays/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/dsa/data-structures/arrays/Arrays Arrays - ordered, index-based collections stored contiguously in memory with O(1) random access and O(n) insertion. Related Links: Binary Search Trees Graphs Hash Tables Heaps Linked Lists Queues Sets Stacks Strings Trees Trieshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/assembly/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/assembly/Assembly Assembly - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/backend-engineering/security/authorization/attribute-based-access-control-abac/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/security/authorization/attribute-based-access-control-abac/Attribute-based access control (ABAC) Attribute-Based Access Control - authorization model granting access based on user attributes and policies. Related Links: Access control lists (ACLs) Capability-based access control OAuth OpenID Connect (OIDC) Role-based access control (RBAC)https://r0tbyt3.dev/wiki/content/backend-engineering/security/authentication/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/security/authentication/Authentication Authentication - mechanisms for verifying identity including passwords, tokens, sessions, and multi-factor methods. Authentication and Authorization AuthN vs AuthZ Multi-factor authentication (MFA) Password-based authentication Session and Token Security Token-based authentication Related Links: Authorization Cryptography Web Securityhttps://r0tbyt3.dev/wiki/content/backend-engineering/security/authentication/authentication-and-authorization/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/security/authentication/authentication-and-authorization/Authentication and Authorization Authentication and Authorization - mechanisms for verifying identity and controlling access to resources. Related Links: AuthN vs AuthZ Multi-factor authentication (MFA) Password-based authentication Session and Token Security Token-based authenticationhttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/authentication-and-authorization/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/authentication-and-authorization/Authentication and Authorization Authentication and Authorization - attack techniques targeting weak authentication mechanisms and improper access control implementations. Authentication Bypass Techniques Breaking Authentication Breaking Authorization Brute Force vs Password Spraying Related Links: Automated Exploit Generation Automated Vulnerability Discovery Common Exploit Frameworks and Tools Injection Attacks OWASP Top 10 Secure Coding Fundamentals Software Vulnerabilities and Exploits Target-Specific Exploitation Web Based Attackshttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/authentication-and-authorization/authentication-bypass-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/authentication-and-authorization/authentication-bypass-techniques/Authentication Bypass Techniques Authentication Bypass Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Breaking Authentication Breaking Authorization Brute Force vs Password Sprayinghttps://r0tbyt3.dev/wiki/content/backend-engineering/security/authentication/authn-vs-authz/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/security/authentication/authn-vs-authz/AuthN vs AuthZ AuthN vs AuthZ - distinction between authentication (who you are) and authorization (what you can do). Related Links: Authentication and Authorization Multi-factor authentication (MFA) Password-based authentication Session and Token Security Token-based authenticationhttps://r0tbyt3.dev/wiki/content/backend-engineering/security/authorization/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/security/authorization/Authorization Authorization - mechanisms for controlling access to resources based on verified identity and assigned permissions. Access control lists (ACLs) Attribute-based access control (ABAC) Capability-based access control OAuth OpenID Connect (OIDC) Role-based access control (RBAC) Related Links: Authentication Cryptography Web Securityhttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/automate-phishing-infrastructure-ansible/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/automate-phishing-infrastructure-ansible/Automate Phishing Infrastructure Ansible Automate Phishing Infrastructure Ansible - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automate Phishing Infrastructure Terraform Database Setup MySQL Deploying Phishing Infrastructure Domain and DNS Configuration Improving Domain Reputation Domain Aging Improving Domain Reputation Domain Categorization Improving Domain Reputation Web Traffic Introduction to Caddy OPSEC Failure Directory Listing Performing Input Validation Protecting Phishing Servers via Caddy Protecting Phishing Servers via Mod Rewrite Secure SSH Configuration Securing Server Blocking Direct IP Access Securing Server Removing Verbose Information Securing Server Restrict HTTP Access Securing Server via Cloudflare Serverless Phishing Cloudflare Worker SSL Configuration Comodo SSL SSL Configuration Lets Encrypt Web Server Setup Apache PHP Web Server Setup Nginx Flask Wildcard Certificate via Lets Encrypthttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/automate-phishing-infrastructure-terraform/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/automate-phishing-infrastructure-terraform/Automate Phishing Infrastructure Terraform Automate Phishing Infrastructure Terraform - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automate Phishing Infrastructure Ansible Database Setup MySQL Deploying Phishing Infrastructure Domain and DNS Configuration Improving Domain Reputation Domain Aging Improving Domain Reputation Domain Categorization Improving Domain Reputation Web Traffic Introduction to Caddy OPSEC Failure Directory Listing Performing Input Validation Protecting Phishing Servers via Caddy Protecting Phishing Servers via Mod Rewrite Secure SSH Configuration Securing Server Blocking Direct IP Access Securing Server Removing Verbose Information Securing Server Restrict HTTP Access Securing Server via Cloudflare Serverless Phishing Cloudflare Worker SSL Configuration Comodo SSL SSL Configuration Lets Encrypt Web Server Setup Apache PHP Web Server Setup Nginx Flask Wildcard Certificate via Lets Encrypthttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/automated-botnet-development/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/automated-botnet-development/Automated Botnet Development Automated Botnet Development - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/automated-c2-infrastructure-setup/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/automated-c2-infrastructure-setup/Automated C2 Infrastructure Setup Automated C2 Infrastructure Setup - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/automated-cryptojacking-malware-development/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/automated-cryptojacking-malware-development/Automated Cryptojacking Malware Development Automated Cryptojacking Malware Development - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/automated-evasion-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/automated-evasion-techniques/Automated Evasion Techniques Automated Evasion Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/automated-exploit-generation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/automated-exploit-generation/Automated Exploit Generation Automated Exploit Generation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Authentication and Authorization Automated Vulnerability Discovery Common Exploit Frameworks and Tools Injection Attacks OWASP Top 10 Secure Coding Fundamentals Software Vulnerabilities and Exploits Target-Specific Exploitation Web Based Attackshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/automated-fileless-malware-development/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/automated-fileless-malware-development/Automated Fileless Malware Development Automated Fileless Malware Development - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-analysis/automated-malware-analysis/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-analysis/automated-malware-analysis/Automated Malware Analysis Automated Malware Analysis - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analysis Methods Maltego Memory Leaks Metasploit Reverse Engineering Urlvoid Virustotalhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/automated-malware-delivery-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/automated-malware-delivery-techniques/Automated Malware Delivery Techniques Automated Malware Delivery Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/automated-malware-distribution-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/automated-malware-distribution-techniques/Automated Malware Distribution Techniques Automated Malware Distribution Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/automated-obfuscation-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/automated-obfuscation-techniques/Automated Obfuscation Techniques Automated Obfuscation Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AMSI Bypass Anti-Analysis Code Obfuscation Covering Tracks ETW Bypass NTDLL Unhooking and API Hookinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/automated-payload-generation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/automated-payload-generation/Automated Payload Generation Automated Payload Generation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/automated-payload-generation-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/automated-payload-generation-techniques/Automated Payload Generation Techniques Automated Payload Generation Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/automated-polymorphic-and-metamorphic-malware-development/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/automated-polymorphic-and-metamorphic-malware-development/Automated Polymorphic and Metamorphic Malware Development Automated Polymorphic and Metamorphic Malware Development - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/incident-response-and-forensics/automated-reverse-engineering/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/incident-response-and-forensics/automated-reverse-engineering/Automated Reverse Engineering Automated Reverse Engineering - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Forensic Techniques Digital Forensics Forensics Hayabusa Incident Response Threat Hunting Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/automated-social-engineering-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/automated-social-engineering-techniques/Automated Social Engineering Techniques Automated Social Engineering Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automated Spear Phishing Email Generation Digital Social Engineering Physical Social Engineering Social Engineering Fundamentals Social Engineering Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/automated-spear-phishing-email-generation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/automated-spear-phishing-email-generation/Automated Spear Phishing Email Generation Automated Spear Phishing Email Generation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automated Social Engineering Techniques Digital Social Engineering Physical Social Engineering Social Engineering Fundamentals Social Engineering Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/automated-vulnerability-discovery/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/automated-vulnerability-discovery/Automated Vulnerability Discovery Automated Vulnerability Discovery - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Authentication and Authorization Automated Exploit Generation Common Exploit Frameworks and Tools Injection Attacks OWASP Top 10 Secure Coding Fundamentals Software Vulnerabilities and Exploits Target-Specific Exploitation Web Based Attackshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/av-detection-mechanisms/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/av-detection-mechanisms/AV Detection Mechanisms AV Detection Mechanisms - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/avoid-detection-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/avoid-detection-techniques/Avoid Detection Techniques Avoid Detection Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/backend-engineering/system-design/architecture-patterns/backend-architecture/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/system-design/architecture-patterns/backend-architecture/Backend Architecture Backend Architecture - overall structure and organization of server-side systems and their components. Related Links: Architectural patterns Microservices Monolith Monolith vs Microservices Serverless Serverless computing Service mesh architecture Service meshes Service-oriented architecture (SOA) Twelve-factor apphttps://r0tbyt3.dev/wiki/content/backend-engineering/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/Backend Engineering Backend Engineering - design, development, and maintenance of server-side applications, APIs, databases, and infrastructure that power web applications and services. Concurrency Databases Django DSA Python Security System Design Web Related Links: Cybersecurity DevOps and Platform Engineering Embedded Systems Homehttps://r0tbyt3.dev/wiki/content/backend-engineering/concurrency/backpressure/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/concurrency/backpressure/Backpressure Backpressure - mechanism in streaming systems to signal producers to slow down when consumers are overwhelmed. Related Links: Circuit breakers Event-driven architecture Failure modes Graceful degradation Loadshifting Rate limiting Real time data Realtime Server sent events short polling Streaming Throttling Websocketshttps://r0tbyt3.dev/wiki/content/backend-engineering/dsa/algorithms/backtracking/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/dsa/algorithms/backtracking/Backtracking Backtracking - algorithmic technique building candidates incrementally and abandoning paths that violate constraints. Related Links: Big O Notation Bit Manipulation Divide and Conquer Dynamic Programming Graph Algorithms Greedy Algorithms Recursion Searching Sortinghttps://r0tbyt3.dev/wiki/content/cybersecurity/encryption/base-n-encoder-entropy-reduction/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/encryption/base-n-encoder-entropy-reduction/Base N Encoder Entropy Reduction Base N Encoder Entropy Reduction - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AES Brute Forcing Key Decryption Caesar Cipher Encryption Decryption ChaCha20 Encryption Algorithm Data Encryption Techniques Encryption Fundamentals Generating Encryption Keys Without WinAPI Calls Random Key Generation RC4 SystemFunction040 Encryption Decryption XOR Encryption Decryption via Multi-Byte Key XOR Encryption Decryption via Single Bytehttps://r0tbyt3.dev/wiki/content/cybersecurity/bash/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/bash/Bash Bash - the Bourne Again Shell scripting language used extensively in Linux-based cybersecurity tooling, automation, and offensive operations. Bash Fundamentals Related Links: Application Security Burp Suite Cryptography Cybersecurity Encryption Firewalls Ghidra Hashing Incident Response and Forensics Information Security Models Linux Operating System Malware Analysis Malware Development Network Security Nginx Nmap Obfuscation and Detection Evasion Offensive Phishing Operations Ransomware SOC and Detection Engineering Social Engineering Threat Modeling Windows Security and Administration Wiresharkhttps://r0tbyt3.dev/wiki/content/cybersecurity/bash/bash-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/bash/bash-fundamentals/Bash Fundamentals Bash Fundamentals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links:https://r0tbyt3.dev/wiki/content/backend-engineering/python/language-fundamentals/basic-data-types/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/python/language-fundamentals/basic-data-types/Basic data types Basic Data Types - fundamental Python data types and their usage in programs. Integers Integers - used for representing whole numbers without a fractional part. Examples: Floats Floats - used for representing decimal numbers. Examples: Strings Examples: Lists Examples: Dictionaries Examples: Tuples Examples: Sets Examples: Booleans Booleans - used for representing truth values (True/False aka 1/0) during conditional operations. Examples: x = True y = False Note: True/False can be substitued with values 1/0 respectively due to how Python handles boolean valueshttps://r0tbyt3.dev/wiki/content/backend-engineering/python/language-fundamentals/basic-keywords/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/python/language-fundamentals/basic-keywords/Basic keywords Basic Keywords - reserved words in Python and their usage in programs. Related Links: Advanced functions Basic operators Basic data typeshttps://r0tbyt3.dev/wiki/content/backend-engineering/python/language-fundamentals/basic-operators/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/python/language-fundamentals/basic-operators/Basic operators Basic Operators - arithmetic, comparison, logical, and assignment operators in Python. Arithemtic Operators Arithmeatic Operators - used for performing mathematical operations on numbers. Examples: 1 + 2 # Addition 3 - 4 # Subtraction 5 * 6 # Multiplication 7 / 8 # Division 9 % 2 # Modulus 10 ** 3 # Exponentiation 11 // 4 # Floor Division Operator Precedence Operator precedence - the order in which operations are evaluated in an expression.https://r0tbyt3.dev/wiki/content/backend-engineering/security/cryptography/bcrypt/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/security/cryptography/bcrypt/Bcrypt Bcrypt - adaptive password hashing function designed to be computationally expensive to resist cracking. Related Links: Argon2 Hashing algorithms MD5 Scrypt SHA-1 SHA-256 TLShttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/beacon-object-files-bof/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/beacon-object-files-bof/Beacon Object Files (BOF) Beacon Object Files (BOF) - position-independent code objects executed in-process by C2 frameworks such as Cobalt Strike for post-exploitation. BOF Execution Introduction to BOF LSASS Dump BOF Object File Loader with Module Stomping Threadless Shellcode Injection via HWBPs BOF Writing BOF Files Related Links: C2 and Networking Credential Dumping Malware Concepts Payload and PE Persistence Process Injection Sleep Obfuscation Windows Internalshttps://r0tbyt3.dev/wiki/content/backend-engineering/dsa/patterns/bfs-pattern/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/dsa/patterns/bfs-pattern/BFS Pattern BFS Pattern - breadth-first search template for shortest path, level-order traversal, and multi-source problems. Related Links: Binary Search Pattern DFS Pattern Fast and Slow Pointers Merge Intervals Monotonic Stack Sliding Window Top K Elements Two Pointers Union Findhttps://r0tbyt3.dev/wiki/content/backend-engineering/dsa/algorithms/big-o-notation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/dsa/algorithms/big-o-notation/Big O Notation Big O Notation - mathematical notation expressing time and space complexity as a function of input size n. Related Links: Backtracking Bit Manipulation Divide and Conquer Dynamic Programming Graph Algorithms Greedy Algorithms Recursion Searching Sortinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/binary-metadata-modification/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/binary-metadata-modification/Binary Metadata Modification Binary Metadata Modification - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/binary-properties-icon-metadata/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/binary-properties-icon-metadata/Binary Properties Icon Metadata Binary Properties Icon Metadata - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/backend-engineering/dsa/patterns/binary-search-pattern/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/dsa/patterns/binary-search-pattern/Binary Search Pattern Binary Search Pattern - applying binary search to sorted arrays or to answer questions about monotonic functions. Related Links: BFS Pattern DFS Pattern Fast and Slow Pointers Merge Intervals Monotonic Stack Sliding Window Top K Elements Two Pointers Union Findhttps://r0tbyt3.dev/wiki/content/backend-engineering/dsa/data-structures/binary-search-trees/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/dsa/data-structures/binary-search-trees/Binary Search Trees Binary Search Trees - sorted binary trees supporting O(log n) average search, insert, and delete. Related Links: Arrays Graphs Hash Tables Heaps Linked Lists Queues Sets Stacks Strings Trees Trieshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/bind-to-atsvc-via-named-pipe/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/bind-to-atsvc-via-named-pipe/Bind to ATSVC via Named Pipe Bind to ATSVC via Named Pipe - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/bind-to-bkrp-via-named-pipe/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/bind-to-bkrp-via-named-pipe/Bind to BKRP via Named Pipe Bind to BKRP via Named Pipe - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/bind-to-epm-via-named-pipe/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/bind-to-epm-via-named-pipe/Bind to EPM via Named Pipe Bind to EPM via Named Pipe - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/bind-to-lsad-via-named-pipe/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/bind-to-lsad-via-named-pipe/Bind to LSAD via Named Pipe Bind to LSAD via Named Pipe - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/bind-to-lsat-via-named-pipe/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/bind-to-lsat-via-named-pipe/Bind to LSAT via Named Pipe Bind to LSAT via Named Pipe - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/bind-to-nrpc-via-named-pipe/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/bind-to-nrpc-via-named-pipe/Bind to NRPC via Named Pipe Bind to NRPC via Named Pipe - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/bind-to-rprn-via-named-pipe/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/bind-to-rprn-via-named-pipe/Bind to RPRN via Named Pipe Bind to RPRN via Named Pipe - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/bind-to-rrp-via-named-pipe/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/bind-to-rrp-via-named-pipe/Bind to RRP via Named Pipe Bind to RRP via Named Pipe - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/bind-to-samr-via-named-pipe/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/bind-to-samr-via-named-pipe/Bind to SAMR via Named Pipe Bind to SAMR via Named Pipe - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/bind-to-scmr-via-named-pipe/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/bind-to-scmr-via-named-pipe/Bind to SCMR via Named Pipe Bind to SCMR via Named Pipe - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/bind-to-srvs-via-named-pipe/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/bind-to-srvs-via-named-pipe/Bind to SRVS via Named Pipe Bind to SRVS via Named Pipe - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/bind-to-wkst-via-named-pipe/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/bind-to-wkst-via-named-pipe/Bind to WKST via Named Pipe Bind to WKST via Named Pipe - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/backend-engineering/dsa/algorithms/bit-manipulation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/dsa/algorithms/bit-manipulation/Bit Manipulation Bit Manipulation - using bitwise operators (AND, OR, XOR, shifts) to solve problems efficiently at the binary level. Related Links: Backtracking Big O Notation Divide and Conquer Dynamic Programming Graph Algorithms Greedy Algorithms Recursion Searching Sortinghttps://r0tbyt3.dev/wiki/content/embedded-systems/c-language/bitwise-operators-and-bit-manipulation-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/c-language/bitwise-operators-and-bit-manipulation-techniques/Bitwise Operators and Bit Manipulation Techniques Bitwise Operators and Bit Manipulation Techniques - operators and patterns for reading, setting, clearing, and toggling individual bits in registers and data fields. Related Links: Accessing Memory-Mapped Registers with Pointers Compiler Optimization Behavior and volatile Fixes Complex const and volatile Combinations Control Flow for Firmware Data Types, Variables, and Storage Class Specifiers Defensive C Patterns for Vulnerability Prevention ELF File Format, Symbols, Sections, and Segments Functions and Modular Firmware Design Pointers and Casting in Embedded C Register Definitions with C Structures Relocation, Linking, Literal Pools, and Veneers Structures, Bitfields, Unions, and Bit Extraction Toolchain Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/block-dll-policy/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/block-dll-policy/Block DLL Policy Block DLL Policy - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/blocking-driver-loading-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/blocking-driver-loading-kernel/Blocking Driver Loading Kernel Blocking Driver Loading Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/bluetooth-exploits/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/bluetooth-exploits/Bluetooth Exploits Bluetooth Exploits - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Acoustic Communication Exploits Deauth Evil Twin Attacks Infrared Exploits Near-Field Communication (NFC) Exploits Power Line Communication Exploits Quantum Communication Exploits Radio Frequency Exploits Rogue Access Point Satellite Communication Exploits Ultrasonic Communication Exploits Visible Light Communication Exploits WiFi Exploitshttps://r0tbyt3.dev/wiki/content/embedded-systems/hardware/board-bring-up-and-hardware-validation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/hardware/board-bring-up-and-hardware-validation/Board Bring-Up and Hardware Validation Board Bring-Up and Hardware Validation - process of verifying a newly assembled PCB by systematically testing power rails, clocks, communication interfaces, and peripherals. Related Links: Cables, Connectors, and Physical Interfaces Clocking and Reset Circuits Debug and Programming Hardware Digital and Analog Peripherals Memory Hardware Microcontrollers and Selection Criteria Power Regulation and Conversion Power Sources and Power Budgeting Sensors, Actuators, and Driver Components Signal Integrity, Protection, and Level Shiftinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/beacon-object-files-bof/bof-execution/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/beacon-object-files-bof/bof-execution/BOF Execution BOF Execution - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Introduction to BOF LSASS Dump BOF Object File Loader with Module Stomping Threadless Shellcode Injection via HWBPs BOF Writing BOF Fileshttps://r0tbyt3.dev/wiki/content/embedded-systems/architectures/arm-m-profile/boot-flow-on-cortex-m/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/architectures/arm-m-profile/boot-flow-on-cortex-m/Boot Flow on Cortex-M Boot Flow on Cortex-M - the sequence of steps from power-on through reset vector fetch, stack pointer initialization, and startup code execution that brings a Cortex-M device to its main application. Related Links: Exceptions Interruptions MPU Usage Patterns NVIC TrustZone-Mhttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/authentication-and-authorization/breaking-authentication/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/authentication-and-authorization/breaking-authentication/Breaking Authentication Breaking Authentication - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Authentication Bypass Techniques Breaking Authorization Brute Force vs Password Sprayinghttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/authentication-and-authorization/breaking-authorization/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/authentication-and-authorization/breaking-authorization/Breaking Authorization Breaking Authorization - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Authentication Bypass Techniques Breaking Authentication Brute Force vs Password Sprayinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/bring-your-own-file-extension/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/bring-your-own-file-extension/Bring Your Own File Extension Bring Your Own File Extension - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/bring-your-own-protocol-handler/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/bring-your-own-protocol-handler/Bring Your Own Protocol Handler Bring Your Own Protocol Handler - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/bring-your-own-vulnerable-driver-byovd/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/bring-your-own-vulnerable-driver-byovd/Bring Your Own Vulnerable Driver (BYOVD) Bring Your Own Vulnerable Driver (BYOVD) - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/authentication-and-authorization/brute-force-vs-password-spraying/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/authentication-and-authorization/brute-force-vs-password-spraying/Brute Force vs Password Spraying Brute Force vs Password Spraying - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Authentication Bypass Techniques Breaking Authentication Breaking Authorizationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/brute-force-vs-password-spraying-windows/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/brute-force-vs-password-spraying-windows/Brute Force vs Password Spraying Windows Brute Force vs Password Spraying Windows - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AlwaysInstallElevated Privilege Escalation Check Check HKCU AlwaysInstallElevated Check HKLM AlwaysInstallElevated DLL Hijacking Elevate Process to SYSTEM Enable SeDebugPrivilege Exploitation Enable WDigest for Credential Capture Jail Breaking Lateral Movement Techniques Living Off the Land (LOTL) Techniques Maintaining Persistence Techniques Move File to Startup Folder Persistence via Startup Folder Privilege Escalation Techniques Python Jail Breaking Registry Kill Switchhttps://r0tbyt3.dev/wiki/content/cybersecurity/encryption/brute-forcing-key-decryption/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/encryption/brute-forcing-key-decryption/Brute Forcing Key Decryption Brute Forcing Key Decryption - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AES Base N Encoder Entropy Reduction Caesar Cipher Encryption Decryption ChaCha20 Encryption Algorithm Data Encryption Techniques Encryption Fundamentals Generating Encryption Keys Without WinAPI Calls Random Key Generation RC4 SystemFunction040 Encryption Decryption XOR Encryption Decryption via Multi-Byte Key XOR Encryption Decryption via Single Bytehttps://r0tbyt3.dev/wiki/content/embedded-systems/exploits/buffer-overflow/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/exploits/buffer-overflow/Buffer Overflow Buffer Overflow - vulnerability caused by writing beyond the bounds of a fixed-size buffer, potentially overwriting control data or enabling arbitrary code execution. Related Links: Firmware Exploitation Network Attacks Physical Attacks Side-Channel Attackshttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/injection-attacks/buffer-overflows/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/injection-attacks/buffer-overflows/Buffer Overflows Buffer Overflows - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: CSRF Directory Traversal SQL Injection Timing Attacks XSShttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/building-a-drm-equipped-malware/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/building-a-drm-equipped-malware/Building a DRM-Equipped Malware Building a DRM-Equipped Malware - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/building-a-loader/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/building-a-loader/Building a Loader Building a Loader - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/building-a-pe-packer/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/building-a-pe-packer/Building a PE Packer Building a PE Packer - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/building-an-evasive-dll-payload-loader/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/building-an-evasive-dll-payload-loader/Building an Evasive DLL Payload Loader Building an Evasive DLL Payload Loader - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/backend-engineering/system-design/scalability-and-infrastructure/building-for-scale/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/system-design/scalability-and-infrastructure/building-for-scale/Building for scale Building for Scale - design principles and techniques for systems that handle growing traffic and data. Related Links: Caching Caching Fundamentals Docker Instrumentation and monitoring Kubernetes Profiling performance System Design Fundamentals Telemetryhttps://r0tbyt3.dev/wiki/content/cybersecurity/burp-suite/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/burp-suite/Burp Suite Burp Suite - an integrated web application security testing platform used for intercepting, inspecting, and manipulating HTTP traffic. Burp Suite Fundamentals Intercepting Proxy Intruder Repeater Scanner Related Links: Application Security Bash Cryptography Cybersecurity Encryption Firewalls Ghidra Hashing Incident Response and Forensics Information Security Models Linux Operating System Malware Analysis Malware Development Network Security Nginx Nmap Obfuscation and Detection Evasion Offensive Phishing Operations Ransomware SOC and Detection Engineering Social Engineering Threat Modeling Windows Security and Administration Wiresharkhttps://r0tbyt3.dev/wiki/content/cybersecurity/burp-suite/burp-suite-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/burp-suite/burp-suite-fundamentals/Burp Suite Fundamentals Burp Suite Fundamentals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Intercepting Proxy Intruder Repeater Scannerhttps://r0tbyt3.dev/wiki/content/embedded-systems/architectures/bus-fabrics-and-on-chip-interconnects/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/architectures/bus-fabrics-and-on-chip-interconnects/Bus Fabrics and On-Chip Interconnects Bus Fabrics and On-Chip Interconnects - the internal communication infrastructure of a SoC that connects the CPU, memory, and peripherals, including AHB, APB, AXI, and crossbar fabrics. Related Links: Arm M-profile CPU Core Concepts Heterogeneous SoCs and Co-processors Memory Architecture Power and Clock Domain Architecture RISC-V Single Core vs Multi-Core Architectureshttps://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/digital-social-engineering/business-email-compromise/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/digital-social-engineering/business-email-compromise/Business Email Compromise Business Email Compromise - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Drive-By Downloads File Sharing and Removable Media Phishing Overview Typo Squatting Watering Hole Attackshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/bypass-eaf-export-address-filtering/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/bypass-eaf-export-address-filtering/Bypass EAF Export Address Filtering Bypass EAF Export Address Filtering - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/embedded-systems/c-language/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/c-language/C Language for Embedded Systems C Language for Embedded Systems - the programming language commonly used for developing software for embedded systems due to its efficiency and low-level control. (Note: This is different from application-level C programming, which may involve higher-level abstractions and libraries.) Accessing Memory-Mapped Registers with Pointers Bitwise Operators and Bit Manipulation Techniques Compiler Optimization Behavior and volatile Fixes Complex const and volatile Combinations Control Flow for Firmware Data Types, Variables, and Storage Class Specifiers Defensive C Patterns for Vulnerability Prevention ELF File Format, Symbols, Sections, and Segments Functions and Modular Firmware Design Pointers and Casting in Embedded C Register Definitions with C Structures Relocation, Linking, Literal Pools, and Veneers Structures, Bitfields, Unions, and Bit Extraction Toolchain Fundamentals Related Links: Embedded Systems Architectures Embedded Systems Communication Protocols Embedded Systems Execution Models Embedded Systems Exploits Embedded Systems Hardware Embedded Systems Runtime View STM32 Microcontrollershttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/c-programming/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/c-programming/C Programming C Programming - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/C2 and Networking C2 and Networking - command-and-control communication patterns, protocol abuse, and network-based techniques used in post-exploitation operations. Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/c2-communication-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/c2-communication-techniques/C2 Communication Techniques C2 Communication Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/embedded-systems/hardware/cables-connectors-and-physical-interfaces/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/hardware/cables-connectors-and-physical-interfaces/Cables, Connectors, and Physical Interfaces Cables, Connectors, and Physical Interfaces - physical interconnects used to connect embedded boards to peripherals, power supplies, and debug tools. Related Links: Board Bring-Up and Hardware Validation Clocking and Reset Circuits Debug and Programming Hardware Digital and Analog Peripherals Memory Hardware Microcontrollers and Selection Criteria Power Regulation and Conversion Power Sources and Power Budgeting Sensors, Actuators, and Driver Components Signal Integrity, Protection, and Level Shiftinghttps://r0tbyt3.dev/wiki/content/backend-engineering/system-design/scalability-and-infrastructure/caching/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/system-design/scalability-and-infrastructure/caching/Caching Caching - technique of storing frequently accessed data in a fast storage layer to reduce latency. Related Links: Building for scale Caching Fundamentals Docker Instrumentation and monitoring Kubernetes Profiling performance System Design Fundamentals Telemetryhttps://r0tbyt3.dev/wiki/content/backend-engineering/system-design/scalability-and-infrastructure/caching-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/system-design/scalability-and-infrastructure/caching-fundamentals/Caching Fundamentals Caching Fundamentals - core concepts of caching to improve application performance and reduce latency. Related Links: Building for scale Caching Docker Instrumentation and monitoring Kubernetes Profiling performance System Design Fundamentals Telemetryhttps://r0tbyt3.dev/wiki/content/backend-engineering/web/web-infrastructure/caddy/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/web/web-infrastructure/caddy/Caddy Caddy - modern, automatic HTTPS web server with simple configuration and built-in certificate management. Related Links: Apache Domain name Domain name system Http caching Https Nginx Fundamentals Web servershttps://r0tbyt3.dev/wiki/content/cybersecurity/encryption/caesar-cipher-encryption-decryption/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/encryption/caesar-cipher-encryption-decryption/Caesar Cipher Encryption Decryption Caesar Cipher Encryption Decryption - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AES Base N Encoder Entropy Reduction Brute Forcing Key Decryption ChaCha20 Encryption Algorithm Data Encryption Techniques Encryption Fundamentals Generating Encryption Keys Without WinAPI Calls Random Key Generation RC4 SystemFunction040 Encryption Decryption XOR Encryption Decryption via Multi-Byte Key XOR Encryption Decryption via Single Bytehttps://r0tbyt3.dev/wiki/content/embedded-systems/communication-protocols/can-bus/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/communication-protocols/can-bus/CAN Bus CAN Bus - multi-master serial bus protocol used in automotive and industrial embedded systems for reliable, prioritized message exchange. Related Links: I2C Monodon Firmware SPI UARThttps://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-fundamentals/cap-theorem/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-fundamentals/cap-theorem/CAP theorem CAP Theorem - principle stating distributed systems can guarantee only two of: Consistency, Availability, Partition tolerance. Consistency - all nodes see the same data at the same time. Availability - every request receives a response, without guarantee that it contains the most recent data. Partition tolerance - the system continues to operate despite arbitrary partitioning due to network failures. CAP Theorem Trade-offs Consistency and Partition tolerance (CP) - The system sacrifices availability to ensure data consistency during a network partition, often returning an error or time-out if data cannot be synced.https://r0tbyt3.dev/wiki/content/backend-engineering/security/authorization/capability-based-access-control/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/security/authorization/capability-based-access-control/Capability-based access control Capability-Based Access Control - security model where access rights are represented as unforgeable tokens. Related Links: Access control lists (ACLs) Attribute-based access control (ABAC) OAuth OpenID Connect (OIDC) Role-based access control (RBAC)https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/capturing-and-saving-screenshots-into-memory/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/capturing-and-saving-screenshots-into-memory/Capturing and Saving Screenshots into Memory Capturing and Saving Screenshots into Memory - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/cfg-query/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/cfg-query/CFG Query CFG Query - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/encryption/chacha20-encryption-algorithm/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/encryption/chacha20-encryption-algorithm/ChaCha20 Encryption Algorithm ChaCha20 Encryption Algorithm - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AES Base N Encoder Entropy Reduction Brute Forcing Key Decryption Caesar Cipher Encryption Decryption Data Encryption Techniques Encryption Fundamentals Generating Encryption Keys Without WinAPI Calls Random Key Generation RC4 SystemFunction040 Encryption Decryption XOR Encryption Decryption via Multi-Byte Key XOR Encryption Decryption via Single Bytehttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/check-debug-object-handle/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/check-debug-object-handle/Check Debug Object Handle Check Debug Object Handle - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/check-debug-object-handle-via-ntqueryinformationprocess/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/check-debug-object-handle-via-ntqueryinformationprocess/Check Debug Object Handle via NtQueryInformationProcess Check Debug Object Handle via NtQueryInformationProcess - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/check-hkcu-alwaysinstallelevated/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/check-hkcu-alwaysinstallelevated/Check HKCU AlwaysInstallElevated Check HKCU AlwaysInstallElevated - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AlwaysInstallElevated Privilege Escalation Check Brute Force vs Password Spraying Windows Check HKLM AlwaysInstallElevated DLL Hijacking Elevate Process to SYSTEM Enable SeDebugPrivilege Exploitation Enable WDigest for Credential Capture Jail Breaking Lateral Movement Techniques Living Off the Land (LOTL) Techniques Maintaining Persistence Techniques Move File to Startup Folder Persistence via Startup Folder Privilege Escalation Techniques Python Jail Breaking Registry Kill Switchhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/check-hklm-alwaysinstallelevated/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/check-hklm-alwaysinstallelevated/Check HKLM AlwaysInstallElevated Check HKLM AlwaysInstallElevated - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AlwaysInstallElevated Privilege Escalation Check Brute Force vs Password Spraying Windows Check HKCU AlwaysInstallElevated DLL Hijacking Elevate Process to SYSTEM Enable SeDebugPrivilege Exploitation Enable WDigest for Credential Capture Jail Breaking Lateral Movement Techniques Living Off the Land (LOTL) Techniques Maintaining Persistence Techniques Move File to Startup Folder Persistence via Startup Folder Privilege Escalation Techniques Python Jail Breaking Registry Kill Switchhttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/check-hyper-v-status/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/check-hyper-v-status/Check Hyper-V Status Check Hyper-V Status - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/check-if-process-is-wow64/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/check-if-process-is-wow64/Check If Process Is WOW64 Check If Process Is WOW64 - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/check-if-rpc-server-is-listening-c706-mgmt/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/check-if-rpc-server-is-listening-c706-mgmt/Check If RPC Server Is Listening C706 Mgmt Check If RPC Server Is Listening C706 Mgmt - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/check-process-admin-privileges-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/check-process-admin-privileges-kernel/Check Process Admin Privileges Kernel Check Process Admin Privileges Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/check-process-elevation-status/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/check-process-elevation-status/Check Process Elevation Status Check Process Elevation Status - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/check-token-elevation-status-via-ntqueryinformationtoken/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/check-token-elevation-status-via-ntqueryinformationtoken/Check Token Elevation Status via NtQueryInformationToken Check Token Elevation Status via NtQueryInformationToken - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/ci-cd/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/ci-cd/CI-CD CI-CD - continuous integration, continuous delivery, and DevSecOps practices for modern software pipelines. DevOps Fundamentals DevSecOps Pipeline and Delivery Related Links: Containers and Kubernetes DevOps and Platform Engineering Infrastructure as Code Observability and SREhttps://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/ci-cd/pipeline-and-delivery/ci-cd-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/ci-cd/pipeline-and-delivery/ci-cd-fundamentals/CI-CD Fundamentals CI-CD Fundamentals - automating code integration, testing, and deployment to reduce manual effort and accelerate release cycles. Related Links: Deployment Development Phase Release Strategies Requirements and Design Phase Testinghttps://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/cia-triad/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/cia-triad/CIA Triad CIA Triad - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Information Security Models Overview Privacyhttps://r0tbyt3.dev/wiki/content/backend-engineering/concurrency/circuit-breakers/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/concurrency/circuit-breakers/Circuit breakers Circuit Breakers - pattern preventing cascading failures by stopping calls to a failing service. Related Links: Backpressure Event-driven architecture Failure modes Graceful degradation Loadshifting Rate limiting Real time data Realtime Server sent events short polling Streaming Throttling Websocketshttps://r0tbyt3.dev/wiki/content/backend-engineering/django/class-based-views/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/django/class-based-views/Class-Based Views Class-Based Views - reusable, composable view logic using Python classes and Django’s built-in view mixins. Related Links: Custom User Model Deployment Django Admin Django Security Django Testing Forms and Validation Function-Based Views Middleware Migrations ModelForms Models and ORM Permissions and Groups QuerySets and Managers Settings and Configuration Signals Static Files and Media Templates and Template Tags URL Routing User Authenticationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/cleaning-driver-artifacts-from-memory-dumps-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/cleaning-driver-artifacts-from-memory-dumps-kernel/Cleaning Driver Artifacts from Memory Dumps Kernel Cleaning Driver Artifacts from Memory Dumps Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/page-design-and-delivery/clickfix-run-dialog-alternatives/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/page-design-and-delivery/clickfix-run-dialog-alternatives/ClickFix Run Dialog Alternatives ClickFix Run Dialog Alternatives - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Cloning Websites via Browser Extension Designing Custom Phishing Pages Integrating Backend Functionality Introduction to Apache Mod Rewrite Introduction to ClickFix Introduction to Flask Living Off Trusted Sites (LOTS)https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/client-analysis-via-cloudflare-workers/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/client-analysis-via-cloudflare-workers/Client Analysis via Cloudflare Workers Client Analysis via Cloudflare Workers - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ad Blocker Detection Anti-Bot Library Anti-Bot via Advanced JA4 Analysis Anti-Bot via CAPTCHA Anti-Bot via Improper Window Size Anti-Bot via User Agent Filtering Anti-Bot via User Agent Spoofing Detection Anti-Bot via User Interaction Client Logging Library Collecting and Analyzing Bot Telemetry Collecting and Analyzing JA4 Bot Telemetry Detecting Headless Browsers via WebDriver Property Incognito Mode Detection JA3 JA3S Fingerprinting JA4 Analysis Blacklisting JA4 Fingerprints JA4 Analysis Blacklisting Partial JA4 Fingerprints JA4 Analysis Calculating JA4 Fingerprints JA4 Analysis Whitelisting Partial JA4 Fingerprints JA4 JA4S Fingerprinting JARM Fingerprintinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/client-logging-library/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/client-logging-library/Client Logging Library Client Logging Library - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ad Blocker Detection Anti-Bot Library Anti-Bot via Advanced JA4 Analysis Anti-Bot via CAPTCHA Anti-Bot via Improper Window Size Anti-Bot via User Agent Filtering Anti-Bot via User Agent Spoofing Detection Anti-Bot via User Interaction Client Analysis via Cloudflare Workers Collecting and Analyzing Bot Telemetry Collecting and Analyzing JA4 Bot Telemetry Detecting Headless Browsers via WebDriver Property Incognito Mode Detection JA3 JA3S Fingerprinting JA4 Analysis Blacklisting JA4 Fingerprints JA4 Analysis Blacklisting Partial JA4 Fingerprints JA4 Analysis Calculating JA4 Fingerprints JA4 Analysis Whitelisting Partial JA4 Fingerprints JA4 JA4S Fingerprinting JARM Fingerprintinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/clipboard-data-theft/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/clipboard-data-theft/Clipboard Data Theft Clipboard Data Theft - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/embedded-systems/hardware/clocking-and-reset-circuits/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/hardware/clocking-and-reset-circuits/Clocking and Reset Circuits Clocking and Reset Circuits - oscillators, PLLs, and reset logic that establish and maintain the timing and initialization state of a microcontroller. Related Links: Board Bring-Up and Hardware Validation Cables, Connectors, and Physical Interfaces Debug and Programming Hardware Digital and Analog Peripherals Memory Hardware Microcontrollers and Selection Criteria Power Regulation and Conversion Power Sources and Power Budgeting Sensors, Actuators, and Driver Components Signal Integrity, Protection, and Level Shiftinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/cloning-detection-mechanisms/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/cloning-detection-mechanisms/Cloning Detection Mechanisms Cloning Detection Mechanisms - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing Server Security Anti-Analysis Approve Access via Discord Anti-Analysis Approve Access via Email Anti-Analysis Approve Access via Push Notifications Anti-Analysis Dynamic Obfuscation via Obfuscatorio Anti-Analysis via AES Encryption Anti-Analysis via Base64 Obfuscation Anti-Analysis via Cookie Check Anti-Analysis via Dynamic Encryption Anti-Analysis via Dynamic HTML Generation Anti-Analysis via Fetching Remote Content Anti-Analysis via Honeypots Anti-Analysis via Invisible Encoding Anti-Analysis via IP Restrictions Anti-Analysis via Reverse DNS Query Anti-Analysis via Website Keying Anti-Analysis via XOR Obfuscation Evading Google Safe Browsing Hiding Domain via Referrer Policy Phishing Detection Methods Practical Phishing Detection Exampleshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/page-design-and-delivery/cloning-websites-via-browser-extension/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/page-design-and-delivery/cloning-websites-via-browser-extension/Cloning Websites via Browser Extension Cloning Websites via Browser Extension - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: ClickFix Run Dialog Alternatives Designing Custom Phishing Pages Integrating Backend Functionality Introduction to Apache Mod Rewrite Introduction to ClickFix Introduction to Flask Living Off Trusted Sites (LOTS)https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/Code Obfuscation Code Obfuscation - techniques that transform malware code to disguise its true purpose and evade signature-based and heuristic detection. AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniques Related Links: AMSI Bypass Anti-Analysis Automated Obfuscation Techniques Covering Tracks ETW Bypass NTDLL Unhooking and API Hookinghttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/code-obfuscation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/code-obfuscation/Code Obfuscation Code Obfuscation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/backend-engineering/python/software-engineering/code-reviews/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/python/software-engineering/code-reviews/Code reviews Code Reviews - process of systematically checking code quality, correctness, and maintainability. Related Links: Documentation generation Functional testing Git Integration testing Refactoring Unit testinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/collecting-and-analyzing-bot-telemetry/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/collecting-and-analyzing-bot-telemetry/Collecting and Analyzing Bot Telemetry Collecting and Analyzing Bot Telemetry - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ad Blocker Detection Anti-Bot Library Anti-Bot via Advanced JA4 Analysis Anti-Bot via CAPTCHA Anti-Bot via Improper Window Size Anti-Bot via User Agent Filtering Anti-Bot via User Agent Spoofing Detection Anti-Bot via User Interaction Client Analysis via Cloudflare Workers Client Logging Library Collecting and Analyzing JA4 Bot Telemetry Detecting Headless Browsers via WebDriver Property Incognito Mode Detection JA3 JA3S Fingerprinting JA4 Analysis Blacklisting JA4 Fingerprints JA4 Analysis Blacklisting Partial JA4 Fingerprints JA4 Analysis Calculating JA4 Fingerprints JA4 Analysis Whitelisting Partial JA4 Fingerprints JA4 JA4S Fingerprinting JARM Fingerprintinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/collecting-and-analyzing-ja4-bot-telemetry/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/collecting-and-analyzing-ja4-bot-telemetry/Collecting and Analyzing JA4 Bot Telemetry Collecting and Analyzing JA4 Bot Telemetry - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ad Blocker Detection Anti-Bot Library Anti-Bot via Advanced JA4 Analysis Anti-Bot via CAPTCHA Anti-Bot via Improper Window Size Anti-Bot via User Agent Filtering Anti-Bot via User Agent Spoofing Detection Anti-Bot via User Interaction Client Analysis via Cloudflare Workers Client Logging Library Collecting and Analyzing Bot Telemetry Detecting Headless Browsers via WebDriver Property Incognito Mode Detection JA3 JA3S Fingerprinting JA4 Analysis Blacklisting JA4 Fingerprints JA4 Analysis Blacklisting Partial JA4 Fingerprints JA4 Analysis Calculating JA4 Fingerprints JA4 Analysis Whitelisting Partial JA4 Fingerprints JA4 JA4S Fingerprinting JARM Fingerprintinghttps://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-types/column-dbs/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-types/column-dbs/Column dbs Column Databases - databases storing data by columns instead of rows for analytical query performance. Related Links: Document dbs Elasticsearch Graphdbs Key value Memcached Non-relational databases NoSQL databases Redis Relational databases Search engines Solr Time series dbs Vector databaseshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/command-and-control-patterns/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/command-and-control-patterns/Command and Control Patterns Command and Control Patterns - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/command-line-argument-spoofing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/command-line-argument-spoofing/Command Line Argument Spoofing Command Line Argument Spoofing - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/common-exploit-frameworks-and-tools/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/common-exploit-frameworks-and-tools/Common Exploit Frameworks and Tools Common Exploit Frameworks and Tools - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Authentication and Authorization Automated Exploit Generation Automated Vulnerability Discovery Injection Attacks OWASP Top 10 Secure Coding Fundamentals Software Vulnerabilities and Exploits Target-Specific Exploitation Web Based Attackshttps://r0tbyt3.dev/wiki/content/backend-engineering/databases/sql/common-table-expressions-ctes/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/sql/common-table-expressions-ctes/Common table expressions (CTEs) Common Table Expressions - temporary named result sets within a SQL statement for cleaner query structure. Related Links: Advanced SQL Aggregate queries Dynamic SQL Join queries Pivot and unpivot operations Recursive queries Select, insert, delete, update statements Stored procedures and triggers Subqueries Views Window functionshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/compile-time-getmodulehandle/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/compile-time-getmodulehandle/Compile-Time GetModuleHandle Compile-Time GetModuleHandle - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/compile-time-getprocaddress/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/compile-time-getprocaddress/Compile-Time GetProcAddress Compile-Time GetProcAddress - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/compile-time-hash-obfuscation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/compile-time-hash-obfuscation/Compile-Time Hash Obfuscation Compile-Time Hash Obfuscation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/compile-time-string-encryption/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/compile-time-string-encryption/Compile-Time String Encryption Compile-Time String Encryption - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/embedded-systems/c-language/compiler-optimization-behavior-and-volatile-fixes/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/c-language/compiler-optimization-behavior-and-volatile-fixes/Compiler Optimization Behavior and volatile Fixes Compiler Optimization Behavior and volatile Fixes - how compilers reorder or eliminate memory accesses and how the volatile qualifier prevents such optimizations on hardware-mapped variables. Related Links: Accessing Memory-Mapped Registers with Pointers Bitwise Operators and Bit Manipulation Techniques Complex const and volatile Combinations Control Flow for Firmware Data Types, Variables, and Storage Class Specifiers Defensive C Patterns for Vulnerability Prevention ELF File Format, Symbols, Sections, and Segments Functions and Modular Firmware Design Pointers and Casting in Embedded C Register Definitions with C Structures Relocation, Linking, Literal Pools, and Veneers Structures, Bitfields, Unions, and Bit Extraction Toolchain Fundamentalshttps://r0tbyt3.dev/wiki/content/embedded-systems/c-language/complex-const-and-volatile-combinations/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/c-language/complex-const-and-volatile-combinations/Complex const and volatile Combinations Complex const and volatile Combinations - combined use of const and volatile qualifiers to model read-only hardware registers and shared data in embedded C. Related Links: Accessing Memory-Mapped Registers with Pointers Bitwise Operators and Bit Manipulation Techniques Compiler Optimization Behavior and volatile Fixes Control Flow for Firmware Data Types, Variables, and Storage Class Specifiers Defensive C Patterns for Vulnerability Prevention ELF File Format, Symbols, Sections, and Segments Functions and Modular Firmware Design Pointers and Casting in Embedded C Register Definitions with C Structures Relocation, Linking, Literal Pools, and Veneers Structures, Bitfields, Unions, and Bit Extraction Toolchain Fundamentalshttps://r0tbyt3.dev/wiki/content/backend-engineering/concurrency/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/concurrency/Concurrency Concurrency - patterns and techniques for handling parallel execution, async processing, and real-time data. Backpressure Circuit breakers Event-driven architecture Failure modes Graceful degradation Loadshifting Rate limiting Real time data Realtime Server sent events short polling Streaming Throttling Websockets Related Links: Backend Engineering Databases Django DSA Python Security System Design Webhttps://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/infrastructure-as-code/iac-tools/configuration-management-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/infrastructure-as-code/iac-tools/configuration-management-fundamentals/Configuration Management Fundamentals Configuration Management Fundamentals - maintaining desired system state consistently across environments using idempotent tooling. Related Links: IaC Security Infrastructure as Code Fundamentals Terraform Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/connect-to-samr-server-ms-samr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/connect-to-samr-server-ms-samr/Connect to SAMR Server MS-SAMR Connect to SAMR Server MS-SAMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/containers-and-kubernetes/container-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/containers-and-kubernetes/container-fundamentals/Container Fundamentals Container Fundamentals - packaging applications with dependencies into portable, isolated units using Docker images and layers. Related Links: Container Scanning Tools Docker Security Kubernetes Fundamentals Kubernetes Security Kubernetes Security Basicshttps://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/containers-and-kubernetes/container-scanning-tools/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/containers-and-kubernetes/container-scanning-tools/Container Scanning Tools Container Scanning Tools - automated tools for detecting known CVEs and misconfigurations in container images before deployment. Related Links: Container Fundamentals Docker Security Kubernetes Fundamentals Kubernetes Security Kubernetes Security Basicshttps://r0tbyt3.dev/wiki/content/backend-engineering/security/web-security/container-security-best-practices/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/security/web-security/container-security-best-practices/Container security best practices Container Security Best Practices - guidelines for securing Docker and container-based deployments. Related Links: API security best practices CORS CSP Mitigation techniques OWASP risks Server securityhttps://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/containers-and-kubernetes/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/containers-and-kubernetes/Containers and Kubernetes Containers and Kubernetes - containerization fundamentals, orchestration, and security for cloud-native applications. Container Fundamentals Container Scanning Tools Docker Security Kubernetes Fundamentals Kubernetes Security Kubernetes Security Basics Related Links: CI-CD DevOps and Platform Engineering Infrastructure as Code Observability and SREhttps://r0tbyt3.dev/wiki/content/embedded-systems/c-language/control-flow-for-firmware/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/c-language/control-flow-for-firmware/Control Flow for Firmware Control Flow for Firmware - use of conditionals, loops, and switch statements in firmware, including considerations for deterministic execution and avoiding undefined behavior. Related Links: Accessing Memory-Mapped Registers with Pointers Bitwise Operators and Bit Manipulation Techniques Compiler Optimization Behavior and volatile Fixes Complex const and volatile Combinations Data Types, Variables, and Storage Class Specifiers Defensive C Patterns for Vulnerability Prevention ELF File Format, Symbols, Sections, and Segments Functions and Modular Firmware Design Pointers and Casting in Embedded C Register Definitions with C Structures Relocation, Linking, Literal Pools, and Veneers Structures, Bitfields, Unions, and Bit Extraction Toolchain Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/controlling-payload-execution/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/controlling-payload-execution/Controlling Payload Execution Controlling Payload Execution - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/embedded-systems/execution-models/cooperative-scheduling/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/execution-models/cooperative-scheduling/Cooperative Scheduling Cooperative Scheduling - execution model where tasks voluntarily yield the processor, requiring explicit hand-off points to ensure fairness and responsiveness. Related Links: Event-Driven and State-Machine Models Failure Recovery Models Hybrid Polling and Interrupt Models Interrupt-Driven Execution ISR-to-Task Communication Patterns Power-Aware Execution Strategies Preemptive RTOS Scheduling Real-Time Constraints, Latency, and Jitter Shared-State Synchronization and Concurrency Safety Superloop Task Priorities and Deadline Handlinghttps://r0tbyt3.dev/wiki/content/backend-engineering/security/web-security/cors/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/security/web-security/cors/CORS CORS - browser security mechanism controlling how web pages request resources from different origins. Related Links: API security best practices Container security best practices CSP Mitigation techniques OWASP risks Server securityhttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/covering-tracks/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/covering-tracks/Covering Tracks Covering Tracks - techniques to erase or tamper with forensic evidence including logs, timestamps, and file system artifacts after a compromise. Anti-Forensic Techniques Covering Tracks Techniques Data Destruction Techniques File Time Stomping Log Tampering Techniques Self-Deletion Techniques Shadow Copy Deletion Timestomping Techniques Related Links: AMSI Bypass Anti-Analysis Automated Obfuscation Techniques Code Obfuscation ETW Bypass NTDLL Unhooking and API Hookinghttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/covering-tracks/covering-tracks-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/covering-tracks/covering-tracks-techniques/Covering Tracks Techniques Covering Tracks Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Forensic Techniques Data Destruction Techniques File Time Stomping Log Tampering Techniques Self-Deletion Techniques Shadow Copy Deletion Timestomping Techniqueshttps://r0tbyt3.dev/wiki/content/embedded-systems/architectures/cpu-core-concepts/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/architectures/cpu-core-concepts/CPU Core Concepts CPU Core Concepts - fundamental principles of processor design relevant to embedded systems, including instruction set architectures, pipeline stages, and privilege levels. ISA Privilege Levels Related Links: Arm M-profile Bus Fabrics and On-Chip Interconnects Heterogeneous SoCs and Co-processors Memory Architecture Power and Clock Domain Architecture RISC-V Single Core vs Multi-Core Architectureshttps://r0tbyt3.dev/wiki/content/cybersecurity/hashing/crc-djb2-lose-lose-hashing-algorithms/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/hashing/crc-djb2-lose-lose-hashing-algorithms/CRC DJB2 Lose Lose Hashing Algorithms CRC DJB2 Lose Lose Hashing Algorithms - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Hashing Fundamentals Multiple Hashing Algorithmshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/create-a-dll-template/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/create-a-dll-template/Create a DLL Template Create a DLL Template - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/create-a-group-ms-samr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/create-a-group-ms-samr/Create a Group MS-SAMR Create a Group MS-SAMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/create-local-remote-service/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/create-local-remote-service/Create Local Remote Service Create Local Remote Service - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/create-local-user/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/create-local-user/Create Local User Create Local User - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/create-local-user-account/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/create-local-user-account/Create Local User Account Create Local User Account - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/create-remote-service/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/create-remote-service/Create Remote Service Create Remote Service - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/create-shortcut-via-ishelllink-com-interface/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/create-shortcut-via-ishelllink-com-interface/Create Shortcut via IShellLink COM Interface Create Shortcut via IShellLink COM Interface - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Active Directory Active Directory Enumeration File Creation File Operations Windows Administration Windows Exploitation Write File to Diskhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/Credential Dumping Credential Dumping - techniques for extracting authentication credentials from memory, registry, disk, and browser storage on compromised systems. Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumping Related Links: Beacon Object Files (BOF) C2 and Networking Malware Concepts Payload and PE Persistence Process Injection Sleep Obfuscation Windows Internalshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/cross-architecture-injection-x86-to-x64/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/cross-architecture-injection-x86-to-x64/Cross-Architecture Injection x86 to x64 Cross-Architecture Injection x86 to x64 - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/crt-library-removal/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/crt-library-removal/CRT Library Removal CRT Library Removal - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/crt-removal/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/crt-removal/CRT Removal CRT Removal - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/cryptography/cryptographic-algorithms/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/cryptography/cryptographic-algorithms/Cryptographic Algorithms Cryptographic Algorithms - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Cryptography Fundamentals Data Anonymization Techniques Data Masking Techniques Secure Communication Techniques Steganographyhttps://r0tbyt3.dev/wiki/content/backend-engineering/security/cryptography/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/security/cryptography/Cryptography Cryptography - cryptographic primitives and protocols used to protect data integrity, confidentiality, and authenticity. Argon2 Bcrypt Hashing algorithms MD5 Scrypt SHA-1 SHA-256 TLS Related Links: Authentication Authorization Web Securityhttps://r0tbyt3.dev/wiki/content/cybersecurity/cryptography/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/cryptography/Cryptography Cryptography - the study of techniques for secure communication and data protection using mathematical algorithms and protocols. Cryptographic Algorithms Cryptography Fundamentals Data Anonymization Techniques Data Masking Techniques Secure Communication Techniques Steganography Related Links: Application Security Bash Burp Suite Cybersecurity Encryption Firewalls Ghidra Hashing Incident Response and Forensics Information Security Models Linux Operating System Malware Analysis Malware Development Network Security Nginx Nmap Obfuscation and Detection Evasion Offensive Phishing Operations Ransomware SOC and Detection Engineering Social Engineering Threat Modeling Windows Security and Administration Wiresharkhttps://r0tbyt3.dev/wiki/content/cybersecurity/cryptography/cryptography-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/cryptography/cryptography-fundamentals/Cryptography Fundamentals Cryptography Fundamentals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Cryptographic Algorithms Data Anonymization Techniques Data Masking Techniques Secure Communication Techniques Steganographyhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/cryptojacking-exploits/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/cryptojacking-exploits/Cryptojacking Exploits Cryptojacking Exploits - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/backend-engineering/security/web-security/csp/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/security/web-security/csp/CSP Content Security Policy - HTTP security header restricting resource loading to prevent XSS attacks. Related Links: API security best practices Container security best practices CORS Mitigation techniques OWASP risks Server securityhttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/injection-attacks/csrf/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/injection-attacks/csrf/CSRF CSRF - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Buffer Overflows Directory Traversal SQL Injection Timing Attacks XSShttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/custom-built-tools-demonstration/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/custom-built-tools-demonstration/Custom Built Tools Demonstration Custom Built Tools Demonstration - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/custom-smb-client/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/custom-smb-client/Custom SMB Client Custom SMB Client - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/backend-engineering/django/custom-user-model/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/django/custom-user-model/Custom User Model Custom User Model - extending AbstractUser or AbstractBaseUser to add custom fields, managers, and auth behavior. Related Links: Class-Based Views Deployment Django Admin Django Security Django Testing Forms and Validation Function-Based Views Middleware Migrations ModelForms Models and ORM Permissions and Groups QuerySets and Managers Settings and Configuration Signals Static Files and Media Templates and Template Tags URL Routing User Authenticationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/custom-winapi-functions/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/custom-winapi-functions/Custom WinAPI Functions Custom WinAPI Functions - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/customizing-evilginx-opsec-configuration/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/customizing-evilginx-opsec-configuration/Customizing Evilginx OPSEC Configuration Customizing Evilginx OPSEC Configuration - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Adversary in the Middle (AitM) via Evilginx Dynamic Device Code Phishing Evilginx Phishlet Development Evilginx URL Rewriting GitHub Device Code Phishing GitLab Device Code Phishing Illicit Consent Grant Invisible Proxy OPSEC Considerations Manual TOTP Harvesting MFA Bypass Azure AitM Phishing MFA Bypass Building an Invisible Proxy MFA Bypass Building an Invisible Proxy via Cloudflare Workers Microsoft Device Code Phishing Protecting Evilginx Server via Caddyhttps://r0tbyt3.dev/wiki/content/cybersecurity/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/Cybersecurity Map Cybersecurity - the practice of protecting computer systems, networks, and data from unauthorized access, attacks, and damage. Application Security Bash Burp Suite Cryptography Encryption Firewalls Ghidra Hashing Incident Response and Forensics Information Security Models Linux Operating System Malware Analysis Malware Development Network Security Nginx Nmap Obfuscation and Detection Evasion Offensive Phishing Operations Ransomware SOC and Detection Engineering Social Engineering Threat Modeling Windows Security and Administration Wireshark Related Links: Backend Engineering DevOps and Platform Engineering Embedded Systems Homehttps://r0tbyt3.dev/wiki/content/cybersecurity/cryptography/data-anonymization-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/cryptography/data-anonymization-techniques/Data Anonymization Techniques Data Anonymization Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Cryptographic Algorithms Cryptography Fundamentals Data Masking Techniques Secure Communication Techniques Steganographyhttps://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-fundamentals/data-constraints/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-fundamentals/data-constraints/Data constraints Data Constraints - rules enforced at the database level to ensure data integrity and validity. Related Links: ACID CAP theorem Data definition language Data integrity and normalization and security Data manipulation language Databases and Data Modeling Migrations Normalization ORMs Transactions Transactions and isolation levelshttps://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-fundamentals/data-definition-language/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-fundamentals/data-definition-language/Data definition language Data Definition Language - SQL commands for defining and modifying database schema structures. Related Links: ACID CAP theorem Data constraints Data integrity and normalization and security Data manipulation language Databases and Data Modeling Migrations Normalization ORMs Transactions Transactions and isolation levelshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/covering-tracks/data-destruction-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/covering-tracks/data-destruction-techniques/Data Destruction Techniques Data Destruction Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Forensic Techniques Covering Tracks Techniques File Time Stomping Log Tampering Techniques Self-Deletion Techniques Shadow Copy Deletion Timestomping Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/encryption/data-encryption-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/encryption/data-encryption-techniques/Data Encryption Techniques Data Encryption Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AES Base N Encoder Entropy Reduction Brute Forcing Key Decryption Caesar Cipher Encryption Decryption ChaCha20 Encryption Algorithm Encryption Fundamentals Generating Encryption Keys Without WinAPI Calls Random Key Generation RC4 SystemFunction040 Encryption Decryption XOR Encryption Decryption via Multi-Byte Key XOR Encryption Decryption via Single Bytehttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/data-exfiltration-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/data-exfiltration-techniques/Data Exfiltration Techniques Data Exfiltration Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-fundamentals/data-integrity-and-normalization-and-security/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-fundamentals/data-integrity-and-normalization-and-security/Data integrity and normalization and security Data Integrity, Normalization, and Security - practices ensuring data correctness, minimal redundancy, and protection. Related Links: ACID CAP theorem Data constraints Data definition language Data manipulation language Databases and Data Modeling Migrations Normalization ORMs Transactions Transactions and isolation levelshttps://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-fundamentals/data-manipulation-language/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-fundamentals/data-manipulation-language/Data manipulation language Data Manipulation Language - SQL commands for querying and modifying data within tables. Related Links: ACID CAP theorem Data constraints Data definition language Data integrity and normalization and security Databases and Data Modeling Migrations Normalization ORMs Transactions Transactions and isolation levelshttps://r0tbyt3.dev/wiki/content/cybersecurity/cryptography/data-masking-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/cryptography/data-masking-techniques/Data Masking Techniques Data Masking Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Cryptographic Algorithms Cryptography Fundamentals Data Anonymization Techniques Secure Communication Techniques Steganographyhttps://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-performance/data-replication/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-performance/data-replication/Data replication Data Replication - process of copying data across multiple database servers for availability and redundancy. Related Links: Database index Database scaling Indexes and performance optimization Indexing and Query Performance N+1 query problem Performance tuning and query optimization Shardinghttps://r0tbyt3.dev/wiki/content/backend-engineering/dsa/data-structures/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/dsa/data-structures/Data Structures Data Structures - fundamental data structures every engineer must know, with Python 3 implementations and complexity analysis. Arrays Binary Search Trees Graphs Hash Tables Heaps Linked Lists Queues Sets Stacks Strings Trees Tries Related Links: Algorithms Patternshttps://r0tbyt3.dev/wiki/content/embedded-systems/c-language/data-types-variables-and-storage-class-specifiers/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/c-language/data-types-variables-and-storage-class-specifiers/Data Types, Variables, and Storage Class Specifiers Data Types, Variables, and Storage Class Specifiers - fixed-width integer types, alignment, storage classes (auto, static, extern, register), and their impact on memory layout. Related Links: Accessing Memory-Mapped Registers with Pointers Bitwise Operators and Bit Manipulation Techniques Compiler Optimization Behavior and volatile Fixes Complex const and volatile Combinations Control Flow for Firmware Defensive C Patterns for Vulnerability Prevention ELF File Format, Symbols, Sections, and Segments Functions and Modular Firmware Design Pointers and Casting in Embedded C Register Definitions with C Structures Relocation, Linking, Literal Pools, and Veneers Structures, Bitfields, Unions, and Bit Extraction Toolchain Fundamentalshttps://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-fundamentals/Database Fundamentals Database Fundamentals - core concepts underlying all database systems including transactions, ACID, normalization, and data modeling. ACID CAP theorem Data constraints Data definition language Data integrity and normalization and security Data manipulation language Databases and Data Modeling Migrations Normalization ORMs Transactions Transactions and isolation levels Related Links: Database Performance Database Types SQLhttps://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-performance/database-index/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-performance/database-index/Database index Database Index - data structure improving the speed of data retrieval operations on a database table. Related Links: Data replication Database scaling Indexes and performance optimization Indexing and Query Performance N+1 query problem Performance tuning and query optimization Shardinghttps://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-performance/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-performance/Database Performance Database Performance - techniques for indexing, scaling, and optimizing database queries and infrastructure. Data replication Database index Database scaling Indexes and performance optimization Indexing and Query Performance N+1 query problem Performance tuning and query optimization Sharding Related Links: Database Fundamentals Database Types SQLhttps://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-performance/database-scaling/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-performance/database-scaling/Database scaling Database Scaling - strategies for handling increasing database load through vertical or horizontal scaling. Related Links: Data replication Database index Indexes and performance optimization Indexing and Query Performance N+1 query problem Performance tuning and query optimization Shardinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/database-setup-mysql/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/database-setup-mysql/Database Setup MySQL Database Setup MySQL - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automate Phishing Infrastructure Ansible Automate Phishing Infrastructure Terraform Deploying Phishing Infrastructure Domain and DNS Configuration Improving Domain Reputation Domain Aging Improving Domain Reputation Domain Categorization Improving Domain Reputation Web Traffic Introduction to Caddy OPSEC Failure Directory Listing Performing Input Validation Protecting Phishing Servers via Caddy Protecting Phishing Servers via Mod Rewrite Secure SSH Configuration Securing Server Blocking Direct IP Access Securing Server Removing Verbose Information Securing Server Restrict HTTP Access Securing Server via Cloudflare Serverless Phishing Cloudflare Worker SSL Configuration Comodo SSL SSL Configuration Lets Encrypt Web Server Setup Apache PHP Web Server Setup Nginx Flask Wildcard Certificate via Lets Encrypthttps://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-types/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-types/Database Types Database Types - survey of relational, NoSQL, and specialized database systems and their appropriate use cases. Column dbs Document dbs Elasticsearch Graphdbs Key value Memcached Non-relational databases NoSQL databases Redis Relational databases Search engines Solr Time series dbs Vector databases Related Links: Database Fundamentals Database Performance SQLhttps://r0tbyt3.dev/wiki/content/backend-engineering/databases/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/Databases Databases - foundational database systems covering SQL, NoSQL, data modeling, and performance for backend development. Database Fundamentals Database Performance Database Types SQL Related Links: Backend Engineering Concurrency Django DSA Python Security System Design Webhttps://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-fundamentals/databases-and-data-modeling/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-fundamentals/databases-and-data-modeling/Databases and Data Modeling Databases and Data Modeling - design principles for organizing and representing data in database systems. Related Links: ACID CAP theorem Data constraints Data definition language Data integrity and normalization and security Data manipulation language Migrations Normalization ORMs Transactions Transactions and isolation levelshttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/deauth/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/deauth/Deauth Deauth - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Acoustic Communication Exploits Bluetooth Exploits Evil Twin Attacks Infrared Exploits Near-Field Communication (NFC) Exploits Power Line Communication Exploits Quantum Communication Exploits Radio Frequency Exploits Rogue Access Point Satellite Communication Exploits Ultrasonic Communication Exploits Visible Light Communication Exploits WiFi Exploitshttps://r0tbyt3.dev/wiki/content/embedded-systems/hardware/debug-and-programming-hardware/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/hardware/debug-and-programming-hardware/Debug and Programming Hardware Debug and Programming Hardware - tools and circuits used to flash firmware and debug running code, including JTAG, SWD, and debug adapters. Related Links: Board Bring-Up and Hardware Validation Cables, Connectors, and Physical Interfaces Clocking and Reset Circuits Digital and Analog Peripherals Memory Hardware Microcontrollers and Selection Criteria Power Regulation and Conversion Power Sources and Power Budgeting Sensors, Actuators, and Driver Components Signal Integrity, Protection, and Level Shiftinghttps://r0tbyt3.dev/wiki/content/embedded-systems/c-language/defensive-c-patterns-for-vulnerability-prevention/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/c-language/defensive-c-patterns-for-vulnerability-prevention/Defensive C Patterns for Vulnerability Prevention Defensive C Patterns for Vulnerability Prevention - coding practices that reduce common firmware vulnerabilities such as buffer overflows, integer wrapping, and uninitialized memory use. Related Links: Accessing Memory-Mapped Registers with Pointers Bitwise Operators and Bit Manipulation Techniques Compiler Optimization Behavior and volatile Fixes Complex const and volatile Combinations Control Flow for Firmware Data Types, Variables, and Storage Class Specifiers ELF File Format, Symbols, Sections, and Segments Functions and Modular Firmware Design Pointers and Casting in Embedded C Register Definitions with C Structures Relocation, Linking, Literal Pools, and Veneers Structures, Bitfields, Unions, and Bit Extraction Toolchain Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/delete-a-group-ms-samr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/delete-a-group-ms-samr/Delete a Group MS-SAMR Delete a Group MS-SAMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/delete-remote-service/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/delete-remote-service/Delete Remote Service Delete Remote Service - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/deploying-phishing-infrastructure/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/deploying-phishing-infrastructure/Deploying Phishing Infrastructure Deploying Phishing Infrastructure - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automate Phishing Infrastructure Ansible Automate Phishing Infrastructure Terraform Database Setup MySQL Domain and DNS Configuration Improving Domain Reputation Domain Aging Improving Domain Reputation Domain Categorization Improving Domain Reputation Web Traffic Introduction to Caddy OPSEC Failure Directory Listing Performing Input Validation Protecting Phishing Servers via Caddy Protecting Phishing Servers via Mod Rewrite Secure SSH Configuration Securing Server Blocking Direct IP Access Securing Server Removing Verbose Information Securing Server Restrict HTTP Access Securing Server via Cloudflare Serverless Phishing Cloudflare Worker SSL Configuration Comodo SSL SSL Configuration Lets Encrypt Web Server Setup Apache PHP Web Server Setup Nginx Flask Wildcard Certificate via Lets Encrypthttps://r0tbyt3.dev/wiki/content/backend-engineering/django/deployment/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/django/deployment/Deployment Deployment - serving Django with Gunicorn or uWSGI behind Nginx, managing environment secrets, and deploying to cloud platforms. Related Links: Class-Based Views Custom User Model Django Admin Django Security Django Testing Forms and Validation Function-Based Views Middleware Migrations ModelForms Models and ORM Permissions and Groups QuerySets and Managers Settings and Configuration Signals Static Files and Media Templates and Template Tags URL Routing User Authenticationhttps://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/ci-cd/pipeline-and-delivery/deployment/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/ci-cd/pipeline-and-delivery/deployment/Deployment Deployment - strategies and practices for releasing software to staging and production environments reliably. Related Links: CI-CD Fundamentals Development Phase Release Strategies Requirements and Design Phase Testinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/page-design-and-delivery/designing-custom-phishing-pages/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/page-design-and-delivery/designing-custom-phishing-pages/Designing Custom Phishing Pages Designing Custom Phishing Pages - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: ClickFix Run Dialog Alternatives Cloning Websites via Browser Extension Integrating Backend Functionality Introduction to Apache Mod Rewrite Introduction to ClickFix Introduction to Flask Living Off Trusted Sites (LOTS)https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/detect-virtualization-methods/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/detect-virtualization-methods/Detect Virtualization Methods Detect Virtualization Methods - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/detect-virtualization-via-hardware-specification/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/detect-virtualization-via-hardware-specification/Detect Virtualization via Hardware Specification Detect Virtualization via Hardware Specification - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/detect-virtualization-via-monitor-resolution/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/detect-virtualization-via-monitor-resolution/Detect Virtualization via Monitor Resolution Detect Virtualization via Monitor Resolution - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/detect-virtualization-via-user-interaction/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/detect-virtualization-via-user-interaction/Detect Virtualization via User Interaction Detect Virtualization via User Interaction - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/detect-virtualized-environments/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/detect-virtualized-environments/Detect Virtualized Environments Detect Virtualized Environments - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/detecting-headless-browsers-via-webdriver-property/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/detecting-headless-browsers-via-webdriver-property/Detecting Headless Browsers via WebDriver Property Detecting Headless Browsers via WebDriver Property - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ad Blocker Detection Anti-Bot Library Anti-Bot via Advanced JA4 Analysis Anti-Bot via CAPTCHA Anti-Bot via Improper Window Size Anti-Bot via User Agent Filtering Anti-Bot via User Agent Spoofing Detection Anti-Bot via User Interaction Client Analysis via Cloudflare Workers Client Logging Library Collecting and Analyzing Bot Telemetry Collecting and Analyzing JA4 Bot Telemetry Incognito Mode Detection JA3 JA3S Fingerprinting JA4 Analysis Blacklisting JA4 Fingerprints JA4 Analysis Blacklisting Partial JA4 Fingerprints JA4 Analysis Calculating JA4 Fingerprints JA4 Analysis Whitelisting Partial JA4 Fingerprints JA4 JA4S Fingerprinting JARM Fingerprintinghttps://r0tbyt3.dev/wiki/content/cybersecurity/soc-and-detection-engineering/detection-engineering/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/soc-and-detection-engineering/detection-engineering/Detection Engineering Detection Engineering - the systematic development and tuning of detection rules, analytics, and coverage mappings against adversary techniques. Detection Engineering Fundamentals MITRE ATT&CK Mapping Related Links: Endpoint Security SIEM and Tools SOC Honeypots Threat Hunting Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/soc-and-detection-engineering/detection-engineering/detection-engineering-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/soc-and-detection-engineering/detection-engineering/detection-engineering-fundamentals/Detection Engineering Fundamentals Detection Engineering Fundamentals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: MITRE ATT&CK Mappinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/developing-a-keylogger/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/developing-a-keylogger/Developing a Keylogger Developing a Keylogger - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/ci-cd/pipeline-and-delivery/development-phase/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/ci-cd/pipeline-and-delivery/development-phase/Development Phase Development Phase - DevOps practices during the coding phase including version control, code review, and pre-commit checks. Related Links: CI-CD Fundamentals Deployment Release Strategies Requirements and Design Phase Testinghttps://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/ci-cd/devops-fundamentals/devops-and-devsecops-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/ci-cd/devops-fundamentals/devops-and-devsecops-fundamentals/DevOps and DevSecOps Fundamentals DevOps and DevSecOps Fundamentals - culture and practices combining development, operations, and security for faster, safer software delivery. Related Links: Agile and Scrum Phases of DevOps Software Delivery Models Waterfall vs Agile vs DevOpshttps://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/DevOps and Platform Engineering DevOps and Platform Engineering - practices, tools, and methodologies for software delivery, infrastructure management, and operational excellence. CI-CD Containers and Kubernetes Infrastructure as Code Observability and SRE Related Links: Backend Engineering Cybersecurity Embedded Systems Homehttps://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/ci-cd/devops-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/ci-cd/devops-fundamentals/DevOps Fundamentals DevOps Fundamentals - foundational concepts and methodologies underlying the DevOps and DevSecOps culture. Agile and Scrum DevOps and DevSecOps Fundamentals Phases of DevOps Software Delivery Models Waterfall vs Agile vs DevOps Related Links: DevSecOps Pipeline and Deliveryhttps://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/ci-cd/devsecops/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/ci-cd/devsecops/DevSecOps DevSecOps - integrating security into every phase of the CI/CD pipeline through automated testing and tooling. API Security Arachni Dynamic application security testing (DAST) Nikto Pipeline Security Shift Left Security Software composition analysis (SCA) Static application security testing (SAST) W3af Related Links: DevOps Fundamentals Pipeline and Deliveryhttps://r0tbyt3.dev/wiki/content/backend-engineering/dsa/patterns/dfs-pattern/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/dsa/patterns/dfs-pattern/DFS Pattern DFS Pattern - depth-first search template for path finding, cycle detection, and exhaustive graph or tree exploration. Related Links: BFS Pattern Binary Search Pattern Fast and Slow Pointers Merge Intervals Monotonic Stack Sliding Window Top K Elements Two Pointers Union Findhttps://r0tbyt3.dev/wiki/content/embedded-systems/hardware/digital-and-analog-peripherals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/hardware/digital-and-analog-peripherals/Digital and Analog Peripherals Digital and Analog Peripherals - microcontroller-integrated or external digital and analog devices such as GPIOs, ADCs, DACs, and timers. Related Links: Board Bring-Up and Hardware Validation Cables, Connectors, and Physical Interfaces Clocking and Reset Circuits Debug and Programming Hardware Memory Hardware Microcontrollers and Selection Criteria Power Regulation and Conversion Power Sources and Power Budgeting Sensors, Actuators, and Driver Components Signal Integrity, Protection, and Level Shiftinghttps://r0tbyt3.dev/wiki/content/cybersecurity/incident-response-and-forensics/digital-forensics/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/incident-response-and-forensics/digital-forensics/Digital Forensics Digital Forensics - the collection, preservation, and analysis of digital evidence from storage media, memory, and network artifacts. Disk Forensics Host Forensics Fundamentals Memory Forensics Related Links: Anti-Forensic Techniques Automated Reverse Engineering Forensics Hayabusa Incident Response Threat Hunting Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/digital-social-engineering/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/digital-social-engineering/Digital Social Engineering Digital Social Engineering - online-based manipulation techniques that exploit trust, urgency, and human psychology to achieve unauthorized access. Business Email Compromise Drive-By Downloads File Sharing and Removable Media Phishing Overview Typo Squatting Watering Hole Attacks Related Links: Automated Social Engineering Techniques Automated Spear Phishing Email Generation Physical Social Engineering Social Engineering Fundamentals Social Engineering Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/injection-attacks/directory-traversal/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/injection-attacks/directory-traversal/Directory Traversal Directory Traversal - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Buffer Overflows CSRF SQL Injection Timing Attacks XSShttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/disabling-the-debugger-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/disabling-the-debugger-kernel/Disabling the Debugger Kernel Disabling the Debugger Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/incident-response-and-forensics/digital-forensics/disk-forensics/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/incident-response-and-forensics/digital-forensics/disk-forensics/Disk Forensics Disk Forensics - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Host Forensics Fundamentals Memory Forensicshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/disk-interaction/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/disk-interaction/Disk Interaction Disk Interaction - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/backend-engineering/dsa/algorithms/divide-and-conquer/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/dsa/algorithms/divide-and-conquer/Divide and Conquer Divide and Conquer - paradigm splitting a problem into independent subproblems, solving each, then combining results. Related Links: Backtracking Big O Notation Bit Manipulation Dynamic Programming Graph Algorithms Greedy Algorithms Recursion Searching Sortinghttps://r0tbyt3.dev/wiki/content/backend-engineering/django/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/django/Django Django - high-level Python web framework for rapid, secure, and scalable web application development. Class-Based Views Custom User Model Deployment Django Admin Django Security Django Testing Forms and Validation Function-Based Views Middleware Migrations ModelForms Models and ORM Permissions and Groups QuerySets and Managers Settings and Configuration Signals Static Files and Media Templates and Template Tags URL Routing User Authentication Related Links: Backend Engineering Concurrency Databases DSA Python Security System Design Webhttps://r0tbyt3.dev/wiki/content/backend-engineering/django/django-admin/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/django/django-admin/Django Admin Django Admin - auto-generated administrative interface for managing model data with customizable list views and actions. Related Links: Class-Based Views Custom User Model Deployment Django Security Django Testing Forms and Validation Function-Based Views Middleware Migrations ModelForms Models and ORM Permissions and Groups QuerySets and Managers Settings and Configuration Signals Static Files and Media Templates and Template Tags URL Routing User Authenticationhttps://r0tbyt3.dev/wiki/content/backend-engineering/django/django-security/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/django/django-security/Django Security Django Security - CSRF protection, SQL injection prevention, XSS defense, clickjacking protection, and secure headers. Related Links: Class-Based Views Custom User Model Deployment Django Admin Django Testing Forms and Validation Function-Based Views Middleware Migrations ModelForms Models and ORM Permissions and Groups QuerySets and Managers Settings and Configuration Signals Static Files and Media Templates and Template Tags URL Routing User Authenticationhttps://r0tbyt3.dev/wiki/content/backend-engineering/django/django-testing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/django/django-testing/Django Testing Django Testing - writing unit and integration tests with Django’s TestCase, RequestFactory, and Client. Related Links: Class-Based Views Custom User Model Deployment Django Admin Django Security Forms and Validation Function-Based Views Middleware Migrations ModelForms Models and ORM Permissions and Groups QuerySets and Managers Settings and Configuration Signals Static Files and Media Templates and Template Tags URL Routing User Authenticationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/dll-hijacking/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/dll-hijacking/DLL Hijacking DLL Hijacking - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AlwaysInstallElevated Privilege Escalation Check Brute Force vs Password Spraying Windows Check HKCU AlwaysInstallElevated Check HKLM AlwaysInstallElevated Elevate Process to SYSTEM Enable SeDebugPrivilege Exploitation Enable WDigest for Credential Capture Jail Breaking Lateral Movement Techniques Living Off the Land (LOTL) Techniques Maintaining Persistence Techniques Move File to Startup Folder Persistence via Startup Folder Privilege Escalation Techniques Python Jail Breaking Registry Kill Switchhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/dll-injection-via-zwcreatethreadex-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/dll-injection-via-zwcreatethreadex-kernel/DLL Injection via ZwCreateThreadEx Kernel DLL Injection via ZwCreateThreadEx Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/dll-injection-via-zwcreatethreadex-kernel-internals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/dll-injection-via-zwcreatethreadex-kernel-internals/DLL Injection via ZwCreateThreadEx Kernel Internals DLL Injection via ZwCreateThreadEx Kernel Internals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/dll-sideloading-for-edr-evasion/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/dll-sideloading-for-edr-evasion/DLL Sideloading for EDR Evasion DLL Sideloading for EDR Evasion - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/dll-sideloading-overview/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/dll-sideloading-overview/DLL Sideloading Overview DLL Sideloading Overview - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/dll-sideloading-practical-example/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/dll-sideloading-practical-example/DLL Sideloading Practical Example DLL Sideloading Practical Example - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/dll-sideloading-via-at.exe/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/dll-sideloading-via-at.exe/DLL Sideloading via at.exe DLL Sideloading via at.exe - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/firewalls/dmz/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/firewalls/dmz/DMZ DMZ - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Firewalls Overview Honeypots Jump Server Microsegmentation Network Segmentation Port Blocking Zero Trust Architecturehttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-protocols/dns/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-protocols/dns/DNS DNS - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Handshakes HTTPS Networking Networking Fundamentals Subnettinghttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/dns-lookup/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/dns-lookup/DNS Lookup DNS Lookup - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Host Check ICMP Echo Network Attacks Network Evasion Techniques Network Protocols Port Scanning TCP Port Scan VPNs Wireless and Physical Attackshttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-attacks/dns-poisoning/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-attacks/dns-poisoning/DNS Poisoning DNS Poisoning - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: MITM Network Attacks Overview Packet Sniffing Exploits Spoofing VLAN Hopping VMescape Exploitshttps://r0tbyt3.dev/wiki/content/backend-engineering/system-design/scalability-and-infrastructure/docker/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/system-design/scalability-and-infrastructure/docker/Docker Docker - platform for building, shipping, and running applications in lightweight portable containers. Related Links: Building for scale Caching Caching Fundamentals Instrumentation and monitoring Kubernetes Profiling performance System Design Fundamentals Telemetryhttps://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/containers-and-kubernetes/docker-security/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/containers-and-kubernetes/docker-security/Docker Security Docker Security - hardening Docker configurations including rootless containers, read-only filesystems, and minimal base images. Related Links: Container Fundamentals Container Scanning Tools Kubernetes Fundamentals Kubernetes Security Kubernetes Security Basicshttps://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-types/document-dbs/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-types/document-dbs/Document dbs Document Databases - NoSQL databases storing data as flexible JSON-like documents. Related Links: Column dbs Elasticsearch Graphdbs Key value Memcached Non-relational databases NoSQL databases Redis Relational databases Search engines Solr Time series dbs Vector databaseshttps://r0tbyt3.dev/wiki/content/backend-engineering/python/software-engineering/documentation-generation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/python/software-engineering/documentation-generation/Documentation generation Documentation Generation - tools and practices for automatically generating API and code documentation. Related Links: Code reviews Functional testing Git Integration testing Refactoring Unit testinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/domain-and-dns-configuration/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/domain-and-dns-configuration/Domain and DNS Configuration Domain and DNS Configuration - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automate Phishing Infrastructure Ansible Automate Phishing Infrastructure Terraform Database Setup MySQL Deploying Phishing Infrastructure Improving Domain Reputation Domain Aging Improving Domain Reputation Domain Categorization Improving Domain Reputation Web Traffic Introduction to Caddy OPSEC Failure Directory Listing Performing Input Validation Protecting Phishing Servers via Caddy Protecting Phishing Servers via Mod Rewrite Secure SSH Configuration Securing Server Blocking Direct IP Access Securing Server Removing Verbose Information Securing Server Restrict HTTP Access Securing Server via Cloudflare Serverless Phishing Cloudflare Worker SSL Configuration Comodo SSL SSL Configuration Lets Encrypt Web Server Setup Apache PHP Web Server Setup Nginx Flask Wildcard Certificate via Lets Encrypthttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/domain-generation-algorithms-dga/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/domain-generation-algorithms-dga/Domain Generation Algorithms (DGA) Domain Generation Algorithms (DGA) - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/domain-join-check/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/domain-join-check/Domain Join Check Domain Join Check - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/backend-engineering/web/web-infrastructure/domain-name/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/web/web-infrastructure/domain-name/Domain name Domain Name - human-readable address that maps to an IP address for identifying resources on the internet. Related Links: Apache Caddy Domain name system Http caching Https Nginx Fundamentals Web servershttps://r0tbyt3.dev/wiki/content/backend-engineering/web/web-infrastructure/domain-name-system/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/web/web-infrastructure/domain-name-system/Domain name system Domain Name System - hierarchical naming system that translates domain names to their IP addresses. Related Links: Apache Caddy Domain name Http caching Https Nginx Fundamentals Web servershttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/domain-registration-kill-switch/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/domain-registration-kill-switch/Domain Registration Kill Switch Domain Registration Kill Switch - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/download-and-upload-via-smb/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/download-and-upload-via-smb/Download and Upload via SMB Download and Upload via SMB - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/download-file-via-bits/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/download-file-via-bits/Download File via BITS Download File via BITS - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/digital-social-engineering/drive-by-downloads/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/digital-social-engineering/drive-by-downloads/Drive-By Downloads Drive-By Downloads - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Business Email Compromise File Sharing and Removable Media Phishing Overview Typo Squatting Watering Hole Attackshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/drm-equipped-malware/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/drm-equipped-malware/DRM-Equipped Malware DRM-Equipped Malware - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/backend-engineering/dsa/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/dsa/DSA DSA - data structures and algorithms covering must-know topics for technical interviews, implemented in Python 3. Algorithms Data Structures Patterns Related Links: Backend Engineering Concurrency Databases Django Python Security System Design Webhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/dumping-browser-cookies-chrome/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/dumping-browser-cookies-chrome/Dumping Browser Cookies Chrome Dumping Browser Cookies Chrome - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/dumping-browser-cookies-firefox/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/dumping-browser-cookies-firefox/Dumping Browser Cookies Firefox Dumping Browser Cookies Firefox - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/dumping-saved-logins-chrome/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/dumping-saved-logins-chrome/Dumping Saved Logins Chrome Dumping Saved Logins Chrome - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/dumping-saved-logins-firefox/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/dumping-saved-logins-firefox/Dumping Saved Logins Firefox Dumping Saved Logins Firefox - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/dumping-the-sam-database/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/dumping-the-sam-database/Dumping the SAM Database Dumping the SAM Database - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/dumping-the-sam-from-disk/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/dumping-the-sam-from-disk/Dumping the SAM from Disk Dumping the SAM from Disk - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/dumping-the-sam-remotely/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/dumping-the-sam-remotely/Dumping the SAM Remotely Dumping the SAM Remotely - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/physical-social-engineering/dumpster-diving/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/physical-social-engineering/dumpster-diving/Dumpster Diving Dumpster Diving - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Impersonation Techniques Lock Picking Pretextinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-analysis/analysis-methods/dynamic-analysis/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-analysis/analysis-methods/dynamic-analysis/Dynamic Analysis Dynamic Analysis - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Malware Analysis Techniques Static Analysishttps://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/ci-cd/devsecops/dynamic-application-security-testing-dast/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/ci-cd/devsecops/dynamic-application-security-testing-dast/Dynamic application security testing (DAST) DAST - testing running applications by simulating attacks to find runtime vulnerabilities in a live environment. Related Links: API Security Arachni Nikto Pipeline Security Shift Left Security Software composition analysis (SCA) Static application security testing (SAST) W3afhttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/dynamic-device-code-phishing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/dynamic-device-code-phishing/Dynamic Device Code Phishing Dynamic Device Code Phishing - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Adversary in the Middle (AitM) via Evilginx Customizing Evilginx OPSEC Configuration Evilginx Phishlet Development Evilginx URL Rewriting GitHub Device Code Phishing GitLab Device Code Phishing Illicit Consent Grant Invisible Proxy OPSEC Considerations Manual TOTP Harvesting MFA Bypass Azure AitM Phishing MFA Bypass Building an Invisible Proxy MFA Bypass Building an Invisible Proxy via Cloudflare Workers Microsoft Device Code Phishing Protecting Evilginx Server via Caddyhttps://r0tbyt3.dev/wiki/content/backend-engineering/dsa/algorithms/dynamic-programming/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/dsa/algorithms/dynamic-programming/Dynamic Programming Dynamic Programming - optimization technique solving problems with overlapping subproblems using memoization or tabulation. Related Links: Backtracking Big O Notation Bit Manipulation Divide and Conquer Graph Algorithms Greedy Algorithms Recursion Searching Sortinghttps://r0tbyt3.dev/wiki/content/backend-engineering/databases/sql/dynamic-sql/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/sql/dynamic-sql/Dynamic SQL Dynamic SQL - SQL statements constructed and executed at runtime based on variable input conditions. Related Links: Advanced SQL Aggregate queries Common table expressions (CTEs) Join queries Pivot and unpivot operations Recursive queries Select, insert, delete, update statements Stored procedures and triggers Subqueries Views Window functionshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/sleep-obfuscation/ekko-sleep-obfuscation-with-control-flow-guard/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/sleep-obfuscation/ekko-sleep-obfuscation-with-control-flow-guard/Ekko Sleep Obfuscation with Control Flow Guard Ekko Sleep Obfuscation with Control Flow Guard - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ekko Sleep Obfuscation with Restored File Section Protections Ekko Sleep Obfuscation with RtlEncryptMemory and RtlDecryptMemory Ekko Sleep Obfuscation with Stack Spoofing Heap Encryption with Ekko Sleep Obfuscation Introduction to Ekko Sleep Obfuscation Introduction to Foliage Sleep Obfuscation Introduction to Sleep Obfuscation PEfluctuation Zilean Sleep Obfuscation with Stack Duplicationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/sleep-obfuscation/ekko-sleep-obfuscation-with-restored-file-section-protections/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/sleep-obfuscation/ekko-sleep-obfuscation-with-restored-file-section-protections/Ekko Sleep Obfuscation with Restored File Section Protections Ekko Sleep Obfuscation with Restored File Section Protections - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ekko Sleep Obfuscation with Control Flow Guard Ekko Sleep Obfuscation with RtlEncryptMemory and RtlDecryptMemory Ekko Sleep Obfuscation with Stack Spoofing Heap Encryption with Ekko Sleep Obfuscation Introduction to Ekko Sleep Obfuscation Introduction to Foliage Sleep Obfuscation Introduction to Sleep Obfuscation PEfluctuation Zilean Sleep Obfuscation with Stack Duplicationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/sleep-obfuscation/ekko-sleep-obfuscation-with-rtlencryptmemory-and-rtldecryptmemory/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/sleep-obfuscation/ekko-sleep-obfuscation-with-rtlencryptmemory-and-rtldecryptmemory/Ekko Sleep Obfuscation with RtlEncryptMemory and RtlDecryptMemory Ekko Sleep Obfuscation with RtlEncryptMemory and RtlDecryptMemory - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ekko Sleep Obfuscation with Control Flow Guard Ekko Sleep Obfuscation with Restored File Section Protections Ekko Sleep Obfuscation with Stack Spoofing Heap Encryption with Ekko Sleep Obfuscation Introduction to Ekko Sleep Obfuscation Introduction to Foliage Sleep Obfuscation Introduction to Sleep Obfuscation PEfluctuation Zilean Sleep Obfuscation with Stack Duplicationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/sleep-obfuscation/ekko-sleep-obfuscation-with-stack-spoofing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/sleep-obfuscation/ekko-sleep-obfuscation-with-stack-spoofing/Ekko Sleep Obfuscation with Stack Spoofing Ekko Sleep Obfuscation with Stack Spoofing - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ekko Sleep Obfuscation with Control Flow Guard Ekko Sleep Obfuscation with Restored File Section Protections Ekko Sleep Obfuscation with RtlEncryptMemory and RtlDecryptMemory Heap Encryption with Ekko Sleep Obfuscation Introduction to Ekko Sleep Obfuscation Introduction to Foliage Sleep Obfuscation Introduction to Sleep Obfuscation PEfluctuation Zilean Sleep Obfuscation with Stack Duplicationhttps://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-types/elasticsearch/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-types/elasticsearch/Elasticsearch Elasticsearch - distributed search and analytics engine built on Apache Lucene for full-text search. Related Links: Column dbs Document dbs Graphdbs Key value Memcached Non-relational databases NoSQL databases Redis Relational databases Search engines Solr Time series dbs Vector databaseshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/elevate-process-to-system/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/elevate-process-to-system/Elevate Process to SYSTEM Elevate Process to SYSTEM - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AlwaysInstallElevated Privilege Escalation Check Brute Force vs Password Spraying Windows Check HKCU AlwaysInstallElevated Check HKLM AlwaysInstallElevated DLL Hijacking Enable SeDebugPrivilege Exploitation Enable WDigest for Credential Capture Jail Breaking Lateral Movement Techniques Living Off the Land (LOTL) Techniques Maintaining Persistence Techniques Move File to Startup Folder Persistence via Startup Folder Privilege Escalation Techniques Python Jail Breaking Registry Kill Switchhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/elevate-process-to-system-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/elevate-process-to-system-kernel/Elevate Process to SYSTEM Kernel Elevate Process to SYSTEM Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/embedded-systems/c-language/elf-file-format-symbols-sections-and-segments/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/c-language/elf-file-format-symbols-sections-and-segments/ELF File Format, Symbols, Sections, and Segments ELF File Format, Symbols, Sections, and Segments - structure of ELF binaries produced by the toolchain, including .text, .data, .bss sections and symbol table layout. Related Links: Accessing Memory-Mapped Registers with Pointers Bitwise Operators and Bit Manipulation Techniques Compiler Optimization Behavior and volatile Fixes Complex const and volatile Combinations Control Flow for Firmware Data Types, Variables, and Storage Class Specifiers Defensive C Patterns for Vulnerability Prevention Functions and Modular Firmware Design Pointers and Casting in Embedded C Register Definitions with C Structures Relocation, Linking, Literal Pools, and Veneers Structures, Bitfields, Unions, and Bit Extraction Toolchain Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/email-attachments-and-phishing-campaigns/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/email-attachments-and-phishing-campaigns/Email Attachments and Phishing Campaigns Email Attachments and Phishing Campaigns - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AitM and MFA Bypass Anti-Bot HTML Smuggling Infrastructure Introduction to Phishing Page Design and Delivery Phishing Anti-Analysis Phishing Requirementshttps://r0tbyt3.dev/wiki/content/embedded-systems/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/Embedded Systems Map Embedded Systems - design, development, and maintenance of specialized computing systems that are integrated into larger devices or systems to perform specific functions. Architectures C Language Communication Protocols Execution Models Exploits Hardware Runtime View STM32 Microcontrollers Related Links: Backend Engineering Cybersecurity DevOps and Platform Engineering Homehttps://r0tbyt3.dev/wiki/content/embedded-systems/architectures/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/architectures/Embedded Systems Architectures Embedded Systems Architectures - the different approaches to designing and structuring embedded systems, including single-core, multi-core, and heterogeneous architectures. Arm M-profile Bus Fabrics and On-Chip Interconnects CPU Core Concepts Heterogeneous SoCs and Co-processors Memory Architecture Power and Clock Domain Architecture RISC-V Single-Core vs Multi-Core Architectures Related Links: C Language for Embedded Systems Embedded Systems Communication Protocols Embedded Systems Execution Models Embedded Systems Exploits Embedded Systems Hardware Embedded Systems Runtime View STM32 Microcontrollershttps://r0tbyt3.dev/wiki/content/embedded-systems/communication-protocols/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/communication-protocols/Embedded Systems Communication Protocols Embedded Systems Communication Protocols - the methods and standards used for communication between embedded systems and other devices or systems. CAN Bus I2C Monodon Firmware SPI UART Related Links: C Language for Embedded Systems Embedded Systems Architectures Embedded Systems Execution Models Embedded Systems Exploits Embedded Systems Hardware Embedded Systems Runtime View STM32 Microcontrollershttps://r0tbyt3.dev/wiki/content/embedded-systems/execution-models/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/execution-models/Embedded Systems Execution Models Embedded Systems Execution Models - the different approaches to managing and executing code in embedded systems, including polling, interrupt-driven, and real-time operating system (RTOS) based models. Cooperative Scheduling Event-Driven and State-Machine Models Failure Recovery Models Hybrid Polling and Interrupt Models Interrupt-Driven Execution ISR-to-Task Communication Patterns Power-Aware Execution Strategies Preemptive RTOS Scheduling Real-Time Constraints, Latency, and Jitter Shared-State Synchronization and Concurrency Safety Superloop Task Priorities and Deadline Handling Related Links: C Language for Embedded Systems Embedded Systems Architectures Embedded Systems Communication Protocols Embedded Systems Exploits Embedded Systems Hardware Embedded Systems Runtime View STM32 Microcontrollershttps://r0tbyt3.dev/wiki/content/embedded-systems/exploits/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/exploits/Embedded Systems Exploits Embedded Systems Exploits - the methods and techniques used to identify and exploit vulnerabilities in embedded systems. Buffer Overflow Firmware Exploitation Network Attacks Physical Attacks Side-Channel Attacks Related Links: C Language for Embedded Systems Embedded Systems Architectures Embedded Systems Communication Protocols Embedded Systems Execution Models Embedded Systems Hardware Embedded Systems Runtime View STM32 Microcontrollershttps://r0tbyt3.dev/wiki/content/embedded-systems/hardware/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/hardware/Embedded Systems Hardware Embedded Systems Hardware - the physical components and architecture of embedded systems, including microcontrollers, memory, and peripheral devices. Board Bring-Up and Hardware Validation Cables, Connectors, and Physical Interfaces Clocking and Reset Circuits Debug and Programming Hardware Digital and Analog Peripherals Memory Hardware Microcontrollers and Selection Criteria Power Regulation and Conversion Power Sources and Power Budgeting Sensors, Actuators, and Driver Components Signal Integrity, Protection, and Level Shifting Related Links: C Language for Embedded Systems Embedded Systems Architectures Embedded Systems Communication Protocols Embedded Systems Execution Models Embedded Systems Exploits Embedded Systems Runtime View STM32 Microcontrollershttps://r0tbyt3.dev/wiki/content/backend-engineering/python/ai-and-llms/embeddings/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/python/ai-and-llms/embeddings/Embeddings Embeddings - dense vector representations of data used for semantic search and AI tasks. Related Links: Ai in development Function calling RAGs Structured outputshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/enable-disable-rdp/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/enable-disable-rdp/Enable Disable RDP Enable Disable RDP - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/enable-disable-restricted-admin/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/enable-disable-restricted-admin/Enable Disable Restricted Admin Enable Disable Restricted Admin - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/enable-remote-desktop-via-registry/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/enable-remote-desktop-via-registry/Enable Remote Desktop via Registry Enable Remote Desktop via Registry - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/enable-sedebugprivilege/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/enable-sedebugprivilege/Enable SeDebugPrivilege Enable SeDebugPrivilege - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/enable-sedebugprivilege-exploitation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/enable-sedebugprivilege-exploitation/Enable SeDebugPrivilege Exploitation Enable SeDebugPrivilege Exploitation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AlwaysInstallElevated Privilege Escalation Check Brute Force vs Password Spraying Windows Check HKCU AlwaysInstallElevated Check HKLM AlwaysInstallElevated DLL Hijacking Elevate Process to SYSTEM Enable WDigest for Credential Capture Jail Breaking Lateral Movement Techniques Living Off the Land (LOTL) Techniques Maintaining Persistence Techniques Move File to Startup Folder Persistence via Startup Folder Privilege Escalation Techniques Python Jail Breaking Registry Kill Switchhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/enable-wdigest/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/enable-wdigest/Enable WDigest Enable WDigest - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/enable-wdigest-for-credential-capture/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/enable-wdigest-for-credential-capture/Enable WDigest for Credential Capture Enable WDigest for Credential Capture - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AlwaysInstallElevated Privilege Escalation Check Brute Force vs Password Spraying Windows Check HKCU AlwaysInstallElevated Check HKLM AlwaysInstallElevated DLL Hijacking Elevate Process to SYSTEM Enable SeDebugPrivilege Exploitation Jail Breaking Lateral Movement Techniques Living Off the Land (LOTL) Techniques Maintaining Persistence Techniques Move File to Startup Folder Persistence via Startup Folder Privilege Escalation Techniques Python Jail Breaking Registry Kill Switchhttps://r0tbyt3.dev/wiki/content/cybersecurity/encryption/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/encryption/Encryption Encryption - the process of encoding data using cryptographic algorithms so that only authorized parties can decode and read it. AES Base N Encoder Entropy Reduction Brute Forcing Key Decryption Caesar Cipher Encryption Decryption ChaCha20 Encryption Algorithm Data Encryption Techniques Encryption Fundamentals Generating Encryption Keys Without WinAPI Calls Random Key Generation RC4 SystemFunction040 Encryption Decryption XOR Encryption Decryption via Multi-Byte Key XOR Encryption Decryption via Single Byte Related Links: Application Security Bash Burp Suite Cryptography Cybersecurity Firewalls Ghidra Hashing Incident Response and Forensics Information Security Models Linux Operating System Malware Analysis Malware Development Network Security Nginx Nmap Obfuscation and Detection Evasion Offensive Phishing Operations Ransomware SOC and Detection Engineering Social Engineering Threat Modeling Windows Security and Administration Wiresharkhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/encryption-and-packing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/encryption-and-packing/Encryption and Packing Encryption and Packing - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/encryption-and-packing-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/encryption-and-packing-techniques/Encryption and Packing Techniques Encryption and Packing Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/encryption/encryption-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/encryption/encryption-fundamentals/Encryption Fundamentals Encryption Fundamentals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AES Base N Encoder Entropy Reduction Brute Forcing Key Decryption Caesar Cipher Encryption Decryption ChaCha20 Encryption Algorithm Data Encryption Techniques Generating Encryption Keys Without WinAPI Calls Random Key Generation RC4 SystemFunction040 Encryption Decryption XOR Encryption Decryption via Multi-Byte Key XOR Encryption Decryption via Single Bytehttps://r0tbyt3.dev/wiki/content/cybersecurity/soc-and-detection-engineering/endpoint-security/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/soc-and-detection-engineering/endpoint-security/Endpoint Security Endpoint Security - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Detection Engineering SIEM and Tools SOC Honeypots Threat Hunting Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-a-domain-groups-members/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-a-domain-groups-members/Enumerate A Domain Groups Members Enumerate A Domain Groups Members - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-accounts-with-password-never-expiring/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-accounts-with-password-never-expiring/Enumerate Accounts with Password Never Expiring Enumerate Accounts with Password Never Expiring - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-aliases-ms-samr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-aliases-ms-samr/Enumerate Aliases MS-SAMR Enumerate Aliases MS-SAMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-all-groups-in-the-domain/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-all-groups-in-the-domain/Enumerate All Groups in the Domain Enumerate All Groups in the Domain - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-as-rep-roastable-accounts/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-as-rep-roastable-accounts/Enumerate AS-REP Roastable Accounts Enumerate AS-REP Roastable Accounts - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-connections-ms-srvs/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-connections-ms-srvs/Enumerate Connections MS-SRVS Enumerate Connections MS-SRVS - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-disabled-user-accounts/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-disabled-user-accounts/Enumerate Disabled User Accounts Enumerate Disabled User Accounts - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-domain-admins-members/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-domain-admins-members/Enumerate Domain Admins Members Enumerate Domain Admins Members - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-domain-computers-by-keyword/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-domain-computers-by-keyword/Enumerate Domain Computers by Keyword Enumerate Domain Computers by Keyword - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-domains-ms-samr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-domains-ms-samr/Enumerate Domains MS-SAMR Enumerate Domains MS-SAMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-electron-fuses/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-electron-fuses/Enumerate Electron Fuses Enumerate Electron Fuses - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-group-policy-objects-gpos/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-group-policy-objects-gpos/Enumerate Group Policy Objects (GPOs) Enumerate Group Policy Objects (GPOs) - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-groups-ms-samr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-groups-ms-samr/Enumerate Groups MS-SAMR Enumerate Groups MS-SAMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-locked-out-user-accounts/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-locked-out-user-accounts/Enumerate Locked Out User Accounts Enumerate Locked Out User Accounts - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-logged-on-users-level-0-ms-wkst/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-logged-on-users-level-0-ms-wkst/Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 0 MS-WKST - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-logged-on-users-level-1-ms-wkst/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-logged-on-users-level-1-ms-wkst/Enumerate Logged On Users Level 1 MS-WKST Enumerate Logged On Users Level 1 MS-WKST - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-lsad-accounts-ms-lsad/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-lsad-accounts-ms-lsad/Enumerate LSAD Accounts MS-LSAD Enumerate LSAD Accounts MS-LSAD - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-must-change-password-accounts/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-must-change-password-accounts/Enumerate Must Change Password Accounts Enumerate Must Change Password Accounts - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-netbios-names/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-netbios-names/Enumerate NetBIOS Names Enumerate NetBIOS Names - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-organizational-units-ous/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-organizational-units-ous/Enumerate Organizational Units (OUs) Enumerate Organizational Units (OUs) - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-process-memory-maps/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-process-memory-maps/Enumerate Process Memory Maps Enumerate Process Memory Maps - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-protected-admin-users/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-protected-admin-users/Enumerate Protected Admin Users Enumerate Protected Admin Users - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-remote-host/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-remote-host/Enumerate Remote Host Enumerate Remote Host - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-rpc-interfaces-c706-mgmt/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-rpc-interfaces-c706-mgmt/Enumerate RPC Interfaces C706-MGMT Enumerate RPC Interfaces C706-MGMT - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-system-privileges-ms-lsad/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-system-privileges-ms-lsad/Enumerate System Privileges MS-LSAD Enumerate System Privileges MS-LSAD - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-user-service-accounts-spn/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-user-service-accounts-spn/Enumerate User Service Accounts SPN Enumerate User Service Accounts SPN - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-userpassword-attribute/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-userpassword-attribute/Enumerate UserPassword Attribute Enumerate UserPassword Attribute - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-users-ms-samr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-users-ms-samr/Enumerate Users MS-SAMR Enumerate Users MS-SAMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-users-requiring-smartcard-for-logon/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-users-requiring-smartcard-for-logon/Enumerate Users Requiring Smartcard for Logon Enumerate Users Requiring Smartcard for Logon - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-users-who-never-logged-in/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-users-who-never-logged-in/Enumerate Users Who Never Logged In Enumerate Users Who Never Logged In - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-users-with-password-never-expiring/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-users-with-password-never-expiring/Enumerate Users with Password Never Expiring Enumerate Users with Password Never Expiring - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-users-with-password-not-required/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-users-with-password-not-required/Enumerate Users with Password Not Required Enumerate Users with Password Not Required - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-users-with-reversible-encryption-enabled/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-users-with-reversible-encryption-enabled/Enumerate Users with Reversible Encryption Enabled Enumerate Users with Reversible Encryption Enabled - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-workstation-transports-level-0-ms-wkst/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/enumerate-workstation-transports-level-0-ms-wkst/Enumerate Workstation Transports Level 0 MS-WKST Enumerate Workstation Transports Level 0 MS-WKST - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/ETW Bypass ETW Bypass - techniques for disabling or subverting Event Tracing for Windows to prevent telemetry collection by EDR and monitoring tools. ETW Bypass Byte Patching ETW Bypass Improved Patching ETW Discovering ETW Tools ETW Evasion ETW Evasion via NtTraceEvent Patching ETW Evasion via Patching ETW Evasion via Patching EtwpEventWrite ETW Evasion via Patching EtwpEventWrite v2 ETW Evasion via WinAPIs Patching ETW Provider Session Hijacking Introduction to ETW Patchless ETW Bypass via Hardware Breakpoints Related Links: AMSI Bypass Anti-Analysis Automated Obfuscation Techniques Code Obfuscation Covering Tracks NTDLL Unhooking and API Hookinghttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/etw-bypass-byte-patching/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/etw-bypass-byte-patching/ETW Bypass Byte Patching ETW Bypass Byte Patching - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: ETW Bypass Improved Patching ETW Discovering ETW Tools ETW Evasion ETW Evasion via NtTraceEvent Patching ETW Evasion via Patching ETW Evasion via Patching EtwpEventWrite ETW Evasion via Patching EtwpEventWrite v2 ETW Evasion via WinAPIs Patching ETW Provider Session Hijacking Introduction to ETW Patchless ETW Bypass via Hardware Breakpointshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/etw-bypass-improved-patching/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/etw-bypass-improved-patching/ETW Bypass Improved Patching ETW Bypass Improved Patching - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: ETW Bypass Byte Patching ETW Discovering ETW Tools ETW Evasion ETW Evasion via NtTraceEvent Patching ETW Evasion via Patching ETW Evasion via Patching EtwpEventWrite ETW Evasion via Patching EtwpEventWrite v2 ETW Evasion via WinAPIs Patching ETW Provider Session Hijacking Introduction to ETW Patchless ETW Bypass via Hardware Breakpointshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/etw-discovering-etw-tools/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/etw-discovering-etw-tools/ETW Discovering ETW Tools ETW Discovering ETW Tools - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: ETW Bypass Byte Patching ETW Bypass Improved Patching ETW Evasion ETW Evasion via NtTraceEvent Patching ETW Evasion via Patching ETW Evasion via Patching EtwpEventWrite ETW Evasion via Patching EtwpEventWrite v2 ETW Evasion via WinAPIs Patching ETW Provider Session Hijacking Introduction to ETW Patchless ETW Bypass via Hardware Breakpointshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/etw-evasion/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/etw-evasion/ETW Evasion ETW Evasion - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: ETW Bypass Byte Patching ETW Bypass Improved Patching ETW Discovering ETW Tools ETW Evasion via NtTraceEvent Patching ETW Evasion via Patching ETW Evasion via Patching EtwpEventWrite ETW Evasion via Patching EtwpEventWrite v2 ETW Evasion via WinAPIs Patching ETW Provider Session Hijacking Introduction to ETW Patchless ETW Bypass via Hardware Breakpointshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/etw-evasion-via-nttraceevent-patching/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/etw-evasion-via-nttraceevent-patching/ETW Evasion via NtTraceEvent Patching ETW Evasion via NtTraceEvent Patching - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: ETW Bypass Byte Patching ETW Bypass Improved Patching ETW Discovering ETW Tools ETW Evasion ETW Evasion via Patching ETW Evasion via Patching EtwpEventWrite ETW Evasion via Patching EtwpEventWrite v2 ETW Evasion via WinAPIs Patching ETW Provider Session Hijacking Introduction to ETW Patchless ETW Bypass via Hardware Breakpointshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/etw-evasion-via-patching/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/etw-evasion-via-patching/ETW Evasion via Patching ETW Evasion via Patching - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: ETW Bypass Byte Patching ETW Bypass Improved Patching ETW Discovering ETW Tools ETW Evasion ETW Evasion via NtTraceEvent Patching ETW Evasion via Patching EtwpEventWrite ETW Evasion via Patching EtwpEventWrite v2 ETW Evasion via WinAPIs Patching ETW Provider Session Hijacking Introduction to ETW Patchless ETW Bypass via Hardware Breakpointshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/etw-evasion-via-patching-etwpeventwrite/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/etw-evasion-via-patching-etwpeventwrite/ETW Evasion via Patching EtwpEventWrite ETW Evasion via Patching EtwpEventWrite - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: ETW Bypass Byte Patching ETW Bypass Improved Patching ETW Discovering ETW Tools ETW Evasion ETW Evasion via NtTraceEvent Patching ETW Evasion via Patching ETW Evasion via Patching EtwpEventWrite v2 ETW Evasion via WinAPIs Patching ETW Provider Session Hijacking Introduction to ETW Patchless ETW Bypass via Hardware Breakpointshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/etw-evasion-via-patching-etwpeventwrite-v2/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/etw-evasion-via-patching-etwpeventwrite-v2/ETW Evasion via Patching EtwpEventWrite v2 ETW Evasion via Patching EtwpEventWrite v2 - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: ETW Bypass Byte Patching ETW Bypass Improved Patching ETW Discovering ETW Tools ETW Evasion ETW Evasion via NtTraceEvent Patching ETW Evasion via Patching ETW Evasion via Patching EtwpEventWrite ETW Evasion via WinAPIs Patching ETW Provider Session Hijacking Introduction to ETW Patchless ETW Bypass via Hardware Breakpointshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/etw-evasion-via-winapis-patching/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/etw-evasion-via-winapis-patching/ETW Evasion via WinAPIs Patching ETW Evasion via WinAPIs Patching - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: ETW Bypass Byte Patching ETW Bypass Improved Patching ETW Discovering ETW Tools ETW Evasion ETW Evasion via NtTraceEvent Patching ETW Evasion via Patching ETW Evasion via Patching EtwpEventWrite ETW Evasion via Patching EtwpEventWrite v2 ETW Provider Session Hijacking Introduction to ETW Patchless ETW Bypass via Hardware Breakpointshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/etw-provider-session-hijacking/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/etw-provider-session-hijacking/ETW Provider Session Hijacking ETW Provider Session Hijacking - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: ETW Bypass Byte Patching ETW Bypass Improved Patching ETW Discovering ETW Tools ETW Evasion ETW Evasion via NtTraceEvent Patching ETW Evasion via Patching ETW Evasion via Patching EtwpEventWrite ETW Evasion via Patching EtwpEventWrite v2 ETW Evasion via WinAPIs Patching Introduction to ETW Patchless ETW Bypass via Hardware Breakpointshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/evading-google-safe-browsing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/evading-google-safe-browsing/Evading Google Safe Browsing Evading Google Safe Browsing - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing Server Security Anti-Analysis Approve Access via Discord Anti-Analysis Approve Access via Email Anti-Analysis Approve Access via Push Notifications Anti-Analysis Dynamic Obfuscation via Obfuscatorio Anti-Analysis via AES Encryption Anti-Analysis via Base64 Obfuscation Anti-Analysis via Cookie Check Anti-Analysis via Dynamic Encryption Anti-Analysis via Dynamic HTML Generation Anti-Analysis via Fetching Remote Content Anti-Analysis via Honeypots Anti-Analysis via Invisible Encoding Anti-Analysis via IP Restrictions Anti-Analysis via Reverse DNS Query Anti-Analysis via Website Keying Anti-Analysis via XOR Obfuscation Cloning Detection Mechanisms Hiding Domain via Referrer Policy Phishing Detection Methods Practical Phishing Detection Exampleshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/evasion-with-file-bloating/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/evasion-with-file-bloating/Evasion with File Bloating Evasion with File Bloating - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/embedded-systems/execution-models/event-driven-and-state-machine-models/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/execution-models/event-driven-and-state-machine-models/Event-Driven and State-Machine Models Event-Driven and State-Machine Models - firmware architecture that transitions between well-defined states in response to hardware events or software signals. Related Links: Cooperative Scheduling Failure Recovery Models Hybrid Polling and Interrupt Models Interrupt-Driven Execution ISR-to-Task Communication Patterns Power-Aware Execution Strategies Preemptive RTOS Scheduling Real-Time Constraints, Latency, and Jitter Shared-State Synchronization and Concurrency Safety Superloop Task Priorities and Deadline Handlinghttps://r0tbyt3.dev/wiki/content/backend-engineering/concurrency/event-driven-architecture/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/concurrency/event-driven-architecture/Event-driven architecture Event-Driven Architecture - design pattern where components communicate through events for loose coupling. Related Links: Backpressure Circuit breakers Failure modes Graceful degradation Loadshifting Rate limiting Real time data Realtime Server sent events short polling Streaming Throttling Websocketshttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/evil-twin-attacks/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/evil-twin-attacks/Evil Twin Attacks Evil Twin Attacks - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Acoustic Communication Exploits Bluetooth Exploits Deauth Infrared Exploits Near-Field Communication (NFC) Exploits Power Line Communication Exploits Quantum Communication Exploits Radio Frequency Exploits Rogue Access Point Satellite Communication Exploits Ultrasonic Communication Exploits Visible Light Communication Exploits WiFi Exploitshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/evilginx-phishlet-development/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/evilginx-phishlet-development/Evilginx Phishlet Development Evilginx Phishlet Development - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Adversary in the Middle (AitM) via Evilginx Customizing Evilginx OPSEC Configuration Dynamic Device Code Phishing Evilginx URL Rewriting GitHub Device Code Phishing GitLab Device Code Phishing Illicit Consent Grant Invisible Proxy OPSEC Considerations Manual TOTP Harvesting MFA Bypass Azure AitM Phishing MFA Bypass Building an Invisible Proxy MFA Bypass Building an Invisible Proxy via Cloudflare Workers Microsoft Device Code Phishing Protecting Evilginx Server via Caddyhttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/evilginx-url-rewriting/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/evilginx-url-rewriting/Evilginx URL Rewriting Evilginx URL Rewriting - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Adversary in the Middle (AitM) via Evilginx Customizing Evilginx OPSEC Configuration Dynamic Device Code Phishing Evilginx Phishlet Development GitHub Device Code Phishing GitLab Device Code Phishing Illicit Consent Grant Invisible Proxy OPSEC Considerations Manual TOTP Harvesting MFA Bypass Azure AitM Phishing MFA Bypass Building an Invisible Proxy MFA Bypass Building an Invisible Proxy via Cloudflare Workers Microsoft Device Code Phishing Protecting Evilginx Server via Caddyhttps://r0tbyt3.dev/wiki/content/embedded-systems/architectures/arm-m-profile/exceptions/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/architectures/arm-m-profile/exceptions/Exceptions Exceptions - synchronous and asynchronous events on Cortex-M that transfer control to exception handlers, including faults, SVC calls, and system-level exceptions. Related Links: Boot Flow on Cortex-M Interruptions MPU Usage Patterns NVIC TrustZone-Mhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/execute-shell-command/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/execute-shell-command/Execute Shell Command Execute Shell Command - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/executing-commands-via-ishelldispatch2-com-interface/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/executing-commands-via-ishelldispatch2-com-interface/Executing Commands via IShellDispatch2 COM Interface Executing Commands via IShellDispatch2 COM Interface - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/executing-files-via-ihxhelppaneserver-com-interface/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/executing-files-via-ihxhelppaneserver-com-interface/Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxHelpPaneServer COM Interface - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/executing-files-via-ihxinteractiveuser-com-interface/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/executing-files-via-ihxinteractiveuser-com-interface/Executing Files via IHxInteractiveUser COM Interface Executing Files via IHxInteractiveUser COM Interface - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/target-specific-exploitation/exploiting-cloud-infrastructure/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/target-specific-exploitation/exploiting-cloud-infrastructure/Exploiting Cloud Infrastructure Exploiting Cloud Infrastructure - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Exploiting Containerized Environments Exploiting Embedded Systems Exploiting Industrial Control Systems (ICS) Exploiting IoT Devices Exploiting Mobile Devices Exploiting Operational Technology (OT) Systems Exploiting Serverless Environmentshttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/target-specific-exploitation/exploiting-containerized-environments/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/target-specific-exploitation/exploiting-containerized-environments/Exploiting Containerized Environments Exploiting Containerized Environments - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Exploiting Cloud Infrastructure Exploiting Embedded Systems Exploiting Industrial Control Systems (ICS) Exploiting IoT Devices Exploiting Mobile Devices Exploiting Operational Technology (OT) Systems Exploiting Serverless Environmentshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/exploiting-edr-for-evasion/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/exploiting-edr-for-evasion/Exploiting EDR for Evasion Exploiting EDR for Evasion - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/target-specific-exploitation/exploiting-embedded-systems/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/target-specific-exploitation/exploiting-embedded-systems/Exploiting Embedded Systems Exploiting Embedded Systems - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Exploiting Cloud Infrastructure Exploiting Containerized Environments Exploiting Industrial Control Systems (ICS) Exploiting IoT Devices Exploiting Mobile Devices Exploiting Operational Technology (OT) Systems Exploiting Serverless Environmentshttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/target-specific-exploitation/exploiting-industrial-control-systems-ics/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/target-specific-exploitation/exploiting-industrial-control-systems-ics/Exploiting Industrial Control Systems (ICS) Exploiting Industrial Control Systems (ICS) - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Exploiting Cloud Infrastructure Exploiting Containerized Environments Exploiting Embedded Systems Exploiting IoT Devices Exploiting Mobile Devices Exploiting Operational Technology (OT) Systems Exploiting Serverless Environmentshttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/target-specific-exploitation/exploiting-iot-devices/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/target-specific-exploitation/exploiting-iot-devices/Exploiting IoT Devices Exploiting IoT Devices - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Exploiting Cloud Infrastructure Exploiting Containerized Environments Exploiting Embedded Systems Exploiting Industrial Control Systems (ICS) Exploiting Mobile Devices Exploiting Operational Technology (OT) Systems Exploiting Serverless Environmentshttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/target-specific-exploitation/exploiting-mobile-devices/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/target-specific-exploitation/exploiting-mobile-devices/Exploiting Mobile Devices Exploiting Mobile Devices - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Exploiting Cloud Infrastructure Exploiting Containerized Environments Exploiting Embedded Systems Exploiting Industrial Control Systems (ICS) Exploiting IoT Devices Exploiting Operational Technology (OT) Systems Exploiting Serverless Environmentshttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/target-specific-exploitation/exploiting-operational-technology-ot-systems/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/target-specific-exploitation/exploiting-operational-technology-ot-systems/Exploiting Operational Technology (OT) Systems Exploiting Operational Technology (OT) Systems - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Exploiting Cloud Infrastructure Exploiting Containerized Environments Exploiting Embedded Systems Exploiting Industrial Control Systems (ICS) Exploiting IoT Devices Exploiting Mobile Devices Exploiting Serverless Environmentshttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/target-specific-exploitation/exploiting-serverless-environments/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/target-specific-exploitation/exploiting-serverless-environments/Exploiting Serverless Environments Exploiting Serverless Environments - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Exploiting Cloud Infrastructure Exploiting Containerized Environments Exploiting Embedded Systems Exploiting Industrial Control Systems (ICS) Exploiting IoT Devices Exploiting Mobile Devices Exploiting Operational Technology (OT) Systemshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/extract-wifi-passwords/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/extract-wifi-passwords/Extract WiFi Passwords Extract WiFi Passwords - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/backend-engineering/concurrency/failure-modes/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/concurrency/failure-modes/Failure modes Failure Modes - ways in which distributed systems can fail and strategies for handling each. Related Links: Backpressure Circuit breakers Event-driven architecture Graceful degradation Loadshifting Rate limiting Real time data Realtime Server sent events short polling Streaming Throttling Websocketshttps://r0tbyt3.dev/wiki/content/embedded-systems/execution-models/failure-recovery-models/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/execution-models/failure-recovery-models/Failure Recovery Models Failure Recovery Models - strategies for detecting and recovering from runtime errors, watchdog timeouts, and unexpected system states in embedded firmware. Related Links: Cooperative Scheduling Event-Driven and State-Machine Models Hybrid Polling and Interrupt Models Interrupt-Driven Execution ISR-to-Task Communication Patterns Power-Aware Execution Strategies Preemptive RTOS Scheduling Real-Time Constraints, Latency, and Jitter Shared-State Synchronization and Concurrency Safety Superloop Task Priorities and Deadline Handlinghttps://r0tbyt3.dev/wiki/content/backend-engineering/dsa/patterns/fast-and-slow-pointers/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/dsa/patterns/fast-and-slow-pointers/Fast and Slow Pointers Fast and Slow Pointers - two-pointer technique for detecting cycles and finding midpoints in linked lists. Related Links: BFS Pattern Binary Search Pattern DFS Pattern Merge Intervals Monotonic Stack Sliding Window Top K Elements Two Pointers Union Findhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/fetch-a-pointer-to-peb/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/fetch-a-pointer-to-peb/Fetch a Pointer to PEB Fetch a Pointer to PEB - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/fetch-a-pointer-to-peb-arm/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/fetch-a-pointer-to-peb-arm/Fetch a Pointer to PEB ARM Fetch a Pointer to PEB ARM - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/fetch-a-pointer-to-teb/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/fetch-a-pointer-to-teb/Fetch a Pointer to TEB Fetch a Pointer to TEB - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/fetch-image-dos-header/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/fetch-image-dos-header/Fetch Image DOS Header Fetch Image DOS Header - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/fetch-image-headers/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/fetch-image-headers/Fetch Image Headers Fetch Image Headers - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/fetch-image-nt-headers/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/fetch-image-nt-headers/Fetch Image NT Headers Fetch Image NT Headers - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/fetch-payload-via-url/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/fetch-payload-via-url/Fetch Payload via URL Fetch Payload via URL - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/fetch-payload-via-url-using-iwinhttprequest-com-interface/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/fetch-payload-via-url-using-iwinhttprequest-com-interface/Fetch Payload via URL using IWinHttpRequest COM Interface Fetch Payload via URL using IWinHttpRequest COM Interface - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/fetching-lsass-handle-and-bypassing-ppl/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/fetching-lsass-handle-and-bypassing-ppl/Fetching LSASS Handle and Bypassing PPL Fetching LSASS Handle and Bypassing PPL - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/file-creation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/file-creation/File Creation File Creation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Active Directory Active Directory Enumeration Create Shortcut via IShellLink COM Interface File Operations Windows Administration Windows Exploitation Write File to Diskhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/file-entropy-reduction/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/file-entropy-reduction/File Entropy Reduction File Entropy Reduction - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/file-entropy-reduction-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/file-entropy-reduction-techniques/File Entropy Reduction Techniques File Entropy Reduction Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/file-operations/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/file-operations/File Operations File Operations - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Active Directory Active Directory Enumeration Create Shortcut via IShellLink COM Interface File Creation Windows Administration Windows Exploitation Write File to Diskhttps://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/digital-social-engineering/file-sharing-and-removable-media/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/digital-social-engineering/file-sharing-and-removable-media/File Sharing and Removable Media File Sharing and Removable Media - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Business Email Compromise Drive-By Downloads Phishing Overview Typo Squatting Watering Hole Attackshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/covering-tracks/file-time-stomping/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/covering-tracks/file-time-stomping/File Time Stomping File Time Stomping - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Forensic Techniques Covering Tracks Techniques Data Destruction Techniques Log Tampering Techniques Self-Deletion Techniques Shadow Copy Deletion Timestomping Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/file-upload-via-smb/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/file-upload-via-smb/File Upload via SMB File Upload via SMB - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/fileless-malware/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/fileless-malware/Fileless Malware Fileless Malware - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/infrastructure-as-code/server-administration/firewall-configuration/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/infrastructure-as-code/server-administration/firewall-configuration/Firewall Configuration Firewall Configuration - configuring host-based and network firewalls to enforce least-privilege access and traffic filtering. Related Links: Linux Security and Hardening Linux Server Administration SSH Windows Security and Hardening Windows Server Administrationhttps://r0tbyt3.dev/wiki/content/cybersecurity/firewalls/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/firewalls/Firewalls Firewalls - network security systems that monitor and control incoming and outgoing traffic based on predetermined security rules. DMZ Firewalls Overview Honeypots Jump Server Microsegmentation Network Segmentation Port Blocking Zero Trust Architecture Related Links: Application Security Bash Burp Suite Cryptography Cybersecurity Encryption Ghidra Hashing Incident Response and Forensics Information Security Models Linux Operating System Malware Analysis Malware Development Network Security Nginx Nmap Obfuscation and Detection Evasion Offensive Phishing Operations Ransomware SOC and Detection Engineering Social Engineering Threat Modeling Windows Security and Administration Wiresharkhttps://r0tbyt3.dev/wiki/content/cybersecurity/firewalls/firewalls-overview/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/firewalls/firewalls-overview/Firewalls Overview Firewalls Overview - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: DMZ Honeypots Jump Server Microsegmentation Network Segmentation Port Blocking Zero Trust Architecturehttps://r0tbyt3.dev/wiki/content/embedded-systems/exploits/firmware-exploitation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/exploits/firmware-exploitation/Firmware Exploitation Firmware Exploitation - techniques for identifying and exploiting vulnerabilities in embedded firmware, including reverse engineering and binary patching. Related Links: Buffer Overflow Network Attacks Physical Attacks Side-Channel Attackshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/fnv1a-string-hashing-algorithm/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/fnv1a-string-hashing-algorithm/FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/fnv1a-string-hashing-algorithm-ascii/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/fnv1a-string-hashing-algorithm-ascii/FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Algorithm ASCII - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/fnv1a-string-hashing-syscalls-hash-values/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/fnv1a-string-hashing-syscalls-hash-values/FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/fnv1a-string-hashing-syscalls-hash-values-nt/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/fnv1a-string-hashing-syscalls-hash-values-nt/FNV1A String Hashing Syscalls Hash Values NT FNV1A String Hashing Syscalls Hash Values NT - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/fnv1a-syscalls-hash-values-zw/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/fnv1a-syscalls-hash-values-zw/FNV1A Syscalls Hash Values ZW FNV1A Syscalls Hash Values ZW - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/fnv1a-winapis-hash-values/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/fnv1a-winapis-hash-values/FNV1A WinAPIs Hash Values FNV1A WinAPIs Hash Values - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/incident-response-and-forensics/forensics/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/incident-response-and-forensics/forensics/Forensics Forensics - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Forensic Techniques Automated Reverse Engineering Digital Forensics Hayabusa Incident Response Threat Hunting Techniqueshttps://r0tbyt3.dev/wiki/content/backend-engineering/django/forms-and-validation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/django/forms-and-validation/Forms and Validation Forms and Validation - defining HTML forms as Python classes with built-in field validation and error handling. Related Links: Class-Based Views Custom User Model Deployment Django Admin Django Security Django Testing Function-Based Views Middleware Migrations ModelForms Models and ORM Permissions and Groups QuerySets and Managers Settings and Configuration Signals Static Files and Media Templates and Template Tags URL Routing User Authenticationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/forwarded-functions/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/forwarded-functions/Forwarded Functions Forwarded Functions - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/backend-engineering/python/ai-and-llms/function-calling/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/python/ai-and-llms/function-calling/Function calling Function Calling - LLM capability to invoke predefined functions based on natural language input. Related Links: Ai in development Embeddings RAGs Structured outputshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/function-replacements/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/function-replacements/Function Replacements Function Replacements - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/function-replacements-eg-malloc-strcpy-zeromemory/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/function-replacements-eg-malloc-strcpy-zeromemory/Function Replacements eg Malloc Strcpy ZeroMemory Function Replacements eg Malloc Strcpy ZeroMemory - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/function-stomping/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/function-stomping/Function Stomping Function Stomping - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/backend-engineering/django/function-based-views/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/django/function-based-views/Function-Based Views Function-Based Views - request-handling functions that receive an HttpRequest object and return an HttpResponse. Related Links: Class-Based Views Custom User Model Deployment Django Admin Django Security Django Testing Forms and Validation Middleware Migrations ModelForms Models and ORM Permissions and Groups QuerySets and Managers Settings and Configuration Signals Static Files and Media Templates and Template Tags URL Routing User Authenticationhttps://r0tbyt3.dev/wiki/content/backend-engineering/python/software-engineering/functional-testing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/python/software-engineering/functional-testing/Functional testing Functional Testing - verifying that software functions according to specified requirements. Related Links: Code reviews Documentation generation Git Integration testing Refactoring Unit testinghttps://r0tbyt3.dev/wiki/content/embedded-systems/c-language/functions-and-modular-firmware-design/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/c-language/functions-and-modular-firmware-design/Functions and Modular Firmware Design Functions and Modular Firmware Design - function declarations, calling conventions, stack usage, and techniques for organizing firmware into reusable modules. Related Links: Accessing Memory-Mapped Registers with Pointers Bitwise Operators and Bit Manipulation Techniques Compiler Optimization Behavior and volatile Fixes Complex const and volatile Combinations Control Flow for Firmware Data Types, Variables, and Storage Class Specifiers Defensive C Patterns for Vulnerability Prevention ELF File Format, Symbols, Sections, and Segments Pointers and Casting in Embedded C Register Definitions with C Structures Relocation, Linking, Literal Pools, and Veneers Structures, Bitfields, Unions, and Bit Extraction Toolchain Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/encryption/generating-encryption-keys-without-winapi-calls/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/encryption/generating-encryption-keys-without-winapi-calls/Generating Encryption Keys Without WinAPI Calls Generating Encryption Keys Without WinAPI Calls - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AES Base N Encoder Entropy Reduction Brute Forcing Key Decryption Caesar Cipher Encryption Decryption ChaCha20 Encryption Algorithm Data Encryption Techniques Encryption Fundamentals Random Key Generation RC4 SystemFunction040 Encryption Decryption XOR Encryption Decryption via Multi-Byte Key XOR Encryption Decryption via Single Bytehttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/get-current-lsa-user-ms-lsat/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/get-current-lsa-user-ms-lsat/Get Current LSA User MS-LSAT Get Current LSA User MS-LSAT - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/get-current-token/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/get-current-token/Get Current Token Get Current Token - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/get-domain-sid/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/get-domain-sid/Get Domain SID Get Domain SID - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/get-domain-sid-ms-samr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/get-domain-sid-ms-samr/Get Domain SID MS-SAMR Get Domain SID MS-SAMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/get-ntdll-base-address-from-stack-frame-walk/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/get-ntdll-base-address-from-stack-frame-walk/Get NTDLL Base Address from Stack Frame Walk Get NTDLL Base Address from Stack Frame Walk - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/get-payload-from-url/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/get-payload-from-url/Get Payload from URL Get Payload from URL - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/get-service-display-name-ms-scmr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/get-service-display-name-ms-scmr/Get Service Display Name MS-SCMR Get Service Display Name MS-SCMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/get-username/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/get-username/Get Username Get Username - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/get-workstation-info-level-100-ms-wkst/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/get-workstation-info-level-100-ms-wkst/Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 100 MS-WKST - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/get-workstation-info-level-101-ms-wkst/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/get-workstation-info-level-101-ms-wkst/Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 101 MS-WKST - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/get-workstation-info-level-102-ms-wkst/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/get-workstation-info-level-102-ms-wkst/Get Workstation Info Level 102 MS-WKST Get Workstation Info Level 102 MS-WKST - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/getmodulehandle-replacement/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/getmodulehandle-replacement/GetModuleHandle Replacement GetModuleHandle Replacement - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/getprocaddress-replacement/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/getprocaddress-replacement/GetProcAddress Replacement GetProcAddress Replacement - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/ghidra/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/ghidra/Ghidra Ghidra - a free and open-source reverse engineering tool suite developed by the NSA for analyzing compiled code across multiple platforms. Ghidra Fundamentals Ghidra Scripting Reverse Engineering with Ghidra Static Analysis with Ghidra Related Links: Application Security Bash Burp Suite Cryptography Cybersecurity Encryption Firewalls Hashing Incident Response and Forensics Information Security Models Linux Operating System Malware Analysis Malware Development Network Security Nginx Nmap Obfuscation and Detection Evasion Offensive Phishing Operations Ransomware SOC and Detection Engineering Social Engineering Threat Modeling Windows Security and Administration Wiresharkhttps://r0tbyt3.dev/wiki/content/cybersecurity/ghidra/ghidra-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/ghidra/ghidra-fundamentals/Ghidra Fundamentals Ghidra Fundamentals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ghidra Scripting Reverse Engineering with Ghidra Static Analysis with Ghidrahttps://r0tbyt3.dev/wiki/content/cybersecurity/ghidra/ghidra-scripting/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/ghidra/ghidra-scripting/Ghidra Scripting Ghidra Scripting - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ghidra Fundamentals Reverse Engineering with Ghidra Static Analysis with Ghidrahttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/ghost-process-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/ghost-process-injection/Ghost Process Injection Ghost Process Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/ghostly-hollowing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/ghostly-hollowing/Ghostly Hollowing Ghostly Hollowing - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/backend-engineering/python/software-engineering/git/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/python/software-engineering/git/Git Git - distributed version control system for tracking code changes and collaborating on projects. Related Links: Code reviews Documentation generation Functional testing Integration testing Refactoring Unit testinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/github-device-code-phishing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/github-device-code-phishing/GitHub Device Code Phishing GitHub Device Code Phishing - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Adversary in the Middle (AitM) via Evilginx Customizing Evilginx OPSEC Configuration Dynamic Device Code Phishing Evilginx Phishlet Development Evilginx URL Rewriting GitLab Device Code Phishing Illicit Consent Grant Invisible Proxy OPSEC Considerations Manual TOTP Harvesting MFA Bypass Azure AitM Phishing MFA Bypass Building an Invisible Proxy MFA Bypass Building an Invisible Proxy via Cloudflare Workers Microsoft Device Code Phishing Protecting Evilginx Server via Caddyhttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/gitlab-device-code-phishing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/gitlab-device-code-phishing/GitLab Device Code Phishing GitLab Device Code Phishing - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Adversary in the Middle (AitM) via Evilginx Customizing Evilginx OPSEC Configuration Dynamic Device Code Phishing Evilginx Phishlet Development Evilginx URL Rewriting GitHub Device Code Phishing Illicit Consent Grant Invisible Proxy OPSEC Considerations Manual TOTP Harvesting MFA Bypass Azure AitM Phishing MFA Bypass Building an Invisible Proxy MFA Bypass Building an Invisible Proxy via Cloudflare Workers Microsoft Device Code Phishing Protecting Evilginx Server via Caddyhttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/goto-functionality/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/goto-functionality/GoTo Functionality GoTo Functionality - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/backend-engineering/concurrency/graceful-degradation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/concurrency/graceful-degradation/Graceful degradation Graceful Degradation - design approach maintaining partial functionality when parts of a system fail. Related Links: Backpressure Circuit breakers Event-driven architecture Failure modes Loadshifting Rate limiting Real time data Realtime Server sent events short polling Streaming Throttling Websocketshttps://r0tbyt3.dev/wiki/content/backend-engineering/dsa/algorithms/graph-algorithms/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/dsa/algorithms/graph-algorithms/Graph Algorithms Graph Algorithms - BFS, DFS, Dijkstra’s shortest path, topological sort, union-find, and minimum spanning trees. Related Links: Backtracking Big O Notation Bit Manipulation Divide and Conquer Dynamic Programming Greedy Algorithms Recursion Searching Sortinghttps://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-types/graphdbs/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-types/graphdbs/Graphdbs Graph Databases - databases using graph structures with nodes and edges to store and query relationships. Related Links: Column dbs Document dbs Elasticsearch Key value Memcached Non-relational databases NoSQL databases Redis Relational databases Search engines Solr Time series dbs Vector databaseshttps://r0tbyt3.dev/wiki/content/backend-engineering/web/apis/graphql/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/web/apis/graphql/GraphQL GraphQL - query language for APIs allowing clients to request exactly the data they need. Related Links: API API Design API styles GraphQL Fundamentals GRPC HTTP and API Fundamentals Open API Specification (OAS) REST REST API Design SOAPhttps://r0tbyt3.dev/wiki/content/backend-engineering/web/apis/graphql-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/web/apis/graphql-fundamentals/GraphQL Fundamentals GraphQL Fundamentals - core concepts of GraphQL including schemas, resolvers, queries, and mutations. Related Links: API API Design API styles GraphQL GRPC HTTP and API Fundamentals Open API Specification (OAS) REST REST API Design SOAPhttps://r0tbyt3.dev/wiki/content/backend-engineering/dsa/data-structures/graphs/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/dsa/data-structures/graphs/Graphs Graphs - collections of nodes connected by edges, represented as adjacency lists or matrices in Python. Related Links: Arrays Binary Search Trees Hash Tables Heaps Linked Lists Queues Sets Stacks Strings Trees Trieshttps://r0tbyt3.dev/wiki/content/backend-engineering/dsa/algorithms/greedy-algorithms/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/dsa/algorithms/greedy-algorithms/Greedy Algorithms Greedy Algorithms - approach making locally optimal choices at each step to reach a globally optimal solution. Related Links: Backtracking Big O Notation Bit Manipulation Divide and Conquer Dynamic Programming Graph Algorithms Recursion Searching Sortinghttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory/group-administration/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory/group-administration/Group Administration Group Administration - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Active Directory Fundamentals IAM Policies Identity and Access Management Fundamentals Identity Federation Pass the Hash Privileged Access Management User Administrationhttps://r0tbyt3.dev/wiki/content/backend-engineering/web/apis/grpc/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/web/apis/grpc/GRPC gRPC - high-performance open-source RPC framework using HTTP/2 and Protocol Buffers for communication. Related Links: API API Design API styles GraphQL GraphQL Fundamentals HTTP and API Fundamentals Open API Specification (OAS) REST REST API Design SOAPhttps://r0tbyt3.dev/wiki/labs/hackthebox/hackthebox/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/labs/hackthebox/hackthebox/Hack the Box Writeups NOTICE: In order to maintain the integrity of the Hack the Box platform, this webpage only contains writeups for retired machines or specific, designated Pro Labs. Additionally, writeups do not contain any flags. Hack the Box - a platform for learning and practicing cybersecurity skills through real-world challenges and exercises. Hack the Box writeups and solutions. Active Directory Exploitation AI and ML Exploitation Binary Exploitation Hardware Exploitation Reverse Engineering Related Links: Try Hack Me RingZer0 CTFhttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-protocols/handshakes/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-protocols/handshakes/Handshakes Handshakes - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: DNS HTTPS Networking Networking Fundamentals Subnettinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/hardware-breakpoint-hooking-library/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/hardware-breakpoint-hooking-library/Hardware Breakpoint Hooking Library Hardware Breakpoint Hooking Library - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/hardware-breakpoint-threadless-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/hardware-breakpoint-threadless-injection/Hardware Breakpoint Threadless Injection Hardware Breakpoint Threadless Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/ntdll-unhooking-and-api-hooking/hardware-hooks/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/ntdll-unhooking-and-api-hooking/hardware-hooks/Hardware Hooks Hardware Hooks - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Variants NTDLL Unhooking NTDLL Unhooking Variants Unhooking All DLLs Utilizing Hardware Breakpoints for Hooking 1 Utilizing Hardware Breakpoints for Hooking 2https://r0tbyt3.dev/wiki/content/embedded-systems/architectures/memory-architecture/harvard/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/architectures/memory-architecture/harvard/Harvard Harvard - a processor memory architecture that uses separate buses for instruction and data memory, enabling simultaneous fetches and improving throughput in embedded applications. Related Links: Von Neumannhttps://r0tbyt3.dev/wiki/content/backend-engineering/dsa/data-structures/hash-tables/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/dsa/data-structures/hash-tables/Hash Tables Hash Tables - key-value store with O(1) average lookup, insert, and delete, implemented with Python dict and set. Related Links: Arrays Binary Search Trees Graphs Heaps Linked Lists Queues Sets Stacks Strings Trees Trieshttps://r0tbyt3.dev/wiki/content/cybersecurity/hashing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/hashing/Hashing Hashing - the transformation of arbitrary data into a fixed-size digest using one-way cryptographic functions for integrity verification and storage. CRC DJB2 Lose Lose Hashing Algorithms Hashing Fundamentals Multiple Hashing Algorithms Related Links: Application Security Bash Burp Suite Cryptography Cybersecurity Encryption Firewalls Ghidra Incident Response and Forensics Information Security Models Linux Operating System Malware Analysis Malware Development Network Security Nginx Nmap Obfuscation and Detection Evasion Offensive Phishing Operations Ransomware SOC and Detection Engineering Social Engineering Threat Modeling Windows Security and Administration Wiresharkhttps://r0tbyt3.dev/wiki/content/backend-engineering/security/cryptography/hashing-algorithms/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/security/cryptography/hashing-algorithms/Hashing algorithms Hashing Algorithms - functions mapping data of arbitrary size to fixed-size values for integrity and security. Related Links: Argon2 Bcrypt MD5 Scrypt SHA-1 SHA-256 TLShttps://r0tbyt3.dev/wiki/content/cybersecurity/hashing/hashing-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/hashing/hashing-fundamentals/Hashing Fundamentals Hashing Fundamentals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: CRC DJB2 Lose Lose Hashing Algorithms Multiple Hashing Algorithmshttps://r0tbyt3.dev/wiki/content/cybersecurity/incident-response-and-forensics/hayabusa/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/incident-response-and-forensics/hayabusa/Hayabusa Hayabusa - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Forensic Techniques Automated Reverse Engineering Digital Forensics Forensics Incident Response Threat Hunting Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/soc-and-detection-engineering/siem-and-tools/hayabusa/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/soc-and-detection-engineering/siem-and-tools/hayabusa/Hayabusa Hayabusa - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Maltego SIEM Fundamentals Splunkhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/sleep-obfuscation/heap-encryption-with-ekko-sleep-obfuscation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/sleep-obfuscation/heap-encryption-with-ekko-sleep-obfuscation/Heap Encryption with Ekko Sleep Obfuscation Heap Encryption with Ekko Sleep Obfuscation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ekko Sleep Obfuscation with Control Flow Guard Ekko Sleep Obfuscation with Restored File Section Protections Ekko Sleep Obfuscation with RtlEncryptMemory and RtlDecryptMemory Ekko Sleep Obfuscation with Stack Spoofing Introduction to Ekko Sleep Obfuscation Introduction to Foliage Sleep Obfuscation Introduction to Sleep Obfuscation PEfluctuation Zilean Sleep Obfuscation with Stack Duplicationhttps://r0tbyt3.dev/wiki/content/backend-engineering/dsa/data-structures/heaps/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/dsa/data-structures/heaps/Heaps Heaps - complete binary trees satisfying the heap property, implemented with Python’s heapq module for priority queues. Related Links: Arrays Binary Search Trees Graphs Hash Tables Linked Lists Queues Sets Stacks Strings Trees Trieshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/hellshall/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/hellshall/Hellshall Hellshall - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/herpaderping-hollowing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/herpaderping-hollowing/Herpaderping Hollowing Herpaderping Hollowing - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/herpaderping-process-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/herpaderping-process-injection/Herpaderping Process Injection Herpaderping Process Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/embedded-systems/architectures/heterogeneous-socs-and-co-processors/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/architectures/heterogeneous-socs-and-co-processors/Heterogeneous SoCs and Co-processors Heterogeneous SoCs and Co-processors - system-on-chip designs that integrate multiple processor types (such as Cortex-M and Cortex-A), DSPs, or hardware accelerators to balance performance and power efficiency. Related Links: Arm M-profile Bus Fabrics and On-Chip Interconnects CPU Core Concepts Memory Architecture Power and Clock Domain Architecture RISC-V Single Core vs Multi-Core Architectureshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/hide-console-window/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/hide-console-window/Hide Console Window Hide Console Window - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/hide-process-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/hide-process-kernel/Hide Process Kernel Hide Process Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/hide-process-kernel-internals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/hide-process-kernel-internals/Hide Process Kernel Internals Hide Process Kernel Internals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/hide-thread-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/hide-thread-kernel/Hide Thread Kernel Hide Thread Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/hide-thread-kernel-internals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/hide-thread-kernel-internals/Hide Thread Kernel Internals Hide Thread Kernel Internals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/hiding-domain-via-referrer-policy/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/hiding-domain-via-referrer-policy/Hiding Domain via Referrer Policy Hiding Domain via Referrer Policy - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing Server Security Anti-Analysis Approve Access via Discord Anti-Analysis Approve Access via Email Anti-Analysis Approve Access via Push Notifications Anti-Analysis Dynamic Obfuscation via Obfuscatorio Anti-Analysis via AES Encryption Anti-Analysis via Base64 Obfuscation Anti-Analysis via Cookie Check Anti-Analysis via Dynamic Encryption Anti-Analysis via Dynamic HTML Generation Anti-Analysis via Fetching Remote Content Anti-Analysis via Honeypots Anti-Analysis via Invisible Encoding Anti-Analysis via IP Restrictions Anti-Analysis via Reverse DNS Query Anti-Analysis via Website Keying Anti-Analysis via XOR Obfuscation Cloning Detection Mechanisms Evading Google Safe Browsing Phishing Detection Methods Practical Phishing Detection Exampleshttps://r0tbyt3.dev/wiki/content/home/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/home/Computer Science and Cybersecurity wiki on various topics, domains, tools, and playbooks. Have fun exploring and learning! Backend Engineering Cybersecurity DevOps and Platform Engineering Embedded Systemshttps://r0tbyt3.dev/wiki/content/cybersecurity/firewalls/honeypots/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/firewalls/honeypots/Honeypots Honeypots - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: DMZ Firewalls Overview Jump Server Microsegmentation Network Segmentation Port Blocking Zero Trust Architecturehttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/host-check/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/host-check/Host Check Host Check - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: DNS Lookup ICMP Echo Network Attacks Network Evasion Techniques Network Protocols Port Scanning TCP Port Scan VPNs Wireless and Physical Attackshttps://r0tbyt3.dev/wiki/content/cybersecurity/incident-response-and-forensics/digital-forensics/host-forensics-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/incident-response-and-forensics/digital-forensics/host-forensics-fundamentals/Host Forensics Fundamentals Host Forensics Fundamentals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Disk Forensics Memory Forensicshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/hostname-verification/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/hostname-verification/Hostname Verification Hostname Verification - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/html-smuggling/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/html-smuggling/HTML Smuggling HTML Smuggling - techniques for delivering malicious payloads by encoding them within HTML and JavaScript to bypass email and web content filters. Analyzing and Evading SmuggleShield HTML Smuggling HTML Smuggling Strategies Integrating Anti-Bot with HTML Smuggling MOTW Bypass via FileFix Variations SVG Smuggling WebAssembly Smuggling Related Links: AitM and MFA Bypass Anti-Bot Email Attachments and Phishing Campaigns Infrastructure Introduction to Phishing Page Design and Delivery Phishing Anti-Analysis Phishing Requirementshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/html-smuggling/html-smuggling/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/html-smuggling/html-smuggling/HTML Smuggling HTML Smuggling - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing and Evading SmuggleShield HTML Smuggling Strategies Integrating Anti-Bot with HTML Smuggling MOTW Bypass via FileFix Variations SVG Smuggling WebAssembly Smugglinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/html-smuggling/html-smuggling-strategies/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/html-smuggling/html-smuggling-strategies/HTML Smuggling Strategies HTML Smuggling Strategies - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing and Evading SmuggleShield HTML Smuggling Integrating Anti-Bot with HTML Smuggling MOTW Bypass via FileFix Variations SVG Smuggling WebAssembly Smugglinghttps://r0tbyt3.dev/wiki/content/backend-engineering/web/apis/http-and-api-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/web/apis/http-and-api-fundamentals/HTTP and API Fundamentals HTTP and API Fundamentals - core HTTP concepts including methods, status codes, headers, and request lifecycle. Related Links: API API Design API styles GraphQL GraphQL Fundamentals GRPC Open API Specification (OAS) REST REST API Design SOAPhttps://r0tbyt3.dev/wiki/content/backend-engineering/web/web-infrastructure/http-caching/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/web/web-infrastructure/http-caching/Http caching HTTP Caching - browser and proxy caching mechanisms using HTTP headers to reduce server load. Related Links: Apache Caddy Domain name Domain name system Https Nginx Fundamentals Web servershttps://r0tbyt3.dev/wiki/content/backend-engineering/web/web-infrastructure/https/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/web/web-infrastructure/https/Https HTTPS - secure version of HTTP using TLS encryption to protect data in transit. Related Links: Apache Caddy Domain name Domain name system Http caching Nginx Fundamentals Web servershttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-protocols/https/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-protocols/https/HTTPS HTTPS - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: DNS Handshakes Networking Networking Fundamentals Subnettinghttps://r0tbyt3.dev/wiki/content/embedded-systems/execution-models/hybrid-polling-and-interrupt-models/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/execution-models/hybrid-polling-and-interrupt-models/Hybrid Polling and Interrupt Models Hybrid Polling and Interrupt Models - combined approach that uses interrupts to flag events and polling loops to process them, balancing latency and complexity. Related Links: Cooperative Scheduling Event-Driven and State-Machine Models Failure Recovery Models Interrupt-Driven Execution ISR-to-Task Communication Patterns Power-Aware Execution Strategies Preemptive RTOS Scheduling Real-Time Constraints, Latency, and Jitter Shared-State Synchronization and Concurrency Safety Superloop Task Priorities and Deadline Handlinghttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/hypervisors/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/hypervisors/Hypervisors Hypervisors - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/embedded-systems/communication-protocols/i2c/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/communication-protocols/i2c/I2C I2C - two-wire serial bus protocol for short-distance communication between a master and multiple peripheral devices sharing clock and data lines. Related Links: CAN Bus Monodon Firmware SPI UARThttps://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/infrastructure-as-code/iac-tools/iac-security/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/infrastructure-as-code/iac-tools/iac-security/IaC Security IaC Security - scanning infrastructure code for misconfigurations, enforcing policy-as-code, and preventing secrets in version control. Related Links: Configuration Management Fundamentals Infrastructure as Code Fundamentals Terraform Fundamentalshttps://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/infrastructure-as-code/iac-tools/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/infrastructure-as-code/iac-tools/IaC Tools IaC Tools - provisioning infrastructure declaratively with Terraform and enforcing configuration with management frameworks. Configuration Management Fundamentals IaC Security Infrastructure as Code Fundamentals Terraform Fundamentals Related Links: Server Administrationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory/iam-policies/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory/iam-policies/IAM Policies IAM Policies - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Active Directory Fundamentals Group Administration Identity and Access Management Fundamentals Identity Federation Pass the Hash Privileged Access Management User Administrationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/iat-api-set-resolution/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/iat-api-set-resolution/IAT API Set Resolution IAT API Set Resolution - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/iat-camouflage/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/iat-camouflage/IAT Camouflage IAT Camouflage - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/iat-obfuscation-variants/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/iat-obfuscation-variants/IAT Obfuscation Variants IAT Obfuscation Variants - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/icmp-echo/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/icmp-echo/ICMP Echo ICMP Echo - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: DNS Lookup Host Check Network Attacks Network Evasion Techniques Network Protocols Port Scanning TCP Port Scan VPNs Wireless and Physical Attackshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory/identity-and-access-management-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory/identity-and-access-management-fundamentals/Identity and Access Management Fundamentals Identity and Access Management Fundamentals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Active Directory Fundamentals Group Administration IAM Policies Identity Federation Pass the Hash Privileged Access Management User Administrationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory/identity-federation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory/identity-federation/Identity Federation Identity Federation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Active Directory Fundamentals Group Administration IAM Policies Identity and Access Management Fundamentals Pass the Hash Privileged Access Management User Administrationhttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/ids-evasion-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/ids-evasion-techniques/IDS Evasion Techniques IDS Evasion Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/illicit-consent-grant/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/illicit-consent-grant/Illicit Consent Grant Illicit Consent Grant - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Adversary in the Middle (AitM) via Evilginx Customizing Evilginx OPSEC Configuration Dynamic Device Code Phishing Evilginx Phishlet Development Evilginx URL Rewriting GitHub Device Code Phishing GitLab Device Code Phishing Invisible Proxy OPSEC Considerations Manual TOTP Harvesting MFA Bypass Azure AitM Phishing MFA Bypass Building an Invisible Proxy MFA Bypass Building an Invisible Proxy via Cloudflare Workers Microsoft Device Code Phishing Protecting Evilginx Server via Caddyhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/impersonate-process-user/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/impersonate-process-user/Impersonate Process User Impersonate Process User - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/physical-social-engineering/impersonation-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/physical-social-engineering/impersonation-techniques/Impersonation Techniques Impersonation Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Dumpster Diving Lock Picking Pretextinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/improving-domain-reputation-domain-aging/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/improving-domain-reputation-domain-aging/Improving Domain Reputation Domain Aging Improving Domain Reputation Domain Aging - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automate Phishing Infrastructure Ansible Automate Phishing Infrastructure Terraform Database Setup MySQL Deploying Phishing Infrastructure Domain and DNS Configuration Improving Domain Reputation Domain Categorization Improving Domain Reputation Web Traffic Introduction to Caddy OPSEC Failure Directory Listing Performing Input Validation Protecting Phishing Servers via Caddy Protecting Phishing Servers via Mod Rewrite Secure SSH Configuration Securing Server Blocking Direct IP Access Securing Server Removing Verbose Information Securing Server Restrict HTTP Access Securing Server via Cloudflare Serverless Phishing Cloudflare Worker SSL Configuration Comodo SSL SSL Configuration Lets Encrypt Web Server Setup Apache PHP Web Server Setup Nginx Flask Wildcard Certificate via Lets Encrypthttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/improving-domain-reputation-domain-categorization/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/improving-domain-reputation-domain-categorization/Improving Domain Reputation Domain Categorization Improving Domain Reputation Domain Categorization - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automate Phishing Infrastructure Ansible Automate Phishing Infrastructure Terraform Database Setup MySQL Deploying Phishing Infrastructure Domain and DNS Configuration Improving Domain Reputation Domain Aging Improving Domain Reputation Web Traffic Introduction to Caddy OPSEC Failure Directory Listing Performing Input Validation Protecting Phishing Servers via Caddy Protecting Phishing Servers via Mod Rewrite Secure SSH Configuration Securing Server Blocking Direct IP Access Securing Server Removing Verbose Information Securing Server Restrict HTTP Access Securing Server via Cloudflare Serverless Phishing Cloudflare Worker SSL Configuration Comodo SSL SSL Configuration Lets Encrypt Web Server Setup Apache PHP Web Server Setup Nginx Flask Wildcard Certificate via Lets Encrypthttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/improving-domain-reputation-web-traffic/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/improving-domain-reputation-web-traffic/Improving Domain Reputation Web Traffic Improving Domain Reputation Web Traffic - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automate Phishing Infrastructure Ansible Automate Phishing Infrastructure Terraform Database Setup MySQL Deploying Phishing Infrastructure Domain and DNS Configuration Improving Domain Reputation Domain Aging Improving Domain Reputation Domain Categorization Introduction to Caddy OPSEC Failure Directory Listing Performing Input Validation Protecting Phishing Servers via Caddy Protecting Phishing Servers via Mod Rewrite Secure SSH Configuration Securing Server Blocking Direct IP Access Securing Server Removing Verbose Information Securing Server Restrict HTTP Access Securing Server via Cloudflare Serverless Phishing Cloudflare Worker SSL Configuration Comodo SSL SSL Configuration Lets Encrypt Web Server Setup Apache PHP Web Server Setup Nginx Flask Wildcard Certificate via Lets Encrypthttps://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/observability-and-sre/incident-management-for-sre/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/observability-and-sre/incident-management-for-sre/Incident Management for SRE Incident Management for SRE - structured process for detecting, responding to, and learning from production incidents. Related Links: Monitoring and Observability Monitoring Tools Observability Fundamentals SLI SLO SLAhttps://r0tbyt3.dev/wiki/content/cybersecurity/incident-response-and-forensics/incident-response/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/incident-response-and-forensics/incident-response/Incident Response Incident Response - the coordinated approach to preparing for, detecting, containing, and recovering from cybersecurity incidents. Incident Response Lifecycle Related Links: Anti-Forensic Techniques Automated Reverse Engineering Digital Forensics Forensics Hayabusa Threat Hunting Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/incident-response-and-forensics/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/incident-response-and-forensics/Incident Response and Forensics Incident Response and Forensics - the structured process of detecting, analyzing, containing, and recovering from security incidents while preserving evidence. Anti-Forensic Techniques Automated Reverse Engineering Digital Forensics Forensics Hayabusa Incident Response Threat Hunting Techniques Related Links: Application Security Bash Burp Suite Cryptography Cybersecurity Encryption Firewalls Ghidra Hashing Information Security Models Linux Operating System Malware Analysis Malware Development Network Security Nginx Nmap Obfuscation and Detection Evasion Offensive Phishing Operations Ransomware SOC and Detection Engineering Social Engineering Threat Modeling Windows Security and Administration Wiresharkhttps://r0tbyt3.dev/wiki/content/cybersecurity/incident-response-and-forensics/incident-response/incident-response-lifecycle/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/incident-response-and-forensics/incident-response/incident-response-lifecycle/Incident Response Lifecycle Incident Response Lifecycle - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links:https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/incognito-mode-detection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/incognito-mode-detection/Incognito Mode Detection Incognito Mode Detection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ad Blocker Detection Anti-Bot Library Anti-Bot via Advanced JA4 Analysis Anti-Bot via CAPTCHA Anti-Bot via Improper Window Size Anti-Bot via User Agent Filtering Anti-Bot via User Agent Spoofing Detection Anti-Bot via User Interaction Client Analysis via Cloudflare Workers Client Logging Library Collecting and Analyzing Bot Telemetry Collecting and Analyzing JA4 Bot Telemetry Detecting Headless Browsers via WebDriver Property JA3 JA3S Fingerprinting JA4 Analysis Blacklisting JA4 Fingerprints JA4 Analysis Blacklisting Partial JA4 Fingerprints JA4 Analysis Calculating JA4 Fingerprints JA4 Analysis Whitelisting Partial JA4 Fingerprints JA4 JA4S Fingerprinting JARM Fingerprintinghttps://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-performance/indexes-and-performance-optimization/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-performance/indexes-and-performance-optimization/Indexes and performance optimization Indexes and Performance Optimization - strategies for using database indexes to improve query speed. Related Links: Data replication Database index Database scaling Indexing and Query Performance N+1 query problem Performance tuning and query optimization Shardinghttps://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-performance/indexing-and-query-performance/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-performance/indexing-and-query-performance/Indexing and Query Performance Indexing and Query Performance - techniques for creating and maintaining database indexes to speed up queries. Related Links: Data replication Database index Database scaling Indexes and performance optimization N+1 query problem Performance tuning and query optimization Shardinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/indirect-syscalls/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/indirect-syscalls/Indirect Syscalls Indirect Syscalls - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/Information Security Models Information Security Models - frameworks, principles, and governance models used to guide the design and assessment of secure information systems. CIA Triad Information Security Models Overview Privacy Related Links: Application Security Bash Burp Suite Cryptography Cybersecurity Encryption Firewalls Ghidra Hashing Incident Response and Forensics Linux Operating System Malware Analysis Malware Development Network Security Nginx Nmap Obfuscation and Detection Evasion Offensive Phishing Operations Ransomware SOC and Detection Engineering Social Engineering Threat Modeling Windows Security and Administration Wiresharkhttps://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/information-security-models-overview/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/information-security-models-overview/Information Security Models Overview Information Security Models Overview - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: CIA Triad Privacyhttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/infrared-exploits/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/infrared-exploits/Infrared Exploits Infrared Exploits - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Acoustic Communication Exploits Bluetooth Exploits Deauth Evil Twin Attacks Near-Field Communication (NFC) Exploits Power Line Communication Exploits Quantum Communication Exploits Radio Frequency Exploits Rogue Access Point Satellite Communication Exploits Ultrasonic Communication Exploits Visible Light Communication Exploits WiFi Exploitshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/Infrastructure Infrastructure - the server setup, domain configuration, SSL management, and automation required to deploy and operate phishing campaigns. Automate Phishing Infrastructure Ansible Automate Phishing Infrastructure Terraform Database Setup MySQL Deploying Phishing Infrastructure Domain and DNS Configuration Improving Domain Reputation Domain Aging Improving Domain Reputation Domain Categorization Improving Domain Reputation Web Traffic Introduction to Caddy OPSEC Failure Directory Listing Performing Input Validation Protecting Phishing Servers via Caddy Protecting Phishing Servers via Mod Rewrite Secure SSH Configuration Securing Server Blocking Direct IP Access Securing Server Removing Verbose Information Securing Server Restrict HTTP Access Securing Server via Cloudflare Serverless Phishing Cloudflare Worker SSL Configuration Comodo SSL SSL Configuration Lets Encrypt Web Server Setup Apache PHP Web Server Setup Nginx Flask Wildcard Certificate via Lets Encrypt Related Links: AitM and MFA Bypass Anti-Bot Email Attachments and Phishing Campaigns HTML Smuggling Introduction to Phishing Page Design and Delivery Phishing Anti-Analysis Phishing Requirementshttps://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/infrastructure-as-code/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/infrastructure-as-code/Infrastructure as Code Infrastructure as Code - provisioning, managing, and securing infrastructure through versioned code and automation. IaC Tools Server Administration Related Links: CI-CD Containers and Kubernetes DevOps and Platform Engineering Observability and SREhttps://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/infrastructure-as-code/iac-tools/infrastructure-as-code-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/infrastructure-as-code/iac-tools/infrastructure-as-code-fundamentals/Infrastructure as Code Fundamentals Infrastructure as Code Fundamentals - defining, versioning, and automating infrastructure provisioning for repeatable deployments. Related Links: Configuration Management Fundamentals IaC Security Terraform Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/injection-attacks/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/injection-attacks/Injection Attacks Injection Attacks - attack techniques that insert malicious data into an application to alter its execution or query behavior. Buffer Overflows CSRF Directory Traversal SQL Injection Timing Attacks XSS Related Links: Authentication and Authorization Automated Exploit Generation Automated Vulnerability Discovery Common Exploit Frameworks and Tools OWASP Top 10 Secure Coding Fundamentals Software Vulnerabilities and Exploits Target-Specific Exploitation Web Based Attackshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/inserting-a-custom-section-into-a-pe/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/inserting-a-custom-section-into-a-pe/Inserting a Custom Section into a PE Inserting a Custom Section into a PE - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/backend-engineering/system-design/scalability-and-infrastructure/instrumentation-and-monitoring/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/system-design/scalability-and-infrastructure/instrumentation-and-monitoring/Instrumentation and monitoring Instrumentation and Monitoring - practices for measuring system behavior and observing application health. Related Links: Building for scale Caching Caching Fundamentals Docker Kubernetes Profiling performance System Design Fundamentals Telemetryhttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/html-smuggling/integrating-anti-bot-with-html-smuggling/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/html-smuggling/integrating-anti-bot-with-html-smuggling/Integrating Anti-Bot with HTML Smuggling Integrating Anti-Bot with HTML Smuggling - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing and Evading SmuggleShield HTML Smuggling HTML Smuggling Strategies MOTW Bypass via FileFix Variations SVG Smuggling WebAssembly Smugglinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/page-design-and-delivery/integrating-backend-functionality/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/page-design-and-delivery/integrating-backend-functionality/Integrating Backend Functionality Integrating Backend Functionality - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: ClickFix Run Dialog Alternatives Cloning Websites via Browser Extension Designing Custom Phishing Pages Introduction to Apache Mod Rewrite Introduction to ClickFix Introduction to Flask Living Off Trusted Sites (LOTS)https://r0tbyt3.dev/wiki/content/backend-engineering/python/software-engineering/integration-testing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/python/software-engineering/integration-testing/Integration testing Integration Testing - testing interactions between components to ensure they work together correctly. Related Links: Code reviews Documentation generation Functional testing Git Refactoring Unit testinghttps://r0tbyt3.dev/wiki/content/cybersecurity/burp-suite/intercepting-proxy/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/burp-suite/intercepting-proxy/Intercepting Proxy Intercepting Proxy - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Burp Suite Fundamentals Intruder Repeater Scannerhttps://r0tbyt3.dev/wiki/content/embedded-systems/execution-models/interrupt-driven-execution/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/execution-models/interrupt-driven-execution/Interrupt-Driven Execution Interrupt-Driven Execution - firmware architecture where hardware interrupt service routines respond to peripheral events asynchronously with the main execution flow. Related Links: Cooperative Scheduling Event-Driven and State-Machine Models Failure Recovery Models Hybrid Polling and Interrupt Models ISR-to-Task Communication Patterns Power-Aware Execution Strategies Preemptive RTOS Scheduling Real-Time Constraints, Latency, and Jitter Shared-State Synchronization and Concurrency Safety Superloop Task Priorities and Deadline Handlinghttps://r0tbyt3.dev/wiki/content/embedded-systems/architectures/arm-m-profile/interruptions/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/architectures/arm-m-profile/interruptions/Interruptions Interruptions - hardware interrupt signals on Cortex-M that trigger IRQ handlers via the NVIC, including priority management, nesting, and tail-chaining behavior. Related Links: Boot Flow on Cortex-M Exceptions MPU Usage Patterns NVIC TrustZone-Mhttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/amsi-bypass/introduction-to-amsi/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/amsi-bypass/introduction-to-amsi/Introduction to AMSI Introduction to AMSI - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AMSI Bypass Byte Patching AMSI Evasion AMSI Evasion via Hardware Breakpoint Hooks AMSI Evasion via Patching Patchless AMSI Bypass via Hardware Breakpointshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/page-design-and-delivery/introduction-to-apache-mod-rewrite/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/page-design-and-delivery/introduction-to-apache-mod-rewrite/Introduction to Apache Mod Rewrite Introduction to Apache Mod Rewrite - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: ClickFix Run Dialog Alternatives Cloning Websites via Browser Extension Designing Custom Phishing Pages Integrating Backend Functionality Introduction to ClickFix Introduction to Flask Living Off Trusted Sites (LOTS)https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/beacon-object-files-bof/introduction-to-bof/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/beacon-object-files-bof/introduction-to-bof/Introduction to BOF Introduction to BOF - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: BOF Execution LSASS Dump BOF Object File Loader with Module Stomping Threadless Shellcode Injection via HWBPs BOF Writing BOF Fileshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/introduction-to-caddy/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/introduction-to-caddy/Introduction to Caddy Introduction to Caddy - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automate Phishing Infrastructure Ansible Automate Phishing Infrastructure Terraform Database Setup MySQL Deploying Phishing Infrastructure Domain and DNS Configuration Improving Domain Reputation Domain Aging Improving Domain Reputation Domain Categorization Improving Domain Reputation Web Traffic OPSEC Failure Directory Listing Performing Input Validation Protecting Phishing Servers via Caddy Protecting Phishing Servers via Mod Rewrite Secure SSH Configuration Securing Server Blocking Direct IP Access Securing Server Removing Verbose Information Securing Server Restrict HTTP Access Securing Server via Cloudflare Serverless Phishing Cloudflare Worker SSL Configuration Comodo SSL SSL Configuration Lets Encrypt Web Server Setup Apache PHP Web Server Setup Nginx Flask Wildcard Certificate via Lets Encrypthttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/page-design-and-delivery/introduction-to-clickfix/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/page-design-and-delivery/introduction-to-clickfix/Introduction to ClickFix Introduction to ClickFix - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: ClickFix Run Dialog Alternatives Cloning Websites via Browser Extension Designing Custom Phishing Pages Integrating Backend Functionality Introduction to Apache Mod Rewrite Introduction to Flask Living Off Trusted Sites (LOTS)https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/introduction-to-dll-sideloading/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/introduction-to-dll-sideloading/Introduction to DLL Sideloading Introduction to DLL Sideloading - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/introduction-to-edrs/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/introduction-to-edrs/Introduction to EDRs Introduction to EDRs - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/sleep-obfuscation/introduction-to-ekko-sleep-obfuscation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/sleep-obfuscation/introduction-to-ekko-sleep-obfuscation/Introduction to Ekko Sleep Obfuscation Introduction to Ekko Sleep Obfuscation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ekko Sleep Obfuscation with Control Flow Guard Ekko Sleep Obfuscation with Restored File Section Protections Ekko Sleep Obfuscation with RtlEncryptMemory and RtlDecryptMemory Ekko Sleep Obfuscation with Stack Spoofing Heap Encryption with Ekko Sleep Obfuscation Introduction to Foliage Sleep Obfuscation Introduction to Sleep Obfuscation PEfluctuation Zilean Sleep Obfuscation with Stack Duplicationhttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/introduction-to-etw/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/introduction-to-etw/Introduction to ETW Introduction to ETW - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: ETW Bypass Byte Patching ETW Bypass Improved Patching ETW Discovering ETW Tools ETW Evasion ETW Evasion via NtTraceEvent Patching ETW Evasion via Patching ETW Evasion via Patching EtwpEventWrite ETW Evasion via Patching EtwpEventWrite v2 ETW Evasion via WinAPIs Patching ETW Provider Session Hijacking Patchless ETW Bypass via Hardware Breakpointshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/page-design-and-delivery/introduction-to-flask/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/page-design-and-delivery/introduction-to-flask/Introduction to Flask Introduction to Flask - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: ClickFix Run Dialog Alternatives Cloning Websites via Browser Extension Designing Custom Phishing Pages Integrating Backend Functionality Introduction to Apache Mod Rewrite Introduction to ClickFix Living Off Trusted Sites (LOTS)https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/sleep-obfuscation/introduction-to-foliage-sleep-obfuscation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/sleep-obfuscation/introduction-to-foliage-sleep-obfuscation/Introduction to Foliage Sleep Obfuscation Introduction to Foliage Sleep Obfuscation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ekko Sleep Obfuscation with Control Flow Guard Ekko Sleep Obfuscation with Restored File Section Protections Ekko Sleep Obfuscation with RtlEncryptMemory and RtlDecryptMemory Ekko Sleep Obfuscation with Stack Spoofing Heap Encryption with Ekko Sleep Obfuscation Introduction to Ekko Sleep Obfuscation Introduction to Sleep Obfuscation PEfluctuation Zilean Sleep Obfuscation with Stack Duplicationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/introduction-to-havoc-c2/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/introduction-to-havoc-c2/Introduction to Havoc C2 Introduction to Havoc C2 - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/introduction-to-keylogging/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/introduction-to-keylogging/Introduction to Keylogging Introduction to Keylogging - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/introduction-to-lsass-dumping/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/introduction-to-lsass-dumping/Introduction to LSASS Dumping Introduction to LSASS Dumping - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/introduction-to-masm-assembly/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/introduction-to-masm-assembly/Introduction to MASM Assembly Introduction to MASM Assembly - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/nginx/introduction-to-nginx-capabilities/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/nginx/introduction-to-nginx-capabilities/Introduction to Nginx Capabilities Introduction to Nginx Capabilities - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Nginx Demo Reverse Proxying Nginx Fundamentals Protecting Phishing Servers via Nginxhttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/introduction-to-phishing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/introduction-to-phishing/Introduction to Phishing Introduction to Phishing - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AitM and MFA Bypass Anti-Bot Email Attachments and Phishing Campaigns HTML Smuggling Infrastructure Page Design and Delivery Phishing Anti-Analysis Phishing Requirementshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/sleep-obfuscation/introduction-to-sleep-obfuscation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/sleep-obfuscation/introduction-to-sleep-obfuscation/Introduction to Sleep Obfuscation Introduction to Sleep Obfuscation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ekko Sleep Obfuscation with Control Flow Guard Ekko Sleep Obfuscation with Restored File Section Protections Ekko Sleep Obfuscation with RtlEncryptMemory and RtlDecryptMemory Ekko Sleep Obfuscation with Stack Spoofing Heap Encryption with Ekko Sleep Obfuscation Introduction to Ekko Sleep Obfuscation Introduction to Foliage Sleep Obfuscation PEfluctuation Zilean Sleep Obfuscation with Stack Duplicationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/introduction-to-the-windows-os/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/introduction-to-the-windows-os/Introduction to the Windows OS Introduction to the Windows OS - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/persistence/introduction-to-windows-persistence/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/persistence/introduction-to-windows-persistence/Introduction to Windows Persistence Introduction to Windows Persistence - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Abusing WMI for Persistence Persistence via COM Object Hijacking Persistence via Electron Applications Persistence via File System Persistence via Startup Folder Persistence via Windows Registry Persistence via Windows Services Persistence via Windows Taskshttps://r0tbyt3.dev/wiki/content/cybersecurity/burp-suite/intruder/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/burp-suite/intruder/Intruder Intruder - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Burp Suite Fundamentals Intercepting Proxy Repeater Scannerhttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/invisible-proxy-opsec-considerations/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/invisible-proxy-opsec-considerations/Invisible Proxy OPSEC Considerations Invisible Proxy OPSEC Considerations - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Adversary in the Middle (AitM) via Evilginx Customizing Evilginx OPSEC Configuration Dynamic Device Code Phishing Evilginx Phishlet Development Evilginx URL Rewriting GitHub Device Code Phishing GitLab Device Code Phishing Illicit Consent Grant Manual TOTP Harvesting MFA Bypass Azure AitM Phishing MFA Bypass Building an Invisible Proxy MFA Bypass Building an Invisible Proxy via Cloudflare Workers Microsoft Device Code Phishing Protecting Evilginx Server via Caddyhttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/ip-address-whitelisting/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/ip-address-whitelisting/IP Address Whitelisting IP Address Whitelisting - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/linux-operating-system/ipconfig-and-ifconfig/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/linux-operating-system/ipconfig-and-ifconfig/Ipconfig and Ifconfig Ipconfig and Ifconfig - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Kali vs Parrot vs BlackArch vs Qubes Linux Fundamentals Pinghttps://r0tbyt3.dev/wiki/content/embedded-systems/architectures/cpu-core-concepts/isa/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/architectures/cpu-core-concepts/isa/ISA ISA - the Instruction Set Architecture defining the set of operations a processor can execute, including encoding formats, addressing modes, and the programmer-visible register model. Related Links: Privilege Levelshttps://r0tbyt3.dev/wiki/content/embedded-systems/execution-models/isr-to-task-communication-patterns/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/execution-models/isr-to-task-communication-patterns/ISR-to-Task Communication Patterns ISR-to-Task Communication Patterns - mechanisms for safely passing data and signals from interrupt service routines to application-level tasks. Related Links: Cooperative Scheduling Event-Driven and State-Machine Models Failure Recovery Models Hybrid Polling and Interrupt Models Interrupt-Driven Execution Power-Aware Execution Strategies Preemptive RTOS Scheduling Real-Time Constraints, Latency, and Jitter Shared-State Synchronization and Concurrency Safety Superloop Task Priorities and Deadline Handlinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/ja3-ja3s-fingerprinting/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/ja3-ja3s-fingerprinting/JA3 JA3S Fingerprinting JA3 JA3S Fingerprinting - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ad Blocker Detection Anti-Bot Library Anti-Bot via Advanced JA4 Analysis Anti-Bot via CAPTCHA Anti-Bot via Improper Window Size Anti-Bot via User Agent Filtering Anti-Bot via User Agent Spoofing Detection Anti-Bot via User Interaction Client Analysis via Cloudflare Workers Client Logging Library Collecting and Analyzing Bot Telemetry Collecting and Analyzing JA4 Bot Telemetry Detecting Headless Browsers via WebDriver Property Incognito Mode Detection JA4 Analysis Blacklisting JA4 Fingerprints JA4 Analysis Blacklisting Partial JA4 Fingerprints JA4 Analysis Calculating JA4 Fingerprints JA4 Analysis Whitelisting Partial JA4 Fingerprints JA4 JA4S Fingerprinting JARM Fingerprintinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/ja4-analysis-blacklisting-ja4-fingerprints/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/ja4-analysis-blacklisting-ja4-fingerprints/JA4 Analysis Blacklisting JA4 Fingerprints JA4 Analysis Blacklisting JA4 Fingerprints - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ad Blocker Detection Anti-Bot Library Anti-Bot via Advanced JA4 Analysis Anti-Bot via CAPTCHA Anti-Bot via Improper Window Size Anti-Bot via User Agent Filtering Anti-Bot via User Agent Spoofing Detection Anti-Bot via User Interaction Client Analysis via Cloudflare Workers Client Logging Library Collecting and Analyzing Bot Telemetry Collecting and Analyzing JA4 Bot Telemetry Detecting Headless Browsers via WebDriver Property Incognito Mode Detection JA3 JA3S Fingerprinting JA4 Analysis Blacklisting Partial JA4 Fingerprints JA4 Analysis Calculating JA4 Fingerprints JA4 Analysis Whitelisting Partial JA4 Fingerprints JA4 JA4S Fingerprinting JARM Fingerprintinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/ja4-analysis-blacklisting-partial-ja4-fingerprints/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/ja4-analysis-blacklisting-partial-ja4-fingerprints/JA4 Analysis Blacklisting Partial JA4 Fingerprints JA4 Analysis Blacklisting Partial JA4 Fingerprints - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ad Blocker Detection Anti-Bot Library Anti-Bot via Advanced JA4 Analysis Anti-Bot via CAPTCHA Anti-Bot via Improper Window Size Anti-Bot via User Agent Filtering Anti-Bot via User Agent Spoofing Detection Anti-Bot via User Interaction Client Analysis via Cloudflare Workers Client Logging Library Collecting and Analyzing Bot Telemetry Collecting and Analyzing JA4 Bot Telemetry Detecting Headless Browsers via WebDriver Property Incognito Mode Detection JA3 JA3S Fingerprinting JA4 Analysis Blacklisting JA4 Fingerprints JA4 Analysis Calculating JA4 Fingerprints JA4 Analysis Whitelisting Partial JA4 Fingerprints JA4 JA4S Fingerprinting JARM Fingerprintinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/ja4-analysis-calculating-ja4-fingerprints/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/ja4-analysis-calculating-ja4-fingerprints/JA4 Analysis Calculating JA4 Fingerprints JA4 Analysis Calculating JA4 Fingerprints - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ad Blocker Detection Anti-Bot Library Anti-Bot via Advanced JA4 Analysis Anti-Bot via CAPTCHA Anti-Bot via Improper Window Size Anti-Bot via User Agent Filtering Anti-Bot via User Agent Spoofing Detection Anti-Bot via User Interaction Client Analysis via Cloudflare Workers Client Logging Library Collecting and Analyzing Bot Telemetry Collecting and Analyzing JA4 Bot Telemetry Detecting Headless Browsers via WebDriver Property Incognito Mode Detection JA3 JA3S Fingerprinting JA4 Analysis Blacklisting JA4 Fingerprints JA4 Analysis Blacklisting Partial JA4 Fingerprints JA4 Analysis Whitelisting Partial JA4 Fingerprints JA4 JA4S Fingerprinting JARM Fingerprintinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/ja4-analysis-whitelisting-partial-ja4-fingerprints/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/ja4-analysis-whitelisting-partial-ja4-fingerprints/JA4 Analysis Whitelisting Partial JA4 Fingerprints JA4 Analysis Whitelisting Partial JA4 Fingerprints - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ad Blocker Detection Anti-Bot Library Anti-Bot via Advanced JA4 Analysis Anti-Bot via CAPTCHA Anti-Bot via Improper Window Size Anti-Bot via User Agent Filtering Anti-Bot via User Agent Spoofing Detection Anti-Bot via User Interaction Client Analysis via Cloudflare Workers Client Logging Library Collecting and Analyzing Bot Telemetry Collecting and Analyzing JA4 Bot Telemetry Detecting Headless Browsers via WebDriver Property Incognito Mode Detection JA3 JA3S Fingerprinting JA4 Analysis Blacklisting JA4 Fingerprints JA4 Analysis Blacklisting Partial JA4 Fingerprints JA4 Analysis Calculating JA4 Fingerprints JA4 JA4S Fingerprinting JARM Fingerprintinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/ja4-ja4s-fingerprinting/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/ja4-ja4s-fingerprinting/JA4 JA4S Fingerprinting JA4 JA4S Fingerprinting - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ad Blocker Detection Anti-Bot Library Anti-Bot via Advanced JA4 Analysis Anti-Bot via CAPTCHA Anti-Bot via Improper Window Size Anti-Bot via User Agent Filtering Anti-Bot via User Agent Spoofing Detection Anti-Bot via User Interaction Client Analysis via Cloudflare Workers Client Logging Library Collecting and Analyzing Bot Telemetry Collecting and Analyzing JA4 Bot Telemetry Detecting Headless Browsers via WebDriver Property Incognito Mode Detection JA3 JA3S Fingerprinting JA4 Analysis Blacklisting JA4 Fingerprints JA4 Analysis Blacklisting Partial JA4 Fingerprints JA4 Analysis Calculating JA4 Fingerprints JA4 Analysis Whitelisting Partial JA4 Fingerprints JARM Fingerprintinghttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/jail-breaking/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/jail-breaking/Jail Breaking Jail Breaking - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AlwaysInstallElevated Privilege Escalation Check Brute Force vs Password Spraying Windows Check HKCU AlwaysInstallElevated Check HKLM AlwaysInstallElevated DLL Hijacking Elevate Process to SYSTEM Enable SeDebugPrivilege Exploitation Enable WDigest for Credential Capture Lateral Movement Techniques Living Off the Land (LOTL) Techniques Maintaining Persistence Techniques Move File to Startup Folder Persistence via Startup Folder Privilege Escalation Techniques Python Jail Breaking Registry Kill Switchhttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/jarm-fingerprinting/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/anti-bot/jarm-fingerprinting/JARM Fingerprinting JARM Fingerprinting - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ad Blocker Detection Anti-Bot Library Anti-Bot via Advanced JA4 Analysis Anti-Bot via CAPTCHA Anti-Bot via Improper Window Size Anti-Bot via User Agent Filtering Anti-Bot via User Agent Spoofing Detection Anti-Bot via User Interaction Client Analysis via Cloudflare Workers Client Logging Library Collecting and Analyzing Bot Telemetry Collecting and Analyzing JA4 Bot Telemetry Detecting Headless Browsers via WebDriver Property Incognito Mode Detection JA3 JA3S Fingerprinting JA4 Analysis Blacklisting JA4 Fingerprints JA4 Analysis Blacklisting Partial JA4 Fingerprints JA4 Analysis Calculating JA4 Fingerprints JA4 Analysis Whitelisting Partial JA4 Fingerprints JA4 JA4S Fingerprintinghttps://r0tbyt3.dev/wiki/content/backend-engineering/databases/sql/join-queries/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/sql/join-queries/Join queries Join Queries - SQL operations combining rows from two or more tables based on related columns. Related Links: Advanced SQL Aggregate queries Common table expressions (CTEs) Dynamic SQL Pivot and unpivot operations Recursive queries Select, insert, delete, update statements Stored procedures and triggers Subqueries Views Window functionshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/js-string-hashing-algorithm/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/js-string-hashing-algorithm/JS String Hashing Algorithm JS String Hashing Algorithm - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/js-string-hashing-algorithm-ascii/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/js-string-hashing-algorithm-ascii/JS String Hashing Algorithm ASCII JS String Hashing Algorithm ASCII - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/js-string-hashing-syscalls-hash-values-nt/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/js-string-hashing-syscalls-hash-values-nt/JS String Hashing Syscalls Hash Values NT JS String Hashing Syscalls Hash Values NT - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/js-syscalls-hash-values-zw/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/js-syscalls-hash-values-zw/JS Syscalls Hash Values ZW JS Syscalls Hash Values ZW - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/js-winapis-hash-values/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/js-winapis-hash-values/JS WinAPIs Hash Values JS WinAPIs Hash Values - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/firewalls/jump-server/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/firewalls/jump-server/Jump Server Jump Server - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: DMZ Firewalls Overview Honeypots Microsegmentation Network Segmentation Port Blocking Zero Trust Architecturehttps://r0tbyt3.dev/wiki/content/cybersecurity/linux-operating-system/kali-vs-parrot-vs-blackarch-vs-qubes/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/linux-operating-system/kali-vs-parrot-vs-blackarch-vs-qubes/Kali vs Parrot vs BlackArch vs Qubes Kali vs Parrot vs BlackArch vs Qubes - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ipconfig and Ifconfig Linux Fundamentals Pinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/kernel-modules-enumeration-via-auxklibquerymoduleinformation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/kernel-modules-enumeration-via-auxklibquerymoduleinformation/Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via AuxKlibQueryModuleInformation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/kernel-modules-enumeration-via-psloadedmodulelist/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/kernel-modules-enumeration-via-psloadedmodulelist/Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via PsLoadedModuleList - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/kernel-modules-enumeration-via-zwquerysysteminformation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/kernel-modules-enumeration-via-zwquerysysteminformation/Kernel Modules Enumeration via ZwQuerySystemInformation Kernel Modules Enumeration via ZwQuerySystemInformation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-types/key-value/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-types/key-value/Key value Key-Value Stores - simplest NoSQL database form storing data as key-value pairs for fast lookups. Related Links: Column dbs Document dbs Elasticsearch Graphdbs Memcached Non-relational databases NoSQL databases Redis Relational databases Search engines Solr Time series dbs Vector databaseshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/knowndll-cache-poisoning-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/knowndll-cache-poisoning-injection/KnownDLL Cache Poisoning Injection KnownDLL Cache Poisoning Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/backend-engineering/system-design/scalability-and-infrastructure/kubernetes/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/system-design/scalability-and-infrastructure/kubernetes/Kubernetes Kubernetes - container orchestration system for automating deployment, scaling, and management of containerized apps. Related Links: Building for scale Caching Caching Fundamentals Docker Instrumentation and monitoring Profiling performance System Design Fundamentals Telemetryhttps://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/containers-and-kubernetes/kubernetes-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/containers-and-kubernetes/kubernetes-fundamentals/Kubernetes Fundamentals Kubernetes Fundamentals - orchestrating containerized workloads with pods, deployments, services, and ingress controllers. Related Links: Container Fundamentals Container Scanning Tools Docker Security Kubernetes Security Kubernetes Security Basicshttps://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/containers-and-kubernetes/kubernetes-security/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/containers-and-kubernetes/kubernetes-security/Kubernetes Security Kubernetes Security - securing Kubernetes clusters through network policies, secrets management, and runtime protection. Related Links: Container Fundamentals Container Scanning Tools Docker Security Kubernetes Fundamentals Kubernetes Security Basicshttps://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/containers-and-kubernetes/kubernetes-security-basics/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/containers-and-kubernetes/kubernetes-security-basics/Kubernetes Security Basics Kubernetes Security Basics - foundational K8s security controls including RBAC, network policies, and admission controllers. Related Links: Container Fundamentals Container Scanning Tools Docker Security Kubernetes Fundamentals Kubernetes Securityhttps://r0tbyt3.dev/wiki/labs/lab-home/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/labs/lab-home/Tracks Crackmes.one Hack the Box Portswigger Academy RingZer0 CTF TryHackMe Related Home Cybersecurity DevOps and Platform Engineering Embedded Systems Backend Engineeringhttps://r0tbyt3.dev/wiki/content/backend-engineering/python/language-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/python/language-fundamentals/Language Fundamentals Language Fundamentals - core Python syntax, operators, data types, and functional programming constructs. Advanced functions Basic keywords Basic operators Basic data types Related Links: AI and LLMs Software Engineeringhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/lateral-movement-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/lateral-movement-techniques/Lateral Movement Techniques Lateral Movement Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AlwaysInstallElevated Privilege Escalation Check Brute Force vs Password Spraying Windows Check HKCU AlwaysInstallElevated Check HKLM AlwaysInstallElevated DLL Hijacking Elevate Process to SYSTEM Enable SeDebugPrivilege Exploitation Enable WDigest for Credential Capture Jail Breaking Living Off the Land (LOTL) Techniques Maintaining Persistence Techniques Move File to Startup Folder Persistence via Startup Folder Privilege Escalation Techniques Python Jail Breaking Registry Kill Switchhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/ldap-query/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/ldap-query/LDAP Query LDAP Query - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/library-proxy-loading/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/library-proxy-loading/Library Proxy Loading Library Proxy Loading - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/backend-engineering/dsa/data-structures/linked-lists/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/dsa/data-structures/linked-lists/Linked Lists Linked Lists - node-based dynamic data structure with O(1) insertion at known positions and O(n) access by index. Related Links: Arrays Binary Search Trees Graphs Hash Tables Heaps Queues Sets Stacks Strings Trees Trieshttps://r0tbyt3.dev/wiki/content/cybersecurity/linux-operating-system/linux-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/linux-operating-system/linux-fundamentals/Linux Fundamentals Linux Fundamentals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ipconfig and Ifconfig Kali vs Parrot vs BlackArch vs Qubes Pinghttps://r0tbyt3.dev/wiki/content/cybersecurity/linux-operating-system/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/linux-operating-system/Linux Operating System Linux Operating System - Linux fundamentals, administration, and command-line tools used in cybersecurity operations and penetration testing environments. Ipconfig and Ifconfig Kali vs Parrot vs BlackArch vs Qubes Linux Fundamentals Ping Related Links: Application Security Bash Burp Suite Cryptography Cybersecurity Encryption Firewalls Ghidra Hashing Incident Response and Forensics Information Security Models Malware Analysis Malware Development Network Security Nginx Nmap Obfuscation and Detection Evasion Offensive Phishing Operations Ransomware SOC and Detection Engineering Social Engineering Threat Modeling Windows Security and Administration Wiresharkhttps://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/infrastructure-as-code/server-administration/linux-security-and-hardening/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/infrastructure-as-code/server-administration/linux-security-and-hardening/Linux Security and Hardening Linux Security and Hardening - reducing attack surface on Linux servers through permissions, kernel parameters, and audit logging. Related Links: Firewall Configuration Linux Server Administration SSH Windows Security and Hardening Windows Server Administrationhttps://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/infrastructure-as-code/server-administration/linux-server-administration/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/infrastructure-as-code/server-administration/linux-server-administration/Linux Server Administration Linux Server Administration - managing Linux systems including package management, process control, storage, and networking. Related Links: Firewall Configuration Linux Security and Hardening SSH Windows Security and Hardening Windows Server Administrationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/list-smb-files/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/list-smb-files/List SMB Files List SMB Files - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/living-off-the-land-lotl-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/living-off-the-land-lotl-techniques/Living Off the Land (LOTL) Techniques Living Off the Land (LOTL) Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AlwaysInstallElevated Privilege Escalation Check Brute Force vs Password Spraying Windows Check HKCU AlwaysInstallElevated Check HKLM AlwaysInstallElevated DLL Hijacking Elevate Process to SYSTEM Enable SeDebugPrivilege Exploitation Enable WDigest for Credential Capture Jail Breaking Lateral Movement Techniques Maintaining Persistence Techniques Move File to Startup Folder Persistence via Startup Folder Privilege Escalation Techniques Python Jail Breaking Registry Kill Switchhttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/page-design-and-delivery/living-off-trusted-sites-lots/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/page-design-and-delivery/living-off-trusted-sites-lots/Living Off Trusted Sites (LOTS) Living Off Trusted Sites (LOTS) - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: ClickFix Run Dialog Alternatives Cloning Websites via Browser Extension Designing Custom Phishing Pages Integrating Backend Functionality Introduction to Apache Mod Rewrite Introduction to ClickFix Introduction to Flaskhttps://r0tbyt3.dev/wiki/content/backend-engineering/concurrency/loadshifting/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/concurrency/loadshifting/Loadshifting Load Shifting - redistributing workload across time or resources to avoid processing bottlenecks. Related Links: Backpressure Circuit breakers Event-driven architecture Failure modes Graceful degradation Rate limiting Real time data Realtime Server sent events short polling Streaming Throttling Websocketshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/local-apc-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/local-apc-injection/Local APC Injection Local APC Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/local-dll-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/local-dll-injection/Local DLL Injection Local DLL Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/local-function-stomping/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/local-function-stomping/Local Function Stomping Local Function Stomping - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/local-mapping-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/local-mapping-injection/Local Mapping Injection Local Mapping Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/local-payload-execution/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/local-payload-execution/Local Payload Execution Local Payload Execution - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/local-pe-execution/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/local-pe-execution/Local PE Execution Local PE Execution - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/local-shellcode-execution/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/local-shellcode-execution/Local Shellcode Execution Local Shellcode Execution - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/physical-social-engineering/lock-picking/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/physical-social-engineering/lock-picking/Lock Picking Lock Picking - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Dumpster Diving Impersonation Techniques Pretextinghttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/covering-tracks/log-tampering-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/covering-tracks/log-tampering-techniques/Log Tampering Techniques Log Tampering Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Forensic Techniques Covering Tracks Techniques Data Destruction Techniques File Time Stomping Self-Deletion Techniques Shadow Copy Deletion Timestomping Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/lookup-privilege-value-ms-lsad/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/lookup-privilege-value-ms-lsad/Lookup Privilege Value MS-LSAD Lookup Privilege Value MS-LSAD - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/beacon-object-files-bof/lsass-dump-bof/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/beacon-object-files-bof/lsass-dump-bof/LSASS Dump BOF LSASS Dump BOF - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: BOF Execution Introduction to BOF Object File Loader with Module Stomping Threadless Shellcode Injection via HWBPs BOF Writing BOF Fileshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/lsass-dump-via-handle-duplication/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/lsass-dump-via-handle-duplication/LSASS Dump via Handle Duplication LSASS Dump via Handle Duplication - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/lsass-dump-via-minidumpwritedump/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/lsass-dump-via-minidumpwritedump/LSASS Dump via MiniDumpWriteDump LSASS Dump via MiniDumpWriteDump - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/lsass-dump-via-rtlreportsilentprocessexit/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/lsass-dump-via-rtlreportsilentprocessexit/LSASS Dump via RtlReportSilentProcessExit LSASS Dump via RtlReportSilentProcessExit - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/lsass-dump-via-seclogon-race-condition/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/lsass-dump-via-seclogon-race-condition/LSASS Dump via SecLogon Race Condition LSASS Dump via SecLogon Race Condition - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/maintaining-persistence-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/maintaining-persistence-techniques/Maintaining Persistence Techniques Maintaining Persistence Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AlwaysInstallElevated Privilege Escalation Check Brute Force vs Password Spraying Windows Check HKCU AlwaysInstallElevated Check HKLM AlwaysInstallElevated DLL Hijacking Elevate Process to SYSTEM Enable SeDebugPrivilege Exploitation Enable WDigest for Credential Capture Jail Breaking Lateral Movement Techniques Living Off the Land (LOTL) Techniques Move File to Startup Folder Persistence via Startup Folder Privilege Escalation Techniques Python Jail Breaking Registry Kill Switchhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-analysis/maltego/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-analysis/maltego/Maltego Maltego - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analysis Methods Automated Malware Analysis Memory Leaks Metasploit Reverse Engineering Urlvoid Virustotalhttps://r0tbyt3.dev/wiki/content/cybersecurity/soc-and-detection-engineering/siem-and-tools/maltego/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/soc-and-detection-engineering/siem-and-tools/maltego/Maltego Maltego - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Hayabusa SIEM Fundamentals Splunkhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-analysis/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-analysis/Malware Analysis Malware Analysis - the process of examining malicious software to understand its behavior, functionality, origin, and impact on affected systems. Analysis Methods Automated Malware Analysis Maltego Memory Leaks Metasploit Reverse Engineering Urlvoid Virustotal Related Links: Application Security Bash Burp Suite Cryptography Cybersecurity Encryption Firewalls Ghidra Hashing Incident Response and Forensics Information Security Models Linux Operating System Malware Development Network Security Nginx Nmap Obfuscation and Detection Evasion Offensive Phishing Operations Ransomware SOC and Detection Engineering Social Engineering Threat Modeling Windows Security and Administration Wiresharkhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-analysis/analysis-methods/malware-analysis-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-analysis/analysis-methods/malware-analysis-techniques/Malware Analysis Techniques Malware Analysis Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Dynamic Analysis Static Analysishttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/malware-binary-signing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/malware-binary-signing/Malware Binary Signing Malware Binary Signing - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/malware-binary-signing-obfuscation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/malware-binary-signing-obfuscation/Malware Binary Signing Obfuscation Malware Binary Signing Obfuscation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/malware-compiling/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/malware-compiling/Malware Compiling Malware Compiling - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/Malware Concepts Malware Concepts - foundational knowledge about malware types, behaviors, and development techniques used in offensive security research. Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templates Related Links: Beacon Object Files (BOF) C2 and Networking Credential Dumping Payload and PE Persistence Process Injection Sleep Obfuscation Windows Internalshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/Malware Development Malware Development - the study of techniques used to create, deploy, and operate malicious software including loaders, implants, and post-exploitation tools. Beacon Object Files (BOF) C2 and Networking Credential Dumping Malware Concepts Payload and PE Persistence Process Injection Sleep Obfuscation Windows Internals Related Links: Application Security Bash Burp Suite Cryptography Cybersecurity Encryption Firewalls Ghidra Hashing Incident Response and Forensics Information Security Models Linux Operating System Malware Analysis Network Security Nginx Nmap Obfuscation and Detection Evasion Offensive Phishing Operations Ransomware SOC and Detection Engineering Social Engineering Threat Modeling Windows Security and Administration Wiresharkhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/malware-development-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/malware-development-techniques/Malware Development Techniques Malware Development Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/malware-directory-placement/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/malware-directory-placement/Malware Directory Placement Malware Directory Placement - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/malware-kill-date/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/malware-kill-date/Malware Kill Date Malware Kill Date - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/malware-working-hours/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/malware-working-hours/Malware Working Hours Malware Working Hours - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/manual-totp-harvesting/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/manual-totp-harvesting/Manual TOTP Harvesting Manual TOTP Harvesting - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Adversary in the Middle (AitM) via Evilginx Customizing Evilginx OPSEC Configuration Dynamic Device Code Phishing Evilginx Phishlet Development Evilginx URL Rewriting GitHub Device Code Phishing GitLab Device Code Phishing Illicit Consent Grant Invisible Proxy OPSEC Considerations MFA Bypass Azure AitM Phishing MFA Bypass Building an Invisible Proxy MFA Bypass Building an Invisible Proxy via Cloudflare Workers Microsoft Device Code Phishing Protecting Evilginx Server via Caddyhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/manually-mapping-api-set-names/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/manually-mapping-api-set-names/Manually Mapping API Set Names Manually Mapping API Set Names - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/backend-engineering/security/cryptography/md5/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/security/cryptography/md5/MD5 MD5 - cryptographic hash function producing a 128-bit digest, now considered insecure for security use. Related Links: Argon2 Bcrypt Hashing algorithms Scrypt SHA-1 SHA-256 TLShttps://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-types/memcached/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-types/memcached/Memcached Memcached - distributed memory caching system for speeding up dynamic web applications. Related Links: Column dbs Document dbs Elasticsearch Graphdbs Key value Non-relational databases NoSQL databases Redis Relational databases Search engines Solr Time series dbs Vector databaseshttps://r0tbyt3.dev/wiki/content/embedded-systems/architectures/memory-architecture/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/architectures/memory-architecture/Memory Architecture Memory Architecture - the organization of instruction and data memory in embedded processors, including the distinctions between Harvard and Von Neumann architectures and their trade-offs. Harvard Von Neumann Related Links: Arm M-profile Bus Fabrics and On-Chip Interconnects CPU Core Concepts Heterogeneous SoCs and Co-processors Power and Clock Domain Architecture RISC-V Single Core vs Multi-Core Architectureshttps://r0tbyt3.dev/wiki/content/cybersecurity/incident-response-and-forensics/digital-forensics/memory-forensics/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/incident-response-and-forensics/digital-forensics/memory-forensics/Memory Forensics Memory Forensics - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Disk Forensics Host Forensics Fundamentalshttps://r0tbyt3.dev/wiki/content/embedded-systems/hardware/memory-hardware/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/hardware/memory-hardware/Memory Hardware Memory Hardware - physical memory devices used in embedded systems including Flash, SRAM, EEPROM, and external memory interfaces. Related Links: Board Bring-Up and Hardware Validation Cables, Connectors, and Physical Interfaces Clocking and Reset Circuits Debug and Programming Hardware Digital and Analog Peripherals Microcontrollers and Selection Criteria Power Regulation and Conversion Power Sources and Power Budgeting Sensors, Actuators, and Driver Components Signal Integrity, Protection, and Level Shiftinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-analysis/memory-leaks/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-analysis/memory-leaks/Memory Leaks Memory Leaks - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analysis Methods Automated Malware Analysis Maltego Metasploit Reverse Engineering Urlvoid Virustotalhttps://r0tbyt3.dev/wiki/content/backend-engineering/dsa/patterns/merge-intervals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/dsa/patterns/merge-intervals/Merge Intervals Merge Intervals - sorting and sweeping through intervals to merge overlapping ranges in O(n log n). Related Links: BFS Pattern Binary Search Pattern DFS Pattern Fast and Slow Pointers Monotonic Stack Sliding Window Top K Elements Two Pointers Union Findhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/metamorphic-malware/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/metamorphic-malware/Metamorphic Malware Metamorphic Malware - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-analysis/metasploit/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-analysis/metasploit/Metasploit Metasploit - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analysis Methods Automated Malware Analysis Maltego Memory Leaks Reverse Engineering Urlvoid Virustotalhttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/mfa-bypass-azure-aitm-phishing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/mfa-bypass-azure-aitm-phishing/MFA Bypass Azure AitM Phishing MFA Bypass Azure AitM Phishing - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Adversary in the Middle (AitM) via Evilginx Customizing Evilginx OPSEC Configuration Dynamic Device Code Phishing Evilginx Phishlet Development Evilginx URL Rewriting GitHub Device Code Phishing GitLab Device Code Phishing Illicit Consent Grant Invisible Proxy OPSEC Considerations Manual TOTP Harvesting MFA Bypass Building an Invisible Proxy MFA Bypass Building an Invisible Proxy via Cloudflare Workers Microsoft Device Code Phishing Protecting Evilginx Server via Caddyhttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/mfa-bypass-building-an-invisible-proxy/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/mfa-bypass-building-an-invisible-proxy/MFA Bypass Building an Invisible Proxy MFA Bypass Building an Invisible Proxy - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Adversary in the Middle (AitM) via Evilginx Customizing Evilginx OPSEC Configuration Dynamic Device Code Phishing Evilginx Phishlet Development Evilginx URL Rewriting GitHub Device Code Phishing GitLab Device Code Phishing Illicit Consent Grant Invisible Proxy OPSEC Considerations Manual TOTP Harvesting MFA Bypass Azure AitM Phishing MFA Bypass Building an Invisible Proxy via Cloudflare Workers Microsoft Device Code Phishing Protecting Evilginx Server via Caddyhttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/mfa-bypass-building-an-invisible-proxy-via-cloudflare-workers/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/mfa-bypass-building-an-invisible-proxy-via-cloudflare-workers/MFA Bypass Building an Invisible Proxy via Cloudflare Workers MFA Bypass Building an Invisible Proxy via Cloudflare Workers - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Adversary in the Middle (AitM) via Evilginx Customizing Evilginx OPSEC Configuration Dynamic Device Code Phishing Evilginx Phishlet Development Evilginx URL Rewriting GitHub Device Code Phishing GitLab Device Code Phishing Illicit Consent Grant Invisible Proxy OPSEC Considerations Manual TOTP Harvesting MFA Bypass Azure AitM Phishing MFA Bypass Building an Invisible Proxy Microsoft Device Code Phishing Protecting Evilginx Server via Caddyhttps://r0tbyt3.dev/wiki/content/embedded-systems/hardware/microcontrollers-and-selection-criteria/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/hardware/microcontrollers-and-selection-criteria/Microcontrollers and Selection Criteria Microcontrollers and Selection Criteria - factors and trade-offs involved in selecting a microcontroller for an embedded application, including performance, power, and peripherals. Related Links: Board Bring-Up and Hardware Validation Cables, Connectors, and Physical Interfaces Clocking and Reset Circuits Debug and Programming Hardware Digital and Analog Peripherals Memory Hardware Power Regulation and Conversion Power Sources and Power Budgeting Sensors, Actuators, and Driver Components Signal Integrity, Protection, and Level Shiftinghttps://r0tbyt3.dev/wiki/content/cybersecurity/firewalls/microsegmentation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/firewalls/microsegmentation/Microsegmentation Microsegmentation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: DMZ Firewalls Overview Honeypots Jump Server Network Segmentation Port Blocking Zero Trust Architecturehttps://r0tbyt3.dev/wiki/content/backend-engineering/system-design/architecture-patterns/microservices/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/system-design/architecture-patterns/microservices/Microservices Microservices - architectural style structuring applications as independently deployable small services. Related Links: Architectural patterns Backend Architecture Monolith Monolith vs Microservices Serverless Serverless computing Service mesh architecture Service meshes Service-oriented architecture (SOA) Twelve-factor apphttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/microsoft-device-code-phishing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/microsoft-device-code-phishing/Microsoft Device Code Phishing Microsoft Device Code Phishing - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Adversary in the Middle (AitM) via Evilginx Customizing Evilginx OPSEC Configuration Dynamic Device Code Phishing Evilginx Phishlet Development Evilginx URL Rewriting GitHub Device Code Phishing GitLab Device Code Phishing Illicit Consent Grant Invisible Proxy OPSEC Considerations Manual TOTP Harvesting MFA Bypass Azure AitM Phishing MFA Bypass Building an Invisible Proxy MFA Bypass Building an Invisible Proxy via Cloudflare Workers Protecting Evilginx Server via Caddyhttps://r0tbyt3.dev/wiki/content/backend-engineering/django/middleware/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/django/middleware/Middleware Middleware - globally applied hooks for processing requests before they reach a view and responses before they are returned. Related Links: Class-Based Views Custom User Model Deployment Django Admin Django Security Django Testing Forms and Validation Function-Based Views Migrations ModelForms Models and ORM Permissions and Groups QuerySets and Managers Settings and Configuration Signals Static Files and Media Templates and Template Tags URL Routing User Authenticationhttps://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-fundamentals/migrations/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-fundamentals/migrations/Migrations Migrations - version-controlled changes to database schema applied incrementally over time. Related Links: ACID CAP theorem Data constraints Data definition language Data integrity and normalization and security Data manipulation language Databases and Data Modeling Normalization ORMs Transactions Transactions and isolation levelshttps://r0tbyt3.dev/wiki/content/backend-engineering/django/migrations/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/django/migrations/Migrations Migrations - Django’s system for propagating model changes to the database schema incrementally and reversibly. Related Links: Class-Based Views Custom User Model Deployment Django Admin Django Security Django Testing Forms and Validation Function-Based Views Middleware ModelForms Models and ORM Permissions and Groups QuerySets and Managers Settings and Configuration Signals Static Files and Media Templates and Template Tags URL Routing User Authenticationhttps://r0tbyt3.dev/wiki/content/backend-engineering/security/web-security/mitigation-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/security/web-security/mitigation-techniques/Mitigation techniques Mitigation Techniques - strategies for reducing the impact or likelihood of security vulnerabilities. Related Links: API security best practices Container security best practices CORS CSP OWASP risks Server securityhttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-attacks/mitm/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-attacks/mitm/MITM MITM - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: DNS Poisoning Network Attacks Overview Packet Sniffing Exploits Spoofing VLAN Hopping VMescape Exploitshttps://r0tbyt3.dev/wiki/content/cybersecurity/soc-and-detection-engineering/detection-engineering/mitre-attck-mapping/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/soc-and-detection-engineering/detection-engineering/mitre-attck-mapping/MITRE ATT&CK Mapping MITRE ATT&CK Mapping - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Detection Engineering Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/mmgetsystemroutineaddress-replacement-string-hashing-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/mmgetsystemroutineaddress-replacement-string-hashing-kernel/Mmgetsystemroutineaddress Replacement String Hashing Kernel Mmgetsystemroutineaddress Replacement String Hashing Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/mmgetsystemroutineaddress-replacement-with-string-hashing-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/mmgetsystemroutineaddress-replacement-with-string-hashing-kernel/Mmgetsystemroutineaddress Replacement with String Hashing Kernel Mmgetsystemroutineaddress Replacement with String Hashing Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/backend-engineering/django/modelforms/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/django/modelforms/ModelForms ModelForms - automatically generated forms tied to Django models for streamlined create and update operations. Related Links: Class-Based Views Custom User Model Deployment Django Admin Django Security Django Testing Forms and Validation Function-Based Views Middleware Migrations Models and ORM Permissions and Groups QuerySets and Managers Settings and Configuration Signals Static Files and Media Templates and Template Tags URL Routing User Authenticationhttps://r0tbyt3.dev/wiki/content/backend-engineering/django/models-and-orm/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/django/models-and-orm/Models and ORM Models and ORM - defining database schema as Python classes and querying with Django’s object-relational mapper. Related Links: Class-Based Views Custom User Model Deployment Django Admin Django Security Django Testing Forms and Validation Function-Based Views Middleware Migrations ModelForms Permissions and Groups QuerySets and Managers Settings and Configuration Signals Static Files and Media Templates and Template Tags URL Routing User Authenticationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/module-overloading/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/module-overloading/Module Overloading Module Overloading - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/module-stomping/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/module-stomping/Module Stomping Module Stomping - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/observability-and-sre/monitoring-and-observability/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/observability-and-sre/monitoring-and-observability/Monitoring and Observability Monitoring and Observability - using metrics, logs, and distributed traces to understand and diagnose system behavior. Related Links: Incident Management for SRE Monitoring Tools Observability Fundamentals SLI SLO SLAhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/monitoring-display-state-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/monitoring-display-state-kernel/Monitoring Display State Kernel Monitoring Display State Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/observability-and-sre/monitoring-tools/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/observability-and-sre/monitoring-tools/Monitoring Tools Monitoring Tools - platforms such as Grafana, Prometheus, Datadog, New Relic, and Splunk for metrics collection and alerting. Related Links: Incident Management for SRE Monitoring and Observability Observability Fundamentals SLI SLO SLAhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/monitoring-user-presence-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/monitoring-user-presence-kernel/Monitoring User Presence Kernel Monitoring User Presence Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/embedded-systems/communication-protocols/monodon-firmware/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/communication-protocols/monodon-firmware/Monodon Firmware Monodon Firmware - firmware implementation and protocol details for the Monodon communication stack. Related Links: CAN Bus I2C SPI UARThttps://r0tbyt3.dev/wiki/content/backend-engineering/system-design/architecture-patterns/monolith/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/system-design/architecture-patterns/monolith/Monolith Monolith - single-tiered software application where all components are tightly coupled into one codebase. Related Links: Architectural patterns Backend Architecture Microservices Monolith vs Microservices Serverless Serverless computing Service mesh architecture Service meshes Service-oriented architecture (SOA) Twelve-factor apphttps://r0tbyt3.dev/wiki/content/backend-engineering/system-design/architecture-patterns/monolith-vs-microservices/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/system-design/architecture-patterns/monolith-vs-microservices/Monolith vs Microservices Monolith vs Microservices - comparison of monolithic and microservice architectural approaches and trade-offs. Related Links: Architectural patterns Backend Architecture Microservices Monolith Serverless Serverless computing Service mesh architecture Service meshes Service-oriented architecture (SOA) Twelve-factor apphttps://r0tbyt3.dev/wiki/content/backend-engineering/dsa/patterns/monotonic-stack/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/dsa/patterns/monotonic-stack/Monotonic Stack Monotonic Stack - stack maintaining elements in monotonic order to solve next greater or smaller element problems in O(n). Related Links: BFS Pattern Binary Search Pattern DFS Pattern Fast and Slow Pointers Merge Intervals Sliding Window Top K Elements Two Pointers Union Findhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/more-c-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/more-c-fundamentals/More C Fundamentals More C Fundamentals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/html-smuggling/motw-bypass-via-filefix-variations/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/html-smuggling/motw-bypass-via-filefix-variations/MOTW Bypass via FileFix Variations MOTW Bypass via FileFix Variations - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing and Evading SmuggleShield HTML Smuggling HTML Smuggling Strategies Integrating Anti-Bot with HTML Smuggling SVG Smuggling WebAssembly Smugglinghttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/move-file-to-startup-folder/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/move-file-to-startup-folder/Move File to Startup Folder Move File to Startup Folder - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AlwaysInstallElevated Privilege Escalation Check Brute Force vs Password Spraying Windows Check HKCU AlwaysInstallElevated Check HKLM AlwaysInstallElevated DLL Hijacking Elevate Process to SYSTEM Enable SeDebugPrivilege Exploitation Enable WDigest for Credential Capture Jail Breaking Lateral Movement Techniques Living Off the Land (LOTL) Techniques Maintaining Persistence Techniques Persistence via Startup Folder Privilege Escalation Techniques Python Jail Breaking Registry Kill Switchhttps://r0tbyt3.dev/wiki/content/embedded-systems/architectures/arm-m-profile/mpu-usage-patterns/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/architectures/arm-m-profile/mpu-usage-patterns/MPU Usage Patterns MPU Usage Patterns - common configurations of the Cortex-M Memory Protection Unit to enforce privilege separation, protect stack regions, and prevent unauthorized memory access. Related Links: Boot Flow on Cortex-M Exceptions Interruptions NVIC TrustZone-Mhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/ms-rprn-abuse/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/ms-rprn-abuse/MS-RPRN Abuse MS-RPRN Abuse - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/msgwaitformultipleobjectsex-alertable-function/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/msgwaitformultipleobjectsex-alertable-function/MsgWaitForMultipleObjectsEx Alertable Function MsgWaitForMultipleObjectsEx Alertable Function - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/backend-engineering/security/authentication/multi-factor-authentication-mfa/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/security/authentication/multi-factor-authentication-mfa/Multi-factor authentication (MFA) Multi-Factor Authentication - security process requiring two or more verification methods to authenticate users. Related Links: Authentication and Authorization AuthN vs AuthZ Password-based authentication Session and Token Security Token-based authenticationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/multiple-alertable-functions/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/multiple-alertable-functions/Multiple Alertable Functions Multiple Alertable Functions - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/multiple-anti-debugging-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/multiple-anti-debugging-techniques/Multiple Anti-Debugging Techniques Multiple Anti-Debugging Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/multiple-anti-debugging-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/multiple-anti-debugging-techniques/Multiple Anti-Debugging Techniques Multiple Anti-Debugging Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/multiple-function-replacements/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/multiple-function-replacements/Multiple Function Replacements Multiple Function Replacements - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/multiple-getmodulehandle-replacement-functions/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/multiple-getmodulehandle-replacement-functions/Multiple GetModuleHandle Replacement Functions Multiple GetModuleHandle Replacement Functions - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/hashing/multiple-hashing-algorithms/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/hashing/multiple-hashing-algorithms/Multiple Hashing Algorithms Multiple Hashing Algorithms - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: CRC DJB2 Lose Lose Hashing Algorithms Hashing Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/multiple-payload-execution-control-methods/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/multiple-payload-execution-control-methods/Multiple Payload Execution Control Methods Multiple Payload Execution Control Methods - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/murmurhash3-string-hashing-algorithm/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/murmurhash3-string-hashing-algorithm/MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/murmurhash3-string-hashing-algorithm-ascii/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/murmurhash3-string-hashing-algorithm-ascii/MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Algorithm ASCII - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/murmurhash3-string-hashing-syscalls-hash-values-nt/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/murmurhash3-string-hashing-syscalls-hash-values-nt/MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 String Hashing Syscalls Hash Values NT - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/murmurhash3-syscalls-hash-values-zw/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/murmurhash3-syscalls-hash-values-zw/MurmurHash3 Syscalls Hash Values ZW MurmurHash3 Syscalls Hash Values ZW - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/murmurhash3-winapis-hash-values/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/murmurhash3-winapis-hash-values/MurmurHash3 WinAPIs Hash Values MurmurHash3 WinAPIs Hash Values - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-performance/n+1-query-problem/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-performance/n+1-query-problem/N+1 query problem N+1 Query Problem - performance antipattern causing excessive database queries in ORM-based code. Related Links: Data replication Database index Database scaling Indexes and performance optimization Indexing and Query Performance Performance tuning and query optimization Shardinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/named-pipes/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/named-pipes/Named Pipes Named Pipes - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/near-field-communication-nfc-exploits/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/near-field-communication-nfc-exploits/Near-Field Communication (NFC) Exploits Near-Field Communication (NFC) Exploits - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Acoustic Communication Exploits Bluetooth Exploits Deauth Evil Twin Attacks Infrared Exploits Power Line Communication Exploits Quantum Communication Exploits Radio Frequency Exploits Rogue Access Point Satellite Communication Exploits Ultrasonic Communication Exploits Visible Light Communication Exploits WiFi Exploitshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/net-assemblies-patching-systemenvironment.exit/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/net-assemblies-patching-systemenvironment.exit/NET Assemblies Patching SystemEnvironment.Exit NET Assemblies Patching SystemEnvironment.Exit - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-attacks/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-attacks/Network Attacks Network Attacks - offensive techniques targeting network infrastructure, protocols, and data in transit to intercept, disrupt, or manipulate communications. DNS Poisoning MITM Network Attacks Overview Packet Sniffing Exploits Spoofing VLAN Hopping VMescape Exploits Related Links: DNS Lookup Host Check ICMP Echo Network Evasion Techniques Network Protocols Port Scanning TCP Port Scan VPNs Wireless and Physical Attackshttps://r0tbyt3.dev/wiki/content/embedded-systems/exploits/network-attacks/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/exploits/network-attacks/Network Attacks Network Attacks - exploitation techniques targeting network-connected embedded systems through protocol vulnerabilities, unauthenticated services, or traffic interception. Related Links: Buffer Overflow Firmware Exploitation Physical Attacks Side-Channel Attackshttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-attacks/network-attacks-overview/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-attacks/network-attacks-overview/Network Attacks Overview Network Attacks Overview - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: DNS Poisoning MITM Packet Sniffing Exploits Spoofing VLAN Hopping VMescape Exploitshttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-evasion-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-evasion-techniques/Network Evasion Techniques Network Evasion Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: DNS Lookup Host Check ICMP Echo Network Attacks Network Protocols Port Scanning TCP Port Scan VPNs Wireless and Physical Attackshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/network-evasion-techniques-overview/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/network-evasion-techniques-overview/Network Evasion Techniques Overview Network Evasion Techniques Overview - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Sandbox Evasion Techniques TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/wireshark/network-forensics-with-wireshark/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/wireshark/network-forensics-with-wireshark/Network Forensics with Wireshark Network Forensics with Wireshark - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Protocol Analysis Tcpdump Wireshark Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-protocols/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-protocols/Network Protocols Network Protocols - core networking standards and protocols that define how data is transmitted and received across computer networks. DNS Handshakes HTTPS Networking Networking Fundamentals Subnetting Related Links: DNS Lookup Host Check ICMP Echo Network Attacks Network Evasion Techniques Port Scanning TCP Port Scan VPNs Wireless and Physical Attackshttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/Network Security Network Security - the practices and technologies used to protect network infrastructure, data in transit, and communication channels from unauthorized access and attacks. DNS Lookup Host Check ICMP Echo Network Attacks Network Evasion Techniques Network Protocols Port Scanning TCP Port Scan VPNs Wireless and Physical Attacks Related Links: Application Security Bash Burp Suite Cryptography Cybersecurity Encryption Firewalls Ghidra Hashing Incident Response and Forensics Information Security Models Linux Operating System Malware Analysis Malware Development Nginx Nmap Obfuscation and Detection Evasion Offensive Phishing Operations Ransomware SOC and Detection Engineering Social Engineering Threat Modeling Windows Security and Administration Wiresharkhttps://r0tbyt3.dev/wiki/content/cybersecurity/firewalls/network-segmentation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/firewalls/network-segmentation/Network Segmentation Network Segmentation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: DMZ Firewalls Overview Honeypots Jump Server Microsegmentation Port Blocking Zero Trust Architecturehttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-protocols/networking/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-protocols/networking/Networking Networking - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: DNS Handshakes HTTPS Networking Fundamentals Subnettinghttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-protocols/networking-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-protocols/networking-fundamentals/Networking Fundamentals Networking Fundamentals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: DNS Handshakes HTTPS Networking Subnettinghttps://r0tbyt3.dev/wiki/content/cybersecurity/nginx/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/nginx/Nginx Nginx - a high-performance web server, reverse proxy, and load balancer widely used in phishing infrastructure, C2 redirectors, and web application delivery. Introduction to Nginx Capabilities Nginx Demo Reverse Proxying Nginx Fundamentals Protecting Phishing Servers via Nginx Related Links: Application Security Bash Burp Suite Cryptography Cybersecurity Encryption Firewalls Ghidra Hashing Incident Response and Forensics Information Security Models Linux Operating System Malware Analysis Malware Development Network Security Nmap Obfuscation and Detection Evasion Offensive Phishing Operations Ransomware SOC and Detection Engineering Social Engineering Threat Modeling Windows Security and Administration Wiresharkhttps://r0tbyt3.dev/wiki/content/cybersecurity/nginx/nginx-demo-reverse-proxying/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/nginx/nginx-demo-reverse-proxying/Nginx Demo Reverse Proxying Nginx Demo Reverse Proxying - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Introduction to Nginx Capabilities Nginx Fundamentals Protecting Phishing Servers via Nginxhttps://r0tbyt3.dev/wiki/content/backend-engineering/web/web-infrastructure/nginx-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/web/web-infrastructure/nginx-fundamentals/Nginx Fundamentals Nginx Fundamentals - core configuration and usage of Nginx as a reverse proxy and web server. Related Links: Apache Caddy Domain name Domain name system Http caching Https Web servershttps://r0tbyt3.dev/wiki/content/cybersecurity/nginx/nginx-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/nginx/nginx-fundamentals/Nginx Fundamentals Nginx Fundamentals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Introduction to Nginx Capabilities Nginx Demo Reverse Proxying Protecting Phishing Servers via Nginxhttps://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/ci-cd/devsecops/nikto/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/ci-cd/devsecops/nikto/Nikto Nikto - open-source web server scanner that detects dangerous files, outdated software, and server misconfigurations. Related Links: API Security Arachni Dynamic application security testing (DAST) Pipeline Security Shift Left Security Software composition analysis (SCA) Static application security testing (SAST) W3afhttps://r0tbyt3.dev/wiki/content/cybersecurity/nmap/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/nmap/Nmap Nmap - a powerful open-source network scanner used for host discovery, port scanning, service version detection, and OS fingerprinting. Nmap Fundamentals Nmap NSE Scripts Port Scanning Techniques Service Detection Related Links: Application Security Bash Burp Suite Cryptography Cybersecurity Encryption Firewalls Ghidra Hashing Incident Response and Forensics Information Security Models Linux Operating System Malware Analysis Malware Development Network Security Nginx Obfuscation and Detection Evasion Offensive Phishing Operations Ransomware SOC and Detection Engineering Social Engineering Threat Modeling Windows Security and Administration Wiresharkhttps://r0tbyt3.dev/wiki/content/cybersecurity/nmap/nmap-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/nmap/nmap-fundamentals/Nmap Fundamentals Nmap Fundamentals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Nmap NSE Scripts Port Scanning Techniques Service Detectionhttps://r0tbyt3.dev/wiki/content/cybersecurity/nmap/nmap-nse-scripts/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/nmap/nmap-nse-scripts/Nmap NSE Scripts Nmap NSE Scripts - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Nmap Fundamentals Port Scanning Techniques Service Detectionhttps://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-types/non-relational-databases/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-types/non-relational-databases/Non-relational databases Non-Relational Databases - databases that do not use the tabular schema of relational systems. Related Links: Column dbs Document dbs Elasticsearch Graphdbs Key value Memcached NoSQL databases Redis Relational databases Search engines Solr Time series dbs Vector databaseshttps://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-fundamentals/normalization/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-fundamentals/normalization/Normalization Normalization - process of organizing database schema to reduce redundancy and improve data integrity. Related Links: ACID CAP theorem Data constraints Data definition language Data integrity and normalization and security Data manipulation language Databases and Data Modeling Migrations ORMs Transactions Transactions and isolation levelshttps://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-types/nosql-databases/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-types/nosql-databases/NoSQL databases NoSQL Databases - non-relational databases designed for flexible schema, horizontal scale, and performance. Related Links: Column dbs Document dbs Elasticsearch Graphdbs Key value Memcached Non-relational databases Redis Relational databases Search engines Solr Time series dbs Vector databaseshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/ntdll-unhooking-and-api-hooking/ntdll-unhooking/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/ntdll-unhooking-and-api-hooking/ntdll-unhooking/NTDLL Unhooking NTDLL Unhooking - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Variants Hardware Hooks NTDLL Unhooking Variants Unhooking All DLLs Utilizing Hardware Breakpoints for Hooking 1 Utilizing Hardware Breakpoints for Hooking 2https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/ntdll-unhooking-and-api-hooking/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/ntdll-unhooking-and-api-hooking/NTDLL Unhooking and API Hooking NTDLL Unhooking and API Hooking - techniques to restore hooked NTDLL functions or intercept API calls to bypass EDR user-mode hooks. API Hooking Variants Hardware Hooks NTDLL Unhooking NTDLL Unhooking Variants Unhooking All DLLs Utilizing Hardware Breakpoints for Hooking 1 Utilizing Hardware Breakpoints for Hooking 2 Related Links: AMSI Bypass Anti-Analysis Automated Obfuscation Techniques Code Obfuscation Covering Tracks ETW Bypasshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/ntdll-unhooking-and-api-hooking/ntdll-unhooking-variants/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/ntdll-unhooking-and-api-hooking/ntdll-unhooking-variants/NTDLL Unhooking Variants NTDLL Unhooking Variants - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Variants Hardware Hooks NTDLL Unhooking Unhooking All DLLs Utilizing Hardware Breakpoints for Hooking 1 Utilizing Hardware Breakpoints for Hooking 2https://r0tbyt3.dev/wiki/content/embedded-systems/architectures/arm-m-profile/nvic/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/architectures/arm-m-profile/nvic/NVIC NVIC - the Nested Vectored Interrupt Controller on Cortex-M that manages interrupt priority, enabling, pending state, and vectored dispatch to handler functions. Related Links: Boot Flow on Cortex-M Exceptions Interruptions MPU Usage Patterns TrustZone-Mhttps://r0tbyt3.dev/wiki/content/backend-engineering/security/authorization/oauth/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/security/authorization/oauth/OAuth OAuth - open standard authorization framework enabling secure delegated access to user resources. Related Links: Access control lists (ACLs) Attribute-based access control (ABAC) Capability-based access control OpenID Connect (OIDC) Role-based access control (RBAC)https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/Obfuscation and Detection Evasion Obfuscation and Detection Evasion - techniques used to conceal malicious code and behavior from security tools, analysts, and automated detection systems. AMSI Bypass Anti-Analysis Automated Obfuscation Techniques Code Obfuscation Covering Tracks ETW Bypass NTDLL Unhooking and API Hooking Related Links: Application Security Bash Burp Suite Cryptography Cybersecurity Encryption Firewalls Ghidra Hashing Incident Response and Forensics Information Security Models Linux Operating System Malware Analysis Malware Development Network Security Nginx Nmap Offensive Phishing Operations Ransomware SOC and Detection Engineering Social Engineering Threat Modeling Windows Security and Administration Wiresharkhttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/obfuscation-ipv4fuscation-ipv6fuscation-uuidfuscation-macfuscation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/obfuscation-ipv4fuscation-ipv6fuscation-uuidfuscation-macfuscation/Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/beacon-object-files-bof/object-file-loader-with-module-stomping/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/beacon-object-files-bof/object-file-loader-with-module-stomping/Object File Loader with Module Stomping Object File Loader with Module Stomping - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: BOF Execution Introduction to BOF LSASS Dump BOF Threadless Shellcode Injection via HWBPs BOF Writing BOF Fileshttps://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/observability-and-sre/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/observability-and-sre/Observability and SRE Observability and SRE - monitoring, reliability engineering, and incident management for production systems. Incident Management for SRE Monitoring and Observability Monitoring Tools Observability Fundamentals SLI SLO SLA Related Links: CI-CD Containers and Kubernetes DevOps and Platform Engineering Infrastructure as Codehttps://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/observability-and-sre/observability-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/observability-and-sre/observability-fundamentals/Observability Fundamentals Observability Fundamentals - the three pillars of metrics, logs, and traces and how they enable system insight and diagnosis. Related Links: Incident Management for SRE Monitoring and Observability Monitoring Tools SLI SLO SLAhttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/Offensive Phishing Operations Offensive Phishing Operations - the planning, infrastructure, and execution of phishing campaigns to harvest credentials and deliver payloads in controlled engagements. AitM and MFA Bypass Anti-Bot Email Attachments and Phishing Campaigns HTML Smuggling Infrastructure Introduction to Phishing Page Design and Delivery Phishing Anti-Analysis Phishing Requirements Related Links: Application Security Bash Burp Suite Cryptography Cybersecurity Encryption Firewalls Ghidra Hashing Incident Response and Forensics Information Security Models Linux Operating System Malware Analysis Malware Development Network Security Nginx Nmap Obfuscation and Detection Evasion Ransomware SOC and Detection Engineering Social Engineering Threat Modeling Windows Security and Administration Wiresharkhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/open-a-domain-ms-samr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/open-a-domain-ms-samr/Open a Domain MS-SAMR Open a Domain MS-SAMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/open-a-group-ms-samr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/open-a-group-ms-samr/Open a Group MS-SAMR Open a Group MS-SAMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/open-a-user-account-ms-samr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/open-a-user-account-ms-samr/Open a User Account MS-SAMR Open a User Account MS-SAMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/open-an-alias-ms-samr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/open-an-alias-ms-samr/Open an Alias MS-SAMR Open an Alias MS-SAMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/backend-engineering/web/apis/open-api-specification-oas/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/web/apis/open-api-specification-oas/Open API Specification (OAS) Open API Specification - standard, language-agnostic interface description format for RESTful APIs. Related Links: API API Design API styles GraphQL GraphQL Fundamentals GRPC HTTP and API Fundamentals REST REST API Design SOAPhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/open-lsad-policy-handle-ms-lsad/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/open-lsad-policy-handle-ms-lsad/Open LSAD Policy Handle MS-LSAD Open LSAD Policy Handle MS-LSAD - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/backend-engineering/security/authorization/openid-connect-oidc/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/security/authorization/openid-connect-oidc/OpenID Connect (OIDC) OpenID Connect - identity layer built on OAuth 2.0 for authentication and user identity verification. Related Links: Access control lists (ACLs) Attribute-based access control (ABAC) Capability-based access control OAuth Role-based access control (RBAC)https://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/operating-systems-for-privacy/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/operating-systems-for-privacy/Operating Systems for Privacy Operating Systems for Privacy - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Privacy Techniques Privacy-Focused Cloud Storage Providers Privacy-Focused Email Providers Privacy-Focused Hardware Devices Privacy-Focused Messaging Apps Privacy-Focused Operating Systems Privacy-Focused Search Engines Privacy-Focused Social Media Platforms Privacy-Focused Software Applications Privacy-Focused VPN Providers Privacy-Focused Web Browsershttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/opsec-failure-directory-listing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/opsec-failure-directory-listing/OPSEC Failure Directory Listing OPSEC Failure Directory Listing - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automate Phishing Infrastructure Ansible Automate Phishing Infrastructure Terraform Database Setup MySQL Deploying Phishing Infrastructure Domain and DNS Configuration Improving Domain Reputation Domain Aging Improving Domain Reputation Domain Categorization Improving Domain Reputation Web Traffic Introduction to Caddy Performing Input Validation Protecting Phishing Servers via Caddy Protecting Phishing Servers via Mod Rewrite Secure SSH Configuration Securing Server Blocking Direct IP Access Securing Server Removing Verbose Information Securing Server Restrict HTTP Access Securing Server via Cloudflare Serverless Phishing Cloudflare Worker SSL Configuration Comodo SSL SSL Configuration Lets Encrypt Web Server Setup Apache PHP Web Server Setup Nginx Flask Wildcard Certificate via Lets Encrypthttps://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-fundamentals/orms/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-fundamentals/orms/ORMs ORMs - libraries mapping database tables to object-oriented code for convenient database interaction. Related Links: ACID CAP theorem Data constraints Data definition language Data integrity and normalization and security Data manipulation language Databases and Data Modeling Migrations Normalization Transactions Transactions and isolation levelshttps://r0tbyt3.dev/wiki/content/cybersecurity/threat-modeling/osint/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/threat-modeling/osint/OSINT OSINT - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APT Reconnaissance Techniques Supply Chain Attacks Threat Modeling Fundamentals Zero Dayhttps://r0tbyt3.dev/wiki/content/backend-engineering/security/web-security/owasp-risks/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/security/web-security/owasp-risks/OWASP risks OWASP Risks - top ten web application security risks identified by the Open Web Application Security Project. Related Links: API security best practices Container security best practices CORS CSP Mitigation techniques Server securityhttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/owasp-top-10/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/owasp-top-10/OWASP Top 10 OWASP Top 10 - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Authentication and Authorization Automated Exploit Generation Automated Vulnerability Discovery Common Exploit Frameworks and Tools Injection Attacks Secure Coding Fundamentals Software Vulnerabilities and Exploits Target-Specific Exploitation Web Based Attackshttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-attacks/packet-sniffing-exploits/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-attacks/packet-sniffing-exploits/Packet Sniffing Exploits Packet Sniffing Exploits - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: DNS Poisoning MITM Network Attacks Overview Spoofing VLAN Hopping VMescape Exploitshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/page-design-and-delivery/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/page-design-and-delivery/Page Design and Delivery Page Design and Delivery - techniques for creating convincing phishing pages, cloning legitimate sites, and delivering payloads via ClickFix and other vectors. ClickFix Run Dialog Alternatives Cloning Websites via Browser Extension Designing Custom Phishing Pages Integrating Backend Functionality Introduction to Apache Mod Rewrite Introduction to ClickFix Introduction to Flask Living Off Trusted Sites (LOTS) Related Links: AitM and MFA Bypass Anti-Bot Email Attachments and Phishing Campaigns HTML Smuggling Infrastructure Introduction to Phishing Phishing Anti-Analysis Phishing Requirementshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory/pass-the-hash/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory/pass-the-hash/Pass the Hash Pass the Hash - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Active Directory Fundamentals Group Administration IAM Policies Identity and Access Management Fundamentals Identity Federation Privileged Access Management User Administrationhttps://r0tbyt3.dev/wiki/content/backend-engineering/security/authentication/password-based-authentication/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/security/authentication/password-based-authentication/Password-based authentication Password-Based Authentication - authentication mechanism using secret credentials known only to the user. Related Links: Authentication and Authorization AuthN vs AuthZ Multi-factor authentication (MFA) Session and Token Security Token-based authenticationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/patching-the-.net-exit-routine/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/patching-the-.net-exit-routine/Patching the .NET Exit Routine Patching the .NET Exit Routine - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/amsi-bypass/patchless-amsi-bypass-via-hardware-breakpoints/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/amsi-bypass/patchless-amsi-bypass-via-hardware-breakpoints/Patchless AMSI Bypass via Hardware Breakpoints Patchless AMSI Bypass via Hardware Breakpoints - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AMSI Bypass Byte Patching AMSI Evasion AMSI Evasion via Hardware Breakpoint Hooks AMSI Evasion via Patching Introduction to AMSIhttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/patchless-etw-bypass-via-hardware-breakpoints/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/etw-bypass/patchless-etw-bypass-via-hardware-breakpoints/Patchless ETW Bypass via Hardware Breakpoints Patchless ETW Bypass via Hardware Breakpoints - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: ETW Bypass Byte Patching ETW Bypass Improved Patching ETW Discovering ETW Tools ETW Evasion ETW Evasion via NtTraceEvent Patching ETW Evasion via Patching ETW Evasion via Patching EtwpEventWrite ETW Evasion via Patching EtwpEventWrite v2 ETW Evasion via WinAPIs Patching ETW Provider Session Hijacking Introduction to ETWhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/patchless-threadless-injection-via-hardware-breakpoints/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/patchless-threadless-injection-via-hardware-breakpoints/Patchless Threadless Injection via Hardware Breakpoints Patchless Threadless Injection via Hardware Breakpoints - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/backend-engineering/dsa/patterns/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/dsa/patterns/Patterns Patterns - common problem-solving patterns used in technical interviews, with Python 3 solution templates. BFS Pattern Binary Search Pattern DFS Pattern Fast and Slow Pointers Merge Intervals Monotonic Stack Sliding Window Top K Elements Two Pointers Union Find Related Links: Algorithms Data Structureshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/Payload and PE Payload and PE - techniques for building, loading, and executing shellcode and PE-format payloads in offensive security implants. APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/payload-encryption-variants/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/payload-encryption-variants/Payload Encryption Variants Payload Encryption Variants - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-control/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-control/Payload Execution Control Payload Execution Control - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-control-via-events/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-control-via-events/Payload Execution Control via Events Payload Execution Control via Events - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-control-via-mutexes/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-control-via-mutexes/Payload Execution Control via Mutexes Payload Execution Control via Mutexes - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-control-via-semaphores/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-control-via-semaphores/Payload Execution Control via Semaphores Payload Execution Control via Semaphores - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-callbacks/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-callbacks/Payload Execution via Callbacks Payload Execution via Callbacks - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-certenumsystemstore-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-certenumsystemstore-callback/Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStore Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-certenumsystemstorelocation-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-certenumsystemstorelocation-callback/Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CertEnumSystemStoreLocation Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-copyfileexw-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-copyfileexw-callback/Payload Execution via CopyFileExW Callback Payload Execution via CopyFileExW Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-cryptenumoidinfo-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-cryptenumoidinfo-callback/Payload Execution via CryptEnumOIDInfo Callback Payload Execution via CryptEnumOIDInfo Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumcalendarinfow-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumcalendarinfow-callback/Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumCalendarInfoW Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumdesktopsw-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumdesktopsw-callback/Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopsW Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumdesktopwindows-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumdesktopwindows-callback/Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDesktopWindows Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumdirtreew-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumdirtreew-callback/Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDirTreeW Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumdisplaymonitors-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumdisplaymonitors-callback/Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumDisplayMonitors Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumerateloadedmodules-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumerateloadedmodules-callback/Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumerateLoadedModules Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumfontfamiliesw-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumfontfamiliesw-callback/Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontFamiliesW Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumfontsw-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumfontsw-callback/Payload Execution via EnumFontsW Callback Payload Execution via EnumFontsW Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumlanguagegrouplocalesw-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumlanguagegrouplocalesw-callback/Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumLanguageGroupLocalesW Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumobjects-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumobjects-callback/Payload Execution via EnumObjects Callback Payload Execution via EnumObjects Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumpagefilesw-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumpagefilesw-callback/Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPageFilesW Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumpropsw-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumpropsw-callback/Payload Execution via EnumPropsW Callback Payload Execution via EnumPropsW Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumpwrschemes-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumpwrschemes-callback/Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumPwrSchemes Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumresourcetypesw-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumresourcetypesw-callback/Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumResourceTypesW Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumsystemlocalesex-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumsystemlocalesex-callback/Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumSystemLocalesEx Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumthreadwindows-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumthreadwindows-callback/Payload Execution via EnumThreadWindows Callback Payload Execution via EnumThreadWindows Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumtimeformatsex-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumtimeformatsex-callback/Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumTimeFormatsEx Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumwindows-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumwindows-callback/Payload Execution via EnumWindows Callback Payload Execution via EnumWindows Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumwindowstationsw-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-enumwindowstationsw-callback/Payload Execution via EnumWindowStationsW Callback Payload Execution via EnumWindowStationsW Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-fibers/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-fibers/Payload Execution via Fibers Payload Execution via Fibers - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-flsalloc-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-flsalloc-callback/Payload Execution via FlsAlloc Callback Payload Execution via FlsAlloc Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-imagegetdigeststream-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-imagegetdigeststream-callback/Payload Execution via ImageGetDigestStream Callback Payload Execution via ImageGetDigestStream Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-immenuminputcontext-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-immenuminputcontext-callback/Payload Execution via ImmEnumInputContext Callback Payload Execution via ImmEnumInputContext Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-initonceexecuteonce-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-initonceexecuteonce-callback/Payload Execution via InitOnceExecuteOnce Callback Payload Execution via InitOnceExecuteOnce Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-symenumprocesses-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-symenumprocesses-callback/Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumProcesses Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-symenumsourcefiles-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-symenumsourcefiles-callback/Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymEnumSourceFiles Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-symfindfileinpath-callback/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/payload-execution-via-symfindfileinpath-callback/Payload Execution via SymFindFileInPath Callback Payload Execution via SymFindFileInPath Callback - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/payload-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/payload-injection/Payload Injection Payload Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/payload-obfuscation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/payload-obfuscation/Payload Obfuscation Payload Obfuscation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/payload-obfuscation-and-deobfuscation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/payload-obfuscation-and-deobfuscation/Payload Obfuscation and Deobfuscation Payload Obfuscation and Deobfuscation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/payload-obfuscation-variants/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/payload-obfuscation-variants/Payload Obfuscation Variants Payload Obfuscation Variants - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/payload-placement/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/payload-placement/Payload Placement Payload Placement - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/payload-placement-variants/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/payload-placement-variants/Payload Placement Variants Payload Placement Variants - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/payload-staging/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/payload-staging/Payload Staging Payload Staging - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/payload-staging-via-registry-and-web/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/payload-staging-via-registry-and-web/Payload Staging via Registry and Web Payload Staging via Registry and Web - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/peb-ldr-data-iterator/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/peb-ldr-data-iterator/PEB LDR Data Iterator PEB LDR Data Iterator - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/sleep-obfuscation/pefluctuation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/sleep-obfuscation/pefluctuation/PEfluctuation PEfluctuation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ekko Sleep Obfuscation with Control Flow Guard Ekko Sleep Obfuscation with Restored File Section Protections Ekko Sleep Obfuscation with RtlEncryptMemory and RtlDecryptMemory Ekko Sleep Obfuscation with Stack Spoofing Heap Encryption with Ekko Sleep Obfuscation Introduction to Ekko Sleep Obfuscation Introduction to Foliage Sleep Obfuscation Introduction to Sleep Obfuscation Zilean Sleep Obfuscation with Stack Duplicationhttps://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-performance/performance-tuning-and-query-optimization/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-performance/performance-tuning-and-query-optimization/Performance tuning and query optimization Performance Tuning and Query Optimization - techniques for improving database query speed and resource efficiency. Related Links: Data replication Database index Database scaling Indexes and performance optimization Indexing and Query Performance N+1 query problem Shardinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/performing-input-validation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/performing-input-validation/Performing Input Validation Performing Input Validation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automate Phishing Infrastructure Ansible Automate Phishing Infrastructure Terraform Database Setup MySQL Deploying Phishing Infrastructure Domain and DNS Configuration Improving Domain Reputation Domain Aging Improving Domain Reputation Domain Categorization Improving Domain Reputation Web Traffic Introduction to Caddy OPSEC Failure Directory Listing Protecting Phishing Servers via Caddy Protecting Phishing Servers via Mod Rewrite Secure SSH Configuration Securing Server Blocking Direct IP Access Securing Server Removing Verbose Information Securing Server Restrict HTTP Access Securing Server via Cloudflare Serverless Phishing Cloudflare Worker SSL Configuration Comodo SSL SSL Configuration Lets Encrypt Web Server Setup Apache PHP Web Server Setup Nginx Flask Wildcard Certificate via Lets Encrypthttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/permissions/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/permissions/Permissions Permissions - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/backend-engineering/django/permissions-and-groups/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/django/permissions-and-groups/Permissions and Groups Permissions and Groups - Django’s per-model permission system and group-based access control for views and objects. Related Links: Class-Based Views Custom User Model Deployment Django Admin Django Security Django Testing Forms and Validation Function-Based Views Middleware Migrations ModelForms Models and ORM QuerySets and Managers Settings and Configuration Signals Static Files and Media Templates and Template Tags URL Routing User Authenticationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/persistence/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/persistence/Persistence Persistence - techniques used by malware to maintain access to a compromised system across reboots, logoffs, and security tool detections. Abusing WMI for Persistence Introduction to Windows Persistence Persistence via COM Object Hijacking Persistence via Electron Applications Persistence via File System Persistence via Startup Folder Persistence via Windows Registry Persistence via Windows Services Persistence via Windows Tasks Related Links: Beacon Object Files (BOF) C2 and Networking Credential Dumping Malware Concepts Payload and PE Process Injection Sleep Obfuscation Windows Internalshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/persistence-techniques-overview/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/persistence-techniques-overview/Persistence Techniques Overview Persistence Techniques Overview - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/persistence/persistence-via-com-object-hijacking/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/persistence/persistence-via-com-object-hijacking/Persistence via COM Object Hijacking Persistence via COM Object Hijacking - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Abusing WMI for Persistence Introduction to Windows Persistence Persistence via Electron Applications Persistence via File System Persistence via Startup Folder Persistence via Windows Registry Persistence via Windows Services Persistence via Windows Taskshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/persistence/persistence-via-electron-applications/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/persistence/persistence-via-electron-applications/Persistence via Electron Applications Persistence via Electron Applications - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Abusing WMI for Persistence Introduction to Windows Persistence Persistence via COM Object Hijacking Persistence via File System Persistence via Startup Folder Persistence via Windows Registry Persistence via Windows Services Persistence via Windows Taskshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/persistence/persistence-via-file-system/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/persistence/persistence-via-file-system/Persistence via File System Persistence via File System - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Abusing WMI for Persistence Introduction to Windows Persistence Persistence via COM Object Hijacking Persistence via Electron Applications Persistence via Startup Folder Persistence via Windows Registry Persistence via Windows Services Persistence via Windows Taskshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/persistence/persistence-via-startup-folder/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/persistence/persistence-via-startup-folder/Persistence via Startup Folder Persistence via Startup Folder - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Abusing WMI for Persistence Introduction to Windows Persistence Persistence via COM Object Hijacking Persistence via Electron Applications Persistence via File System Persistence via Windows Registry Persistence via Windows Services Persistence via Windows Taskshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/persistence-via-startup-folder/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/persistence-via-startup-folder/Persistence via Startup Folder Persistence via Startup Folder - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AlwaysInstallElevated Privilege Escalation Check Brute Force vs Password Spraying Windows Check HKCU AlwaysInstallElevated Check HKLM AlwaysInstallElevated DLL Hijacking Elevate Process to SYSTEM Enable SeDebugPrivilege Exploitation Enable WDigest for Credential Capture Jail Breaking Lateral Movement Techniques Living Off the Land (LOTL) Techniques Maintaining Persistence Techniques Move File to Startup Folder Privilege Escalation Techniques Python Jail Breaking Registry Kill Switchhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/persistence/persistence-via-windows-registry/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/persistence/persistence-via-windows-registry/Persistence via Windows Registry Persistence via Windows Registry - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Abusing WMI for Persistence Introduction to Windows Persistence Persistence via COM Object Hijacking Persistence via Electron Applications Persistence via File System Persistence via Startup Folder Persistence via Windows Services Persistence via Windows Taskshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/persistence/persistence-via-windows-services/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/persistence/persistence-via-windows-services/Persistence via Windows Services Persistence via Windows Services - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Abusing WMI for Persistence Introduction to Windows Persistence Persistence via COM Object Hijacking Persistence via Electron Applications Persistence via File System Persistence via Startup Folder Persistence via Windows Registry Persistence via Windows Taskshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/persistence/persistence-via-windows-tasks/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/persistence/persistence-via-windows-tasks/Persistence via Windows Tasks Persistence via Windows Tasks - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Abusing WMI for Persistence Introduction to Windows Persistence Persistence via COM Object Hijacking Persistence via Electron Applications Persistence via File System Persistence via Startup Folder Persistence via Windows Registry Persistence via Windows Serviceshttps://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/ci-cd/devops-fundamentals/phases-of-devops/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/ci-cd/devops-fundamentals/phases-of-devops/Phases of DevOps Phases of DevOps - the continuous loop of plan, code, build, test, release, deploy, operate, and monitor. Related Links: Agile and Scrum DevOps and DevSecOps Fundamentals Software Delivery Models Waterfall vs Agile vs DevOpshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/Phishing Anti-Analysis Phishing Anti-Analysis - techniques to detect and evade automated phishing page scanners, security analysts, and threat intelligence crawlers. Analyzing Server Security Anti-Analysis Approve Access via Discord Anti-Analysis Approve Access via Email Anti-Analysis Approve Access via Push Notifications Anti-Analysis Dynamic Obfuscation via Obfuscatorio Anti-Analysis via AES Encryption Anti-Analysis via Base64 Obfuscation Anti-Analysis via Cookie Check Anti-Analysis via Dynamic Encryption Anti-Analysis via Dynamic HTML Generation Anti-Analysis via Fetching Remote Content Anti-Analysis via Honeypots Anti-Analysis via Invisible Encoding Anti-Analysis via IP Restrictions Anti-Analysis via Reverse DNS Query Anti-Analysis via Website Keying Anti-Analysis via XOR Obfuscation Cloning Detection Mechanisms Evading Google Safe Browsing Hiding Domain via Referrer Policy Phishing Detection Methods Practical Phishing Detection Examples Related Links: AitM and MFA Bypass Anti-Bot Email Attachments and Phishing Campaigns HTML Smuggling Infrastructure Introduction to Phishing Page Design and Delivery Phishing Requirementshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/phishing-detection-methods/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/phishing-detection-methods/Phishing Detection Methods Phishing Detection Methods - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing Server Security Anti-Analysis Approve Access via Discord Anti-Analysis Approve Access via Email Anti-Analysis Approve Access via Push Notifications Anti-Analysis Dynamic Obfuscation via Obfuscatorio Anti-Analysis via AES Encryption Anti-Analysis via Base64 Obfuscation Anti-Analysis via Cookie Check Anti-Analysis via Dynamic Encryption Anti-Analysis via Dynamic HTML Generation Anti-Analysis via Fetching Remote Content Anti-Analysis via Honeypots Anti-Analysis via Invisible Encoding Anti-Analysis via IP Restrictions Anti-Analysis via Reverse DNS Query Anti-Analysis via Website Keying Anti-Analysis via XOR Obfuscation Cloning Detection Mechanisms Evading Google Safe Browsing Hiding Domain via Referrer Policy Practical Phishing Detection Exampleshttps://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/digital-social-engineering/phishing-overview/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/digital-social-engineering/phishing-overview/Phishing Overview Phishing Overview - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Business Email Compromise Drive-By Downloads File Sharing and Removable Media Typo Squatting Watering Hole Attackshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-requirements/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-requirements/Phishing Requirements Phishing Requirements - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AitM and MFA Bypass Anti-Bot Email Attachments and Phishing Campaigns HTML Smuggling Infrastructure Introduction to Phishing Page Design and Delivery Phishing Anti-Analysishttps://r0tbyt3.dev/wiki/content/embedded-systems/exploits/physical-attacks/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/exploits/physical-attacks/Physical Attacks Physical Attacks - hardware-level attack techniques including fault injection, probe-based extraction, and physical tampering with embedded devices. Related Links: Buffer Overflow Firmware Exploitation Network Attacks Side-Channel Attackshttps://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/physical-social-engineering/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/physical-social-engineering/Physical Social Engineering Physical Social Engineering - in-person deception and manipulation techniques that exploit physical access, trust, and human behavior. Dumpster Diving Impersonation Techniques Lock Picking Pretexting Related Links: Automated Social Engineering Techniques Automated Spear Phishing Email Generation Digital Social Engineering Social Engineering Fundamentals Social Engineering Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/linux-operating-system/ping/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/linux-operating-system/ping/Ping Ping - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ipconfig and Ifconfig Kali vs Parrot vs BlackArch vs Qubes Linux Fundamentalshttps://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/ci-cd/pipeline-and-delivery/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/ci-cd/pipeline-and-delivery/Pipeline and Delivery Pipeline and Delivery - CI/CD pipeline design, release strategies, and automated software delivery practices. CI-CD Fundamentals Deployment Development Phase Release Strategies Requirements and Design Phase Testing Related Links: DevOps Fundamentals DevSecOpshttps://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/ci-cd/devsecops/pipeline-security/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/ci-cd/devsecops/pipeline-security/Pipeline Security Pipeline Security - securing the CI/CD supply chain through secret management, artifact signing, and dependency scanning. Related Links: API Security Arachni Dynamic application security testing (DAST) Nikto Shift Left Security Software composition analysis (SCA) Static application security testing (SAST) W3afhttps://r0tbyt3.dev/wiki/content/backend-engineering/databases/sql/pivot-and-unpivot-operations/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/sql/pivot-and-unpivot-operations/Pivot and unpivot operations Pivot and Unpivot Operations - SQL transformations rotating rows to columns or columns to rows. Related Links: Advanced SQL Aggregate queries Common table expressions (CTEs) Dynamic SQL Join queries Recursive queries Select, insert, delete, update statements Stored procedures and triggers Subqueries Views Window functionshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/pjw-string-hashing-algorithm/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/pjw-string-hashing-algorithm/PJW String Hashing Algorithm PJW String Hashing Algorithm - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/pjw-string-hashing-algorithm-ascii/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/pjw-string-hashing-algorithm-ascii/PJW String Hashing Algorithm ASCII PJW String Hashing Algorithm ASCII - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/pjw-string-hashing-syscalls-hash-values-nt/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/pjw-string-hashing-syscalls-hash-values-nt/PJW String Hashing Syscalls Hash Values NT PJW String Hashing Syscalls Hash Values NT - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/pjw-syscalls-hash-values-zw/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/pjw-syscalls-hash-values-zw/PJW Syscalls Hash Values ZW PJW Syscalls Hash Values ZW - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/pjw-winapis-hash-values/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/pjw-winapis-hash-values/PJW WinAPIs Hash Values PJW WinAPIs Hash Values - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/embedded-systems/architectures/risc-v/platform-interrupt-architecture/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/architectures/risc-v/platform-interrupt-architecture/Platform Interrupt Architecture Platform Interrupt Architecture - the RISC-V PLIC and CLINT interrupt controllers that route external and timer interrupts to harts with configurable priority and threshold settings. Related Links: PMP and Isolation Privilege Model and Trap Handlinghttps://r0tbyt3.dev/wiki/content/embedded-systems/architectures/risc-v/pmp-and-isolation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/architectures/risc-v/pmp-and-isolation/PMP and Isolation PMP and Isolation - the RISC-V Physical Memory Protection unit used to restrict memory access by privilege level, enabling isolation between firmware components and sandboxing of untrusted code. Related Links: Platform Interrupt Architecture Privilege Model and Trap Handlinghttps://r0tbyt3.dev/wiki/content/embedded-systems/c-language/pointers-and-casting-in-embedded-c/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/c-language/pointers-and-casting-in-embedded-c/Pointers and Casting in Embedded C Pointers and Casting in Embedded C - pointer arithmetic, void pointers, and type casting used to access hardware registers and manipulate raw memory. Related Links: Accessing Memory-Mapped Registers with Pointers Bitwise Operators and Bit Manipulation Techniques Compiler Optimization Behavior and volatile Fixes Complex const and volatile Combinations Control Flow for Firmware Data Types, Variables, and Storage Class Specifiers Defensive C Patterns for Vulnerability Prevention ELF File Format, Symbols, Sections, and Segments Functions and Modular Firmware Design Register Definitions with C Structures Relocation, Linking, Literal Pools, and Veneers Structures, Bitfields, Unions, and Bit Extraction Toolchain Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/polymorphic-and-metamorphic-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/polymorphic-and-metamorphic-techniques/Polymorphic and Metamorphic Techniques Polymorphic and Metamorphic Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/polymorphic-malware/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/polymorphic-malware/Polymorphic Malware Polymorphic Malware - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/firewalls/port-blocking/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/firewalls/port-blocking/Port Blocking Port Blocking - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: DMZ Firewalls Overview Honeypots Jump Server Microsegmentation Network Segmentation Zero Trust Architecturehttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/port-scanning/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/port-scanning/Port Scanning Port Scanning - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: DNS Lookup Host Check ICMP Echo Network Attacks Network Evasion Techniques Network Protocols TCP Port Scan VPNs Wireless and Physical Attackshttps://r0tbyt3.dev/wiki/content/cybersecurity/nmap/port-scanning-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/nmap/port-scanning-techniques/Port Scanning Techniques Port Scanning Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Nmap Fundamentals Nmap NSE Scripts Service Detectionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/portable-pe-headers-retrieval/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/portable-pe-headers-retrieval/Portable PE Headers Retrieval Portable PE Headers Retrieval - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/embedded-systems/architectures/power-and-clock-domain-architecture/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/architectures/power-and-clock-domain-architecture/Power and Clock Domain Architecture Power and Clock Domain Architecture - the organization of clock trees and power domains within a SoC, including clock gating, domain isolation, and power management controller design. Related Links: Arm M-profile Bus Fabrics and On-Chip Interconnects CPU Core Concepts Heterogeneous SoCs and Co-processors Memory Architecture RISC-V Single Core vs Multi-Core Architectureshttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/power-line-communication-exploits/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/power-line-communication-exploits/Power Line Communication Exploits Power Line Communication Exploits - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Acoustic Communication Exploits Bluetooth Exploits Deauth Evil Twin Attacks Infrared Exploits Near-Field Communication (NFC) Exploits Quantum Communication Exploits Radio Frequency Exploits Rogue Access Point Satellite Communication Exploits Ultrasonic Communication Exploits Visible Light Communication Exploits WiFi Exploitshttps://r0tbyt3.dev/wiki/content/embedded-systems/hardware/power-regulation-and-conversion/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/hardware/power-regulation-and-conversion/Power Regulation and Conversion Power Regulation and Conversion - circuits that convert and regulate supply voltages for embedded hardware, including LDOs, buck converters, and boost converters. Related Links: Board Bring-Up and Hardware Validation Cables, Connectors, and Physical Interfaces Clocking and Reset Circuits Debug and Programming Hardware Digital and Analog Peripherals Memory Hardware Microcontrollers and Selection Criteria Power Sources and Power Budgeting Sensors, Actuators, and Driver Components Signal Integrity, Protection, and Level Shiftinghttps://r0tbyt3.dev/wiki/content/embedded-systems/hardware/power-sources-and-power-budgeting/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/hardware/power-sources-and-power-budgeting/Power Sources and Power Budgeting Power Sources and Power Budgeting - battery types, energy harvesting sources, and methods for estimating and managing total system power consumption. Related Links: Board Bring-Up and Hardware Validation Cables, Connectors, and Physical Interfaces Clocking and Reset Circuits Debug and Programming Hardware Digital and Analog Peripherals Memory Hardware Microcontrollers and Selection Criteria Power Regulation and Conversion Sensors, Actuators, and Driver Components Signal Integrity, Protection, and Level Shiftinghttps://r0tbyt3.dev/wiki/content/embedded-systems/execution-models/power-aware-execution-strategies/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/execution-models/power-aware-execution-strategies/Power-Aware Execution Strategies Power-Aware Execution Strategies - techniques for reducing energy consumption through sleep modes, clock gating, and workload scheduling. Related Links: Cooperative Scheduling Event-Driven and State-Machine Models Failure Recovery Models Hybrid Polling and Interrupt Models Interrupt-Driven Execution ISR-to-Task Communication Patterns Preemptive RTOS Scheduling Real-Time Constraints, Latency, and Jitter Shared-State Synchronization and Concurrency Safety Superloop Task Priorities and Deadline Handlinghttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/powershell/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/powershell/PowerShell PowerShell - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/powershell-execution-via-.net-hosting-api/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/powershell-execution-via-.net-hosting-api/PowerShell Execution via .NET Hosting API PowerShell Execution via .NET Hosting API - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes Proxy Execute NtAllocateVirtualMemory with Timer APIs Proxy Execute NtAllocateVirtualMemory with Work Item APIs Proxy Execute NtCreateThreadEx with Work Item APIs Reverse Shell Reverse Shells Overview Running JScript Code in Memory Send Keystrokes to Remote Server Shell Execution SignalObjectAndWait Alertable Function SleepEx Alertable Function Upload File via SMB User Shared Data Delay WaitForMultipleObjectsEx Alertable Function WaitForSingleObjectEx Alertable Function WMI Queryhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/powershell-security/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/powershell-security/PowerShell Security PowerShell Security - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/ppid-spoofing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/ppid-spoofing/PPID Spoofing PPID Spoofing - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/practical-phishing-detection-examples/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/phishing-anti-analysis/practical-phishing-detection-examples/Practical Phishing Detection Examples Practical Phishing Detection Examples - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing Server Security Anti-Analysis Approve Access via Discord Anti-Analysis Approve Access via Email Anti-Analysis Approve Access via Push Notifications Anti-Analysis Dynamic Obfuscation via Obfuscatorio Anti-Analysis via AES Encryption Anti-Analysis via Base64 Obfuscation Anti-Analysis via Cookie Check Anti-Analysis via Dynamic Encryption Anti-Analysis via Dynamic HTML Generation Anti-Analysis via Fetching Remote Content Anti-Analysis via Honeypots Anti-Analysis via Invisible Encoding Anti-Analysis via IP Restrictions Anti-Analysis via Reverse DNS Query Anti-Analysis via Website Keying Anti-Analysis via XOR Obfuscation Cloning Detection Mechanisms Evading Google Safe Browsing Hiding Domain via Referrer Policy Phishing Detection Methodshttps://r0tbyt3.dev/wiki/content/embedded-systems/execution-models/preemptive-rtos-scheduling/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/execution-models/preemptive-rtos-scheduling/Preemptive RTOS Scheduling Preemptive RTOS Scheduling - real-time operating system model where the scheduler can interrupt a running task to give the CPU to a higher-priority task. Related Links: Cooperative Scheduling Event-Driven and State-Machine Models Failure Recovery Models Hybrid Polling and Interrupt Models Interrupt-Driven Execution ISR-to-Task Communication Patterns Power-Aware Execution Strategies Real-Time Constraints, Latency, and Jitter Shared-State Synchronization and Concurrency Safety Superloop Task Priorities and Deadline Handlinghttps://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/physical-social-engineering/pretexting/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/physical-social-engineering/pretexting/Pretexting Pretexting - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Dumpster Diving Impersonation Techniques Lock Pickinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/print-a-hexadecimal-array/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/print-a-hexadecimal-array/Print a Hexadecimal Array Print a Hexadecimal Array - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/print-os-version/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/print-os-version/Print OS Version Print OS Version - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/print-os-version/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/print-os-version/Print OS Version Print OS Version - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/Privacy Privacy - technologies, tools, and techniques for protecting personal data and maintaining anonymity in digital environments. Operating Systems for Privacy Privacy Techniques Privacy-Focused Cloud Storage Providers Privacy-Focused Email Providers Privacy-Focused Hardware Devices Privacy-Focused Messaging Apps Privacy-Focused Operating Systems Privacy-Focused Search Engines Privacy-Focused Social Media Platforms Privacy-Focused Software Applications Privacy-Focused VPN Providers Privacy-Focused Web Browsers Related Links: CIA Triad Information Security Models Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/privacy-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/privacy-techniques/Privacy Techniques Privacy Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Operating Systems for Privacy Privacy-Focused Cloud Storage Providers Privacy-Focused Email Providers Privacy-Focused Hardware Devices Privacy-Focused Messaging Apps Privacy-Focused Operating Systems Privacy-Focused Search Engines Privacy-Focused Social Media Platforms Privacy-Focused Software Applications Privacy-Focused VPN Providers Privacy-Focused Web Browsershttps://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/privacy-focused-cloud-storage-providers/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/privacy-focused-cloud-storage-providers/Privacy-Focused Cloud Storage Providers Privacy-Focused Cloud Storage Providers - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Operating Systems for Privacy Privacy Techniques Privacy-Focused Email Providers Privacy-Focused Hardware Devices Privacy-Focused Messaging Apps Privacy-Focused Operating Systems Privacy-Focused Search Engines Privacy-Focused Social Media Platforms Privacy-Focused Software Applications Privacy-Focused VPN Providers Privacy-Focused Web Browsershttps://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/privacy-focused-email-providers/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/privacy-focused-email-providers/Privacy-Focused Email Providers Privacy-Focused Email Providers - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Operating Systems for Privacy Privacy Techniques Privacy-Focused Cloud Storage Providers Privacy-Focused Hardware Devices Privacy-Focused Messaging Apps Privacy-Focused Operating Systems Privacy-Focused Search Engines Privacy-Focused Social Media Platforms Privacy-Focused Software Applications Privacy-Focused VPN Providers Privacy-Focused Web Browsershttps://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/privacy-focused-hardware-devices/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/privacy-focused-hardware-devices/Privacy-Focused Hardware Devices Privacy-Focused Hardware Devices - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Operating Systems for Privacy Privacy Techniques Privacy-Focused Cloud Storage Providers Privacy-Focused Email Providers Privacy-Focused Messaging Apps Privacy-Focused Operating Systems Privacy-Focused Search Engines Privacy-Focused Social Media Platforms Privacy-Focused Software Applications Privacy-Focused VPN Providers Privacy-Focused Web Browsershttps://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/privacy-focused-messaging-apps/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/privacy-focused-messaging-apps/Privacy-Focused Messaging Apps Privacy-Focused Messaging Apps - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Operating Systems for Privacy Privacy Techniques Privacy-Focused Cloud Storage Providers Privacy-Focused Email Providers Privacy-Focused Hardware Devices Privacy-Focused Operating Systems Privacy-Focused Search Engines Privacy-Focused Social Media Platforms Privacy-Focused Software Applications Privacy-Focused VPN Providers Privacy-Focused Web Browsershttps://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/privacy-focused-operating-systems/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/privacy-focused-operating-systems/Privacy-Focused Operating Systems Privacy-Focused Operating Systems - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Operating Systems for Privacy Privacy Techniques Privacy-Focused Cloud Storage Providers Privacy-Focused Email Providers Privacy-Focused Hardware Devices Privacy-Focused Messaging Apps Privacy-Focused Search Engines Privacy-Focused Social Media Platforms Privacy-Focused Software Applications Privacy-Focused VPN Providers Privacy-Focused Web Browsershttps://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/privacy-focused-search-engines/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/privacy-focused-search-engines/Privacy-Focused Search Engines Privacy-Focused Search Engines - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Operating Systems for Privacy Privacy Techniques Privacy-Focused Cloud Storage Providers Privacy-Focused Email Providers Privacy-Focused Hardware Devices Privacy-Focused Messaging Apps Privacy-Focused Operating Systems Privacy-Focused Social Media Platforms Privacy-Focused Software Applications Privacy-Focused VPN Providers Privacy-Focused Web Browsershttps://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/privacy-focused-social-media-platforms/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/privacy-focused-social-media-platforms/Privacy-Focused Social Media Platforms Privacy-Focused Social Media Platforms - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Operating Systems for Privacy Privacy Techniques Privacy-Focused Cloud Storage Providers Privacy-Focused Email Providers Privacy-Focused Hardware Devices Privacy-Focused Messaging Apps Privacy-Focused Operating Systems Privacy-Focused Search Engines Privacy-Focused Software Applications Privacy-Focused VPN Providers Privacy-Focused Web Browsershttps://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/privacy-focused-software-applications/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/privacy-focused-software-applications/Privacy-Focused Software Applications Privacy-Focused Software Applications - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Operating Systems for Privacy Privacy Techniques Privacy-Focused Cloud Storage Providers Privacy-Focused Email Providers Privacy-Focused Hardware Devices Privacy-Focused Messaging Apps Privacy-Focused Operating Systems Privacy-Focused Search Engines Privacy-Focused Social Media Platforms Privacy-Focused VPN Providers Privacy-Focused Web Browsershttps://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/privacy-focused-vpn-providers/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/privacy-focused-vpn-providers/Privacy-Focused VPN Providers Privacy-Focused VPN Providers - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Operating Systems for Privacy Privacy Techniques Privacy-Focused Cloud Storage Providers Privacy-Focused Email Providers Privacy-Focused Hardware Devices Privacy-Focused Messaging Apps Privacy-Focused Operating Systems Privacy-Focused Search Engines Privacy-Focused Social Media Platforms Privacy-Focused Software Applications Privacy-Focused Web Browsershttps://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/privacy-focused-web-browsers/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/information-security-models/privacy/privacy-focused-web-browsers/Privacy-Focused Web Browsers Privacy-Focused Web Browsers - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Operating Systems for Privacy Privacy Techniques Privacy-Focused Cloud Storage Providers Privacy-Focused Email Providers Privacy-Focused Hardware Devices Privacy-Focused Messaging Apps Privacy-Focused Operating Systems Privacy-Focused Search Engines Privacy-Focused Social Media Platforms Privacy-Focused Software Applications Privacy-Focused VPN Providershttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/privilege-escalation-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/privilege-escalation-techniques/Privilege Escalation Techniques Privilege Escalation Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AlwaysInstallElevated Privilege Escalation Check Brute Force vs Password Spraying Windows Check HKCU AlwaysInstallElevated Check HKLM AlwaysInstallElevated DLL Hijacking Elevate Process to SYSTEM Enable SeDebugPrivilege Exploitation Enable WDigest for Credential Capture Jail Breaking Lateral Movement Techniques Living Off the Land (LOTL) Techniques Maintaining Persistence Techniques Move File to Startup Folder Persistence via Startup Folder Python Jail Breaking Registry Kill Switchhttps://r0tbyt3.dev/wiki/content/embedded-systems/architectures/cpu-core-concepts/privilege-levels/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/architectures/cpu-core-concepts/privilege-levels/Privilege Levels Privilege Levels - the hardware-enforced execution modes (such as privileged and unprivileged) that control access to protected instructions, registers, and memory regions. Related Links: ISAhttps://r0tbyt3.dev/wiki/content/embedded-systems/architectures/risc-v/privilege-model-and-trap-handling/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/architectures/risc-v/privilege-model-and-trap-handling/Privilege Model and Trap Handling Privilege Model and Trap Handling - the RISC-V privilege levels (Machine, Supervisor, User) and the trap mechanism used to handle exceptions, interrupts, and environment calls across privilege boundaries. Related Links: Platform Interrupt Architecture PMP and Isolationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/privilege-query/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/privilege-query/Privilege Query Privilege Query - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory/privileged-access-management/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory/privileged-access-management/Privileged Access Management Privileged Access Management - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Active Directory Fundamentals Group Administration IAM Policies Identity and Access Management Fundamentals Identity Federation Pass the Hash User Administrationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/process-creation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/process-creation/Process Creation Process Creation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/process-enumeration/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/process-enumeration/Process Enumeration Process Enumeration - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/process-enumeration-via-zwquerysysteminformation-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/process-enumeration-via-zwquerysysteminformation-kernel/Process Enumeration via ZwQuerySystemInformation Kernel Process Enumeration via ZwQuerySystemInformation Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/process-hollowing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/process-hollowing/Process Hollowing Process Hollowing - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/process-hypnosis/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/process-hypnosis/Process Hypnosis Process Hypnosis - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/Process Injection Process Injection - techniques for executing arbitrary code inside the address space of a legitimate process to evade detection and gain privileges. API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Execution Related Links: Beacon Object Files (BOF) C2 and Networking Credential Dumping Malware Concepts Payload and PE Persistence Sleep Obfuscation Windows Internalshttps://r0tbyt3.dev/wiki/content/backend-engineering/system-design/scalability-and-infrastructure/profiling-performance/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/system-design/scalability-and-infrastructure/profiling-performance/Profiling performance Profiling Performance - technique of measuring runtime behavior to identify performance bottlenecks in applications. Related Links: Building for scale Caching Caching Fundamentals Docker Instrumentation and monitoring Kubernetes System Design Fundamentals Telemetryhttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/protecting-evilginx-server-via-caddy/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/aitm-and-mfa-bypass/protecting-evilginx-server-via-caddy/Protecting Evilginx Server via Caddy Protecting Evilginx Server via Caddy - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Adversary in the Middle (AitM) via Evilginx Customizing Evilginx OPSEC Configuration Dynamic Device Code Phishing Evilginx Phishlet Development Evilginx URL Rewriting GitHub Device Code Phishing GitLab Device Code Phishing Illicit Consent Grant Invisible Proxy OPSEC Considerations Manual TOTP Harvesting MFA Bypass Azure AitM Phishing MFA Bypass Building an Invisible Proxy MFA Bypass Building an Invisible Proxy via Cloudflare Workers Microsoft Device Code Phishinghttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/protecting-phishing-servers-via-caddy/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/protecting-phishing-servers-via-caddy/Protecting Phishing Servers via Caddy Protecting Phishing Servers via Caddy - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automate Phishing Infrastructure Ansible Automate Phishing Infrastructure Terraform Database Setup MySQL Deploying Phishing Infrastructure Domain and DNS Configuration Improving Domain Reputation Domain Aging Improving Domain Reputation Domain Categorization Improving Domain Reputation Web Traffic Introduction to Caddy OPSEC Failure Directory Listing Performing Input Validation Protecting Phishing Servers via Mod Rewrite Secure SSH Configuration Securing Server Blocking Direct IP Access Securing Server Removing Verbose Information Securing Server Restrict HTTP Access Securing Server via Cloudflare Serverless Phishing Cloudflare Worker SSL Configuration Comodo SSL SSL Configuration Lets Encrypt Web Server Setup Apache PHP Web Server Setup Nginx Flask Wildcard Certificate via Lets Encrypthttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/protecting-phishing-servers-via-mod-rewrite/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/protecting-phishing-servers-via-mod-rewrite/Protecting Phishing Servers via Mod Rewrite Protecting Phishing Servers via Mod Rewrite - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automate Phishing Infrastructure Ansible Automate Phishing Infrastructure Terraform Database Setup MySQL Deploying Phishing Infrastructure Domain and DNS Configuration Improving Domain Reputation Domain Aging Improving Domain Reputation Domain Categorization Improving Domain Reputation Web Traffic Introduction to Caddy OPSEC Failure Directory Listing Performing Input Validation Protecting Phishing Servers via Caddy Secure SSH Configuration Securing Server Blocking Direct IP Access Securing Server Removing Verbose Information Securing Server Restrict HTTP Access Securing Server via Cloudflare Serverless Phishing Cloudflare Worker SSL Configuration Comodo SSL SSL Configuration Lets Encrypt Web Server Setup Apache PHP Web Server Setup Nginx Flask Wildcard Certificate via Lets Encrypthttps://r0tbyt3.dev/wiki/content/cybersecurity/nginx/protecting-phishing-servers-via-nginx/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/nginx/protecting-phishing-servers-via-nginx/Protecting Phishing Servers via Nginx Protecting Phishing Servers via Nginx - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Introduction to Nginx Capabilities Nginx Demo Reverse Proxying Nginx Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/wireshark/protocol-analysis/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/wireshark/protocol-analysis/Protocol Analysis Protocol Analysis - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Network Forensics with Wireshark Tcpdump Wireshark Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/proxy-execute-ntallocatevirtualmemory-with-timer-apis/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/proxy-execute-ntallocatevirtualmemory-with-timer-apis/Proxy Execute NtAllocateVirtualMemory with Timer APIs Proxy Execute NtAllocateVirtualMemory with Timer APIs - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/proxy-execute-ntallocatevirtualmemory-with-timer-apis-c/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/proxy-execute-ntallocatevirtualmemory-with-timer-apis-c/Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Timer APIs C - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/proxy-execute-ntallocatevirtualmemory-with-work-item-apis/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/proxy-execute-ntallocatevirtualmemory-with-work-item-apis/Proxy Execute NtAllocateVirtualMemory with Work Item APIs Proxy Execute NtAllocateVirtualMemory with Work Item APIs - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/proxy-execute-ntallocatevirtualmemory-with-work-item-apis-c/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/proxy-execute-ntallocatevirtualmemory-with-work-item-apis-c/Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/proxy-execute-ntcreatethreadex-with-work-item-apis/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/proxy-execute-ntcreatethreadex-with-work-item-apis/Proxy Execute NtCreateThreadEx with Work Item APIs Proxy Execute NtCreateThreadEx with Work Item APIs - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/proxy-execute-ntcreatethreadex-with-work-item-apis-c/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/proxy-execute-ntcreatethreadex-with-work-item-apis-c/Proxy Execute NtCreateThreadEx with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/backend-engineering/python/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/python/Python Python - Python language features, tooling, testing, and AI capabilities relevant to backend development. AI and LLMs Language Fundamentals Software Engineering Related Links: Backend Engineering Concurrency Databases Django DSA Security System Design Webhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/python-for-malware-development/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/python-for-malware-development/Python for Malware Development Python for Malware Development - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/python-jail-breaking/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/python-jail-breaking/Python Jail Breaking Python Jail Breaking - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AlwaysInstallElevated Privilege Escalation Check Brute Force vs Password Spraying Windows Check HKCU AlwaysInstallElevated Check HKLM AlwaysInstallElevated DLL Hijacking Elevate Process to SYSTEM Enable SeDebugPrivilege Exploitation Enable WDigest for Credential Capture Jail Breaking Lateral Movement Techniques Living Off the Land (LOTL) Techniques Maintaining Persistence Techniques Move File to Startup Folder Persistence via Startup Folder Privilege Escalation Techniques Registry Kill Switchhttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/quantum-communication-exploits/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/quantum-communication-exploits/Quantum Communication Exploits Quantum Communication Exploits - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Acoustic Communication Exploits Bluetooth Exploits Deauth Evil Twin Attacks Infrared Exploits Near-Field Communication (NFC) Exploits Power Line Communication Exploits Radio Frequency Exploits Rogue Access Point Satellite Communication Exploits Ultrasonic Communication Exploits Visible Light Communication Exploits WiFi Exploitshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-active-directory-site-name-ms-nrpc/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-active-directory-site-name-ms-nrpc/Query Active Directory Site Name MS-NRPC Query Active Directory Site Name MS-NRPC - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-cfg-status/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-cfg-status/Query CFG Status Query CFG Status - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-dns-domain-information-ms-lsad/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-dns-domain-information-ms-lsad/Query DNS Domain Information MS-LSAD Query DNS Domain Information MS-LSAD - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-domain-controller-information-ms-nrpc/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-domain-controller-information-ms-nrpc/Query Domain Controller Information MS-NRPC Query Domain Controller Information MS-NRPC - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-dssp-operation-state-ms-dssp/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-dssp-operation-state-ms-dssp/Query DSSP Operation State MS-DSSP Query DSSP Operation State MS-DSSP - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-dssp-primary-domain-info-ms-dssp/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-dssp-primary-domain-info-ms-dssp/Query DSSP Primary Domain Info MS-DSSP Query DSSP Primary Domain Info MS-DSSP - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-dssp-upgrade-status-ms-dssp/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-dssp-upgrade-status-ms-dssp/Query DSSP Upgrade Status MS-DSSP Query DSSP Upgrade Status MS-DSSP - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/query-extended-service-status/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/query-extended-service-status/Query Extended Service Status Query Extended Service Status - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-extended-service-status-ms-scmr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-extended-service-status-ms-scmr/Query Extended Service Status MS-SCMR Query Extended Service Status MS-SCMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/query-remote-registry-key/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/query-remote-registry-key/Query Remote Registry Key Query Remote Registry Key - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/query-remote-service/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/query-remote-service/Query Remote Service Query Remote Service - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-rpc-runtime-statistics-c706-mgmt/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-rpc-runtime-statistics-c706-mgmt/Query RPC Runtime Statistics C706-MGMT Query RPC Runtime Statistics C706-MGMT - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/query-service-configuration-ms-scmr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/query-service-configuration-ms-scmr/Query Service Configuration MS-SCMR Query Service Configuration MS-SCMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-smb-share-permissions/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-smb-share-permissions/Query SMB Share Permissions Query SMB Share Permissions - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-user-account-control-ms-samr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-user-account-control-ms-samr/Query User Account Control MS-SAMR Query User Account Control MS-SAMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-user-general-info-ms-samr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-user-general-info-ms-samr/Query User General Info MS-SAMR Query User General Info MS-SAMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-user-home-info-ms-samr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-user-home-info-ms-samr/Query User Home Info MS-SAMR Query User Home Info MS-SAMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-user-logon-info-ms-samr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-user-logon-info-ms-samr/Query User Logon Info MS-SAMR Query User Logon Info MS-SAMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-user-parameters-ms-samr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-user-parameters-ms-samr/Query User Parameters MS-SAMR Query User Parameters MS-SAMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-user-preferences-ms-samr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-user-preferences-ms-samr/Query User Preferences MS-SAMR Query User Preferences MS-SAMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-username-info-ms-samr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/query-username-info-ms-samr/Query Username Info MS-SAMR Query Username Info MS-SAMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/backend-engineering/django/querysets-and-managers/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/django/querysets-and-managers/QuerySets and Managers QuerySets and Managers - lazy, chainable query API and custom manager methods for complex database interactions. Related Links: Class-Based Views Custom User Model Deployment Django Admin Django Security Django Testing Forms and Validation Function-Based Views Middleware Migrations ModelForms Models and ORM Permissions and Groups Settings and Configuration Signals Static Files and Media Templates and Template Tags URL Routing User Authenticationhttps://r0tbyt3.dev/wiki/content/backend-engineering/dsa/data-structures/queues/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/dsa/data-structures/queues/Queues Queues - FIFO data structure supporting enqueue and dequeue in O(1), implemented with collections.deque. Related Links: Arrays Binary Search Trees Graphs Hash Tables Heaps Linked Lists Sets Stacks Strings Trees Trieshttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/radio-frequency-exploits/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/radio-frequency-exploits/Radio Frequency Exploits Radio Frequency Exploits - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Acoustic Communication Exploits Bluetooth Exploits Deauth Evil Twin Attacks Infrared Exploits Near-Field Communication (NFC) Exploits Power Line Communication Exploits Quantum Communication Exploits Rogue Access Point Satellite Communication Exploits Ultrasonic Communication Exploits Visible Light Communication Exploits WiFi Exploitshttps://r0tbyt3.dev/wiki/content/backend-engineering/python/ai-and-llms/rags/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/python/ai-and-llms/rags/RAGs RAGs - Retrieval-Augmented Generation combining knowledge retrieval with language model generation. Related Links: Ai in development Embeddings Function calling Structured outputshttps://r0tbyt3.dev/wiki/content/cybersecurity/encryption/random-key-generation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/encryption/random-key-generation/Random Key Generation Random Key Generation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AES Base N Encoder Entropy Reduction Brute Forcing Key Decryption Caesar Cipher Encryption Decryption ChaCha20 Encryption Algorithm Data Encryption Techniques Encryption Fundamentals Generating Encryption Keys Without WinAPI Calls RC4 SystemFunction040 Encryption Decryption XOR Encryption Decryption via Multi-Byte Key XOR Encryption Decryption via Single Bytehttps://r0tbyt3.dev/wiki/content/cybersecurity/ransomware/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/ransomware/Ransomware Ransomware - malware that encrypts victim data and demands payment for decryption keys, studied here from a development and defensive perspective. Automated Ransomware Development Deleting Shadow Copies and System Restore Points File Encryption File Enumeration Legal and Ethical Considerations Ransomware Emulation Ransomware Overview Windows Internals for Ransomware Related Links: Application Security Bash Burp Suite Cryptography Cybersecurity Encryption Firewalls Ghidra Hashing Incident Response and Forensics Information Security Models Linux Operating System Malware Analysis Malware Development Network Security Nginx Nmap Obfuscation and Detection Evasion Offensive Phishing Operations SOC and Detection Engineering Social Engineering Threat Modeling Windows Security and Administration Wiresharkhttps://r0tbyt3.dev/wiki/content/backend-engineering/concurrency/rate-limiting/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/concurrency/rate-limiting/Rate limiting Rate Limiting - controlling the rate of incoming requests to protect services from overload. Related Links: Backpressure Circuit breakers Event-driven architecture Failure modes Graceful degradation Loadshifting Real time data Realtime Server sent events short polling Streaming Throttling Websocketshttps://r0tbyt3.dev/wiki/content/cybersecurity/encryption/rc4/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/encryption/rc4/RC4 RC4 - a stream cipher algorithm and its various implementation approaches for use in offensive security tools. RC4 Decryption Encryption via Custom RC4 Algorithm RC4 Decryption Encryption via NTAPI RC4 Encryption Decryption Related Links: AES Base N Encoder Entropy Reduction Brute Forcing Key Decryption Caesar Cipher Encryption Decryption ChaCha20 Encryption Algorithm Data Encryption Techniques Encryption Fundamentals Generating Encryption Keys Without WinAPI Calls Random Key Generation SystemFunction040 Encryption Decryption XOR Encryption Decryption via Multi-Byte Key XOR Encryption Decryption via Single Bytehttps://r0tbyt3.dev/wiki/content/cybersecurity/encryption/rc4/rc4-decryption-encryption-via-custom-rc4-algorithm/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/encryption/rc4/rc4-decryption-encryption-via-custom-rc4-algorithm/RC4 Decryption Encryption via Custom RC4 Algorithm RC4 Decryption Encryption via Custom RC4 Algorithm - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: RC4 Decryption Encryption via NTAPI RC4 Encryption Decryptionhttps://r0tbyt3.dev/wiki/content/cybersecurity/encryption/rc4/rc4-decryption-encryption-via-ntapi/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/encryption/rc4/rc4-decryption-encryption-via-ntapi/RC4 Decryption Encryption via NTAPI RC4 Decryption Encryption via NTAPI - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: RC4 Decryption Encryption via Custom RC4 Algorithm RC4 Encryption Decryptionhttps://r0tbyt3.dev/wiki/content/cybersecurity/encryption/rc4/rc4-encryption-decryption/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/encryption/rc4/rc4-encryption-decryption/RC4 Encryption Decryption RC4 Encryption Decryption - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: RC4 Decryption Encryption via Custom RC4 Algorithm RC4 Decryption Encryption via NTAPIhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/read-clipboard-data/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/read-clipboard-data/Read Clipboard Data Read Clipboard Data - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/read-process-memory-via-pread/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/read-process-memory-via-pread/Read Process Memory via Pread Read Process Memory via Pread - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/reading-a-file-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/reading-a-file-kernel/Reading a File Kernel Reading a File Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/backend-engineering/concurrency/real-time-data/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/concurrency/real-time-data/Real time data Real-Time Data - data processed and delivered with minimal latency for immediate consumption. Related Links: Backpressure Circuit breakers Event-driven architecture Failure modes Graceful degradation Loadshifting Rate limiting Realtime Server sent events short polling Streaming Throttling Websocketshttps://r0tbyt3.dev/wiki/content/embedded-systems/execution-models/real-time-constraints-latency-and-jitter/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/execution-models/real-time-constraints-latency-and-jitter/Real-Time Constraints, Latency, and Jitter Real-Time Constraints, Latency, and Jitter - timing requirements for embedded systems including deadlines, worst-case execution times, and sources of scheduling variance. Related Links: Cooperative Scheduling Event-Driven and State-Machine Models Failure Recovery Models Hybrid Polling and Interrupt Models Interrupt-Driven Execution ISR-to-Task Communication Patterns Power-Aware Execution Strategies Preemptive RTOS Scheduling Shared-State Synchronization and Concurrency Safety Superloop Task Priorities and Deadline Handlinghttps://r0tbyt3.dev/wiki/content/backend-engineering/concurrency/realtime/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/concurrency/realtime/Realtime Realtime - patterns and technologies for delivering data and events with sub-second latency. Related Links: Backpressure Circuit breakers Event-driven architecture Failure modes Graceful degradation Loadshifting Rate limiting Real time data Server sent events short polling Streaming Throttling Websocketshttps://r0tbyt3.dev/wiki/content/cybersecurity/threat-modeling/reconnaissance-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/threat-modeling/reconnaissance-techniques/Reconnaissance Techniques Reconnaissance Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APT OSINT Supply Chain Attacks Threat Modeling Fundamentals Zero Dayhttps://r0tbyt3.dev/wiki/content/backend-engineering/dsa/algorithms/recursion/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/dsa/algorithms/recursion/Recursion Recursion - technique where a function calls itself to reduce a problem into smaller subproblems until a base case is reached. Related Links: Backtracking Big O Notation Bit Manipulation Divide and Conquer Dynamic Programming Graph Algorithms Greedy Algorithms Searching Sortinghttps://r0tbyt3.dev/wiki/content/backend-engineering/databases/sql/recursive-queries/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/sql/recursive-queries/Recursive queries Recursive Queries - SQL queries using CTEs to traverse hierarchical or tree-structured data. Related Links: Advanced SQL Aggregate queries Common table expressions (CTEs) Dynamic SQL Join queries Pivot and unpivot operations Select, insert, delete, update statements Stored procedures and triggers Subqueries Views Window functionshttps://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-types/redis/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-types/redis/Redis Redis - in-memory data structure store used as a cache, database, and message broker. Related Links: Column dbs Document dbs Elasticsearch Graphdbs Key value Memcached Non-relational databases NoSQL databases Relational databases Search engines Solr Time series dbs Vector databaseshttps://r0tbyt3.dev/wiki/content/backend-engineering/python/software-engineering/refactoring/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/python/software-engineering/refactoring/Refactoring Refactoring - process of restructuring existing code to improve readability without changing behavior. Related Links: Code reviews Documentation generation Functional testing Git Integration testing Unit testinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/reflective-dll-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/reflective-dll-injection/Reflective DLL Injection Reflective DLL Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/embedded-systems/c-language/register-definitions-with-c-structures/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/c-language/register-definitions-with-c-structures/Register Definitions with C Structures Register Definitions with C Structures - use of structs and bitfields to model memory-mapped peripheral register blocks with named field access. Related Links: Accessing Memory-Mapped Registers with Pointers Bitwise Operators and Bit Manipulation Techniques Compiler Optimization Behavior and volatile Fixes Complex const and volatile Combinations Control Flow for Firmware Data Types, Variables, and Storage Class Specifiers Defensive C Patterns for Vulnerability Prevention ELF File Format, Symbols, Sections, and Segments Functions and Modular Firmware Design Pointers and Casting in Embedded C Relocation, Linking, Literal Pools, and Veneers Structures, Bitfields, Unions, and Bit Extraction Toolchain Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/registry-interaction/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/registry-interaction/Registry Interaction Registry Interaction - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/registry-key-interaction/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/registry-key-interaction/Registry Key Interaction Registry Key Interaction - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/registry-kill-switch/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/registry-kill-switch/Registry Kill Switch Registry Kill Switch - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AlwaysInstallElevated Privilege Escalation Check Brute Force vs Password Spraying Windows Check HKCU AlwaysInstallElevated Check HKLM AlwaysInstallElevated DLL Hijacking Elevate Process to SYSTEM Enable SeDebugPrivilege Exploitation Enable WDigest for Credential Capture Jail Breaking Lateral Movement Techniques Living Off the Land (LOTL) Techniques Maintaining Persistence Techniques Move File to Startup Folder Persistence via Startup Folder Privilege Escalation Techniques Python Jail Breakinghttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/registry-modifications/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/registry-modifications/Registry Modifications Registry Modifications - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/reimplementing-injection-via-syscalls/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/reimplementing-injection-via-syscalls/Reimplementing Injection via Syscalls Reimplementing Injection via Syscalls - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-types/relational-databases/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-types/relational-databases/Relational databases Relational Databases - databases organizing data into structured tables with defined relationships between them. Related Links: Column dbs Document dbs Elasticsearch Graphdbs Key value Memcached Non-relational databases NoSQL databases Redis Search engines Solr Time series dbs Vector databaseshttps://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/ci-cd/pipeline-and-delivery/release-strategies/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/ci-cd/pipeline-and-delivery/release-strategies/Release Strategies Release Strategies - blue/green, canary, rolling, and feature-flag deployment techniques for controlled releases. Related Links: CI-CD Fundamentals Deployment Development Phase Requirements and Design Phase Testinghttps://r0tbyt3.dev/wiki/content/embedded-systems/c-language/relocation-linking-literal-pools-and-veneers/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/c-language/relocation-linking-literal-pools-and-veneers/Relocation, Linking, Literal Pools, and Veneers Relocation, Linking, Literal Pools, and Veneers - how the linker resolves symbol references, manages literal pools, and inserts veneers for out-of-range branches. Related Links: Accessing Memory-Mapped Registers with Pointers Bitwise Operators and Bit Manipulation Techniques Compiler Optimization Behavior and volatile Fixes Complex const and volatile Combinations Control Flow for Firmware Data Types, Variables, and Storage Class Specifiers Defensive C Patterns for Vulnerability Prevention ELF File Format, Symbols, Sections, and Segments Functions and Modular Firmware Design Pointers and Casting in Embedded C Register Definitions with C Structures Structures, Bitfields, Unions, and Bit Extraction Toolchain Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/remote-apc-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/remote-apc-injection/Remote APC Injection Remote APC Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/remote-dll-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/remote-dll-injection/Remote DLL Injection Remote DLL Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/remote-function-stomping/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/remote-function-stomping/Remote Function Stomping Remote Function Stomping - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/remote-mapping-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/remote-mapping-injection/Remote Mapping Injection Remote Mapping Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/remote-module-stomping/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/remote-module-stomping/Remote Module Stomping Remote Module Stomping - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/remote-payload-execution/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/remote-payload-execution/Remote Payload Execution Remote Payload Execution - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/remote-payload-execution-via-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/remote-payload-execution-via-injection/Remote Payload Execution via Injection Remote Payload Execution via Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/burp-suite/repeater/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/burp-suite/repeater/Repeater Repeater - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Burp Suite Fundamentals Intercepting Proxy Intruder Scannerhttps://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/ci-cd/pipeline-and-delivery/requirements-and-design-phase/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/ci-cd/pipeline-and-delivery/requirements-and-design-phase/Requirements and Design Phase Requirements and Design Phase - incorporating security and operational requirements into software architecture from the outset. Related Links: CI-CD Fundamentals Deployment Development Phase Release Strategies Testinghttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/resolve-names-to-rids-ms-samr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/resolve-names-to-rids-ms-samr/Resolve Names to RIDs MS-SAMR Resolve Names to RIDs MS-SAMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/resolve-rids-to-names-ms-samr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/resolve-rids-to-names-ms-samr/Resolve RIDs to Names MS-SAMR Resolve RIDs to Names MS-SAMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/backend-engineering/web/apis/rest/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/web/apis/rest/REST REST - architectural style for distributed systems based on stateless client-server communication over HTTP. Related Links: API API Design API styles GraphQL GraphQL Fundamentals GRPC HTTP and API Fundamentals Open API Specification (OAS) REST API Design SOAPhttps://r0tbyt3.dev/wiki/content/backend-engineering/web/apis/rest-api-design/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/web/apis/rest-api-design/REST API Design REST API Design - best practices for designing RESTful APIs including resource naming and HTTP method usage. Related Links: API API Design API styles GraphQL GraphQL Fundamentals GRPC HTTP and API Fundamentals Open API Specification (OAS) REST SOAPhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/retrieve-domain-computers/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/retrieve-domain-computers/Retrieve Domain Computers Retrieve Domain Computers - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/retrieve-domain-groups/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/retrieve-domain-groups/Retrieve Domain Groups Retrieve Domain Groups - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/retrieve-domain-user-descriptions/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/retrieve-domain-user-descriptions/Retrieve Domain User Descriptions Retrieve Domain User Descriptions - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/retrieve-domain-users-with-all-attributes/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/retrieve-domain-users-with-all-attributes/Retrieve Domain Users with All Attributes Retrieve Domain Users with All Attributes - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/retrieve-mac-address-via-netbios/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/retrieve-mac-address-via-netbios/Retrieve MAC Address via NetBIOS Retrieve MAC Address via NetBIOS - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/retrieve-ms-ds-machineaccountquota/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/retrieve-ms-ds-machineaccountquota/Retrieve MS-DS-MachineAccountQuota Retrieve MS-DS-MachineAccountQuota - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/retrieve-private-data-ms-lsad/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/retrieve-private-data-ms-lsad/Retrieve Private Data MS-LSAD Retrieve Private Data MS-LSAD - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve TXT Records RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/retrieve-txt-records/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/retrieve-txt-records/Retrieve TXT Records Retrieve TXT Records - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD RID to SID MS-SAMR Share Enumerationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/retrieving-kernel-version/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/retrieving-kernel-version/Retrieving Kernel Version Retrieving Kernel Version - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/retrieving-process-identifier-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/retrieving-process-identifier-kernel/Retrieving Process Identifier Kernel Retrieving Process Identifier Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/retrieving-process-image-base-address-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/retrieving-process-image-base-address-kernel/Retrieving Process Image Base Address Kernel Retrieving Process Image Base Address Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/retrieving-process-name-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/retrieving-process-name-kernel/Retrieving Process Name Kernel Retrieving Process Name Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/retrieving-process-parent-id-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/retrieving-process-parent-id-kernel/Retrieving Process Parent ID Kernel Retrieving Process Parent ID Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/retrieving-process-session-id-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/retrieving-process-session-id-kernel/Retrieving Process Session ID Kernel Retrieving Process Session ID Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/retrieving-the-address-of-an-unexported-zw-api-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/retrieving-the-address-of-an-unexported-zw-api-kernel/Retrieving the Address of an Unexported ZW API Kernel Retrieving the Address of an Unexported ZW API Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-analysis/reverse-engineering/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-analysis/reverse-engineering/Reverse Engineering Reverse Engineering - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analysis Methods Automated Malware Analysis Maltego Memory Leaks Metasploit Urlvoid Virustotalhttps://r0tbyt3.dev/wiki/content/cybersecurity/ghidra/reverse-engineering-with-ghidra/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/ghidra/reverse-engineering-with-ghidra/Reverse Engineering with Ghidra Reverse Engineering with Ghidra - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ghidra Fundamentals Ghidra Scripting Static Analysis with Ghidrahttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/reverse-shell/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/reverse-shell/Reverse Shell Reverse Shell - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/reverse-shells-overview/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/reverse-shells-overview/Reverse Shells Overview Reverse Shells Overview - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/rid-to-sid-ms-samr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/rid-to-sid-ms-samr/RID to SID MS-SAMR RID to SID MS-SAMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records Share Enumerationhttps://r0tbyt3.dev/wiki/content/embedded-systems/architectures/risc-v/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/architectures/risc-v/RISC-V RISC-V - an open-standard instruction set architecture based on RISC principles, increasingly used in embedded systems for its modularity, extensibility, and royalty-free licensing. Platform Interrupt Architecture PMP and Isolation Privilege Model and Trap Handling Related Links: Arm M-profile Bus Fabrics and On-Chip Interconnects CPU Core Concepts Heterogeneous SoCs and Co-processors Memory Architecture Power and Clock Domain Architecture Single Core vs Multi-Core Architectureshttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/rogue-access-point/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/rogue-access-point/Rogue Access Point Rogue Access Point - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Acoustic Communication Exploits Bluetooth Exploits Deauth Evil Twin Attacks Infrared Exploits Near-Field Communication (NFC) Exploits Power Line Communication Exploits Quantum Communication Exploits Radio Frequency Exploits Satellite Communication Exploits Ultrasonic Communication Exploits Visible Light Communication Exploits WiFi Exploitshttps://r0tbyt3.dev/wiki/content/backend-engineering/security/authorization/role-based-access-control-rbac/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/security/authorization/role-based-access-control-rbac/Role-based access control (RBAC) Role-Based Access Control - authorization model assigning permissions based on user roles within an organization. Related Links: Access control lists (ACLs) Attribute-based access control (ABAC) Capability-based access control OAuth OpenID Connect (OIDC)https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/rootkits/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/rootkits/Rootkits Rootkits - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/rootkits-and-bootkits/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/rootkits-and-bootkits/Rootkits and Bootkits Rootkits and Bootkits - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/rop-hellshall/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/rop-hellshall/ROP Hellshall ROP Hellshall - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/running-jscript-code-in-memory/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/running-jscript-code-in-memory/Running JScript Code in Memory Running JScript Code in Memory - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/runpe/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/runpe/RunPE RunPE - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/embedded-systems/runtime-view/runtime-memory-management/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/runtime-view/runtime-memory-management/Runtime Memory Management Runtime Memory Management - strategies for allocating, using, and freeing memory during firmware execution, including static allocation and heap management. Related Links: Task Scheduling and Context Switchinghttps://r0tbyt3.dev/wiki/content/embedded-systems/runtime-view/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/runtime-view/Runtime View of Embedded Systems Runtime View of Embedded Systems - the perspective of how an embedded system behaves during execution, including the management of resources, task scheduling, and interaction with the hardware. Runtime Memory Management Task Scheduling and Context Switching Related Links: C Language for Embedded Systems Embedded Systems Architectures Embedded Systems Communication Protocols Embedded Systems Execution Models Embedded Systems Exploits Embedded Systems Hardware STM32 Microcontrollershttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/sandbox-evasion-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/sandbox-evasion-techniques/Sandbox Evasion Techniques Sandbox Evasion Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview TLS Callbacks for Anti-Debugging User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/satellite-communication-exploits/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/satellite-communication-exploits/Satellite Communication Exploits Satellite Communication Exploits - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Acoustic Communication Exploits Bluetooth Exploits Deauth Evil Twin Attacks Infrared Exploits Near-Field Communication (NFC) Exploits Power Line Communication Exploits Quantum Communication Exploits Radio Frequency Exploits Rogue Access Point Ultrasonic Communication Exploits Visible Light Communication Exploits WiFi Exploitshttps://r0tbyt3.dev/wiki/content/backend-engineering/system-design/scalability-and-infrastructure/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/system-design/scalability-and-infrastructure/Scalability and Infrastructure Scalability and Infrastructure - principles and tools for building systems that grow reliably under increasing load. Building for scale Caching Caching Fundamentals Docker Instrumentation and monitoring Kubernetes Profiling performance System Design Fundamentals Telemetry Related Links: Architecture Patternshttps://r0tbyt3.dev/wiki/content/cybersecurity/burp-suite/scanner/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/burp-suite/scanner/Scanner Scanner - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Burp Suite Fundamentals Intercepting Proxy Intruder Repeaterhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/scheduled-tasks-and-cron-jobs/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/scheduled-tasks-and-cron-jobs/Scheduled Tasks and Cron Jobs Scheduled Tasks and Cron Jobs - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/screen-capture-to-bmp/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/screen-capture-to-bmp/Screen Capture to BMP Screen Capture to BMP - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Windows DLL Template Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/backend-engineering/security/cryptography/scrypt/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/security/cryptography/scrypt/Scrypt Scrypt - password hashing function designed to be memory-intensive to resist hardware-based attacks. Related Links: Argon2 Bcrypt Hashing algorithms MD5 SHA-1 SHA-256 TLShttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/sdbm-string-hashing-algorithm/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/sdbm-string-hashing-algorithm/SDBM String Hashing Algorithm SDBM String Hashing Algorithm - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/sdbm-string-hashing-algorithm-ascii/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/sdbm-string-hashing-algorithm-ascii/SDBM String Hashing Algorithm ASCII SDBM String Hashing Algorithm ASCII - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/sdbm-string-hashing-syscalls-hash-values-nt/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/sdbm-string-hashing-syscalls-hash-values-nt/SDBM String Hashing Syscalls Hash Values NT SDBM String Hashing Syscalls Hash Values NT - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/sdbm-syscalls-hash-values-zw/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/sdbm-syscalls-hash-values-zw/SDBM Syscalls Hash Values ZW SDBM Syscalls Hash Values ZW - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM WinAPIs Hash Values Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/sdbm-winapis-hash-values/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/sdbm-winapis-hash-values/SDBM WinAPIs Hash Values SDBM WinAPIs Hash Values - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW Self Deletion String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-types/search-engines/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-types/search-engines/Search engines Search Engines - systems designed for full-text search and information retrieval from large datasets. Related Links: Column dbs Document dbs Elasticsearch Graphdbs Key value Memcached Non-relational databases NoSQL databases Redis Relational databases Solr Time series dbs Vector databaseshttps://r0tbyt3.dev/wiki/content/backend-engineering/dsa/algorithms/searching/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/dsa/algorithms/searching/Searching Searching - finding elements using linear O(n) search and binary O(log n) search on sorted collections. Related Links: Backtracking Big O Notation Bit Manipulation Divide and Conquer Dynamic Programming Graph Algorithms Greedy Algorithms Recursion Sortinghttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/secure-coding-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/secure-coding-fundamentals/Secure Coding Fundamentals Secure Coding Fundamentals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Authentication and Authorization Automated Exploit Generation Automated Vulnerability Discovery Common Exploit Frameworks and Tools Injection Attacks OWASP Top 10 Software Vulnerabilities and Exploits Target-Specific Exploitation Web Based Attackshttps://r0tbyt3.dev/wiki/content/cybersecurity/cryptography/secure-communication-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/cryptography/secure-communication-techniques/Secure Communication Techniques Secure Communication Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Cryptographic Algorithms Cryptography Fundamentals Data Anonymization Techniques Data Masking Techniques Steganographyhttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/secure-ssh-configuration/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/secure-ssh-configuration/Secure SSH Configuration Secure SSH Configuration - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automate Phishing Infrastructure Ansible Automate Phishing Infrastructure Terraform Database Setup MySQL Deploying Phishing Infrastructure Domain and DNS Configuration Improving Domain Reputation Domain Aging Improving Domain Reputation Domain Categorization Improving Domain Reputation Web Traffic Introduction to Caddy OPSEC Failure Directory Listing Performing Input Validation Protecting Phishing Servers via Caddy Protecting Phishing Servers via Mod Rewrite Securing Server Blocking Direct IP Access Securing Server Removing Verbose Information Securing Server Restrict HTTP Access Securing Server via Cloudflare Serverless Phishing Cloudflare Worker SSL Configuration Comodo SSL SSL Configuration Lets Encrypt Web Server Setup Apache PHP Web Server Setup Nginx Flask Wildcard Certificate via Lets Encrypthttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/securing-server-blocking-direct-ip-access/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/securing-server-blocking-direct-ip-access/Securing Server Blocking Direct IP Access Securing Server Blocking Direct IP Access - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automate Phishing Infrastructure Ansible Automate Phishing Infrastructure Terraform Database Setup MySQL Deploying Phishing Infrastructure Domain and DNS Configuration Improving Domain Reputation Domain Aging Improving Domain Reputation Domain Categorization Improving Domain Reputation Web Traffic Introduction to Caddy OPSEC Failure Directory Listing Performing Input Validation Protecting Phishing Servers via Caddy Protecting Phishing Servers via Mod Rewrite Secure SSH Configuration Securing Server Removing Verbose Information Securing Server Restrict HTTP Access Securing Server via Cloudflare Serverless Phishing Cloudflare Worker SSL Configuration Comodo SSL SSL Configuration Lets Encrypt Web Server Setup Apache PHP Web Server Setup Nginx Flask Wildcard Certificate via Lets Encrypthttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/securing-server-removing-verbose-information/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/securing-server-removing-verbose-information/Securing Server Removing Verbose Information Securing Server Removing Verbose Information - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automate Phishing Infrastructure Ansible Automate Phishing Infrastructure Terraform Database Setup MySQL Deploying Phishing Infrastructure Domain and DNS Configuration Improving Domain Reputation Domain Aging Improving Domain Reputation Domain Categorization Improving Domain Reputation Web Traffic Introduction to Caddy OPSEC Failure Directory Listing Performing Input Validation Protecting Phishing Servers via Caddy Protecting Phishing Servers via Mod Rewrite Secure SSH Configuration Securing Server Blocking Direct IP Access Securing Server Restrict HTTP Access Securing Server via Cloudflare Serverless Phishing Cloudflare Worker SSL Configuration Comodo SSL SSL Configuration Lets Encrypt Web Server Setup Apache PHP Web Server Setup Nginx Flask Wildcard Certificate via Lets Encrypthttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/securing-server-restrict-http-access/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/securing-server-restrict-http-access/Securing Server Restrict HTTP Access Securing Server Restrict HTTP Access - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automate Phishing Infrastructure Ansible Automate Phishing Infrastructure Terraform Database Setup MySQL Deploying Phishing Infrastructure Domain and DNS Configuration Improving Domain Reputation Domain Aging Improving Domain Reputation Domain Categorization Improving Domain Reputation Web Traffic Introduction to Caddy OPSEC Failure Directory Listing Performing Input Validation Protecting Phishing Servers via Caddy Protecting Phishing Servers via Mod Rewrite Secure SSH Configuration Securing Server Blocking Direct IP Access Securing Server Removing Verbose Information Securing Server via Cloudflare Serverless Phishing Cloudflare Worker SSL Configuration Comodo SSL SSL Configuration Lets Encrypt Web Server Setup Apache PHP Web Server Setup Nginx Flask Wildcard Certificate via Lets Encrypthttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/securing-server-via-cloudflare/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/securing-server-via-cloudflare/Securing Server via Cloudflare Securing Server via Cloudflare - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automate Phishing Infrastructure Ansible Automate Phishing Infrastructure Terraform Database Setup MySQL Deploying Phishing Infrastructure Domain and DNS Configuration Improving Domain Reputation Domain Aging Improving Domain Reputation Domain Categorization Improving Domain Reputation Web Traffic Introduction to Caddy OPSEC Failure Directory Listing Performing Input Validation Protecting Phishing Servers via Caddy Protecting Phishing Servers via Mod Rewrite Secure SSH Configuration Securing Server Blocking Direct IP Access Securing Server Removing Verbose Information Securing Server Restrict HTTP Access Serverless Phishing Cloudflare Worker SSL Configuration Comodo SSL SSL Configuration Lets Encrypt Web Server Setup Apache PHP Web Server Setup Nginx Flask Wildcard Certificate via Lets Encrypthttps://r0tbyt3.dev/wiki/content/backend-engineering/security/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/security/Security Security - authentication, authorization, cryptography, and security best practices for backend systems. Authentication Authorization Cryptography Web Security Related Links: Backend Engineering Concurrency Databases Django DSA Python System Design Webhttps://r0tbyt3.dev/wiki/content/backend-engineering/databases/sql/select-insert-delete-update-statements/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/sql/select-insert-delete-update-statements/Select, insert, delete, update statements Select, Insert, Delete, Update Statements - core DML statements for reading and modifying database data. Related Links: Advanced SQL Aggregate queries Common table expressions (CTEs) Dynamic SQL Join queries Pivot and unpivot operations Recursive queries Stored procedures and triggers Subqueries Views Window functionshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/self-deletion/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/self-deletion/Self Deletion Self Deletion - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values String Hashing String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/covering-tracks/self-deletion-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/covering-tracks/self-deletion-techniques/Self-Deletion Techniques Self-Deletion Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Forensic Techniques Covering Tracks Techniques Data Destruction Techniques File Time Stomping Log Tampering Techniques Shadow Copy Deletion Timestomping Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/send-keystrokes-to-remote-server/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/send-keystrokes-to-remote-server/Send Keystrokes to Remote Server Send Keystrokes to Remote Server - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/embedded-systems/hardware/sensors-actuators-and-driver-components/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/hardware/sensors-actuators-and-driver-components/Sensors, Actuators, and Driver Components Sensors, Actuators, and Driver Components - input transducers, output actuators, and the driver circuits that interface them to a microcontroller. Related Links: Board Bring-Up and Hardware Validation Cables, Connectors, and Physical Interfaces Clocking and Reset Circuits Debug and Programming Hardware Digital and Analog Peripherals Memory Hardware Microcontrollers and Selection Criteria Power Regulation and Conversion Power Sources and Power Budgeting Signal Integrity, Protection, and Level Shiftinghttps://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/infrastructure-as-code/server-administration/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/infrastructure-as-code/server-administration/Server Administration Server Administration - administering and hardening Linux and Windows servers in cloud and on-premises environments. Firewall Configuration Linux Security and Hardening Linux Server Administration SSH Windows Security and Hardening Windows Server Administration Related Links: IaC Toolshttps://r0tbyt3.dev/wiki/content/backend-engineering/security/web-security/server-security/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/security/web-security/server-security/Server security Server Security - practices and configurations for protecting servers from unauthorized access and exploits. Related Links: API security best practices Container security best practices CORS CSP Mitigation techniques OWASP riskshttps://r0tbyt3.dev/wiki/content/backend-engineering/concurrency/server-sent-events/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/concurrency/server-sent-events/Server sent events Server-Sent Events - protocol for servers to push real-time updates to clients over HTTP. Related Links: Backpressure Circuit breakers Event-driven architecture Failure modes Graceful degradation Loadshifting Rate limiting Real time data Realtime short polling Streaming Throttling Websocketshttps://r0tbyt3.dev/wiki/content/backend-engineering/system-design/architecture-patterns/serverless/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/system-design/architecture-patterns/serverless/Serverless Serverless - cloud execution model where developers write functions without managing underlying infrastructure. Related Links: Architectural patterns Backend Architecture Microservices Monolith Monolith vs Microservices Serverless computing Service mesh architecture Service meshes Service-oriented architecture (SOA) Twelve-factor apphttps://r0tbyt3.dev/wiki/content/backend-engineering/system-design/architecture-patterns/serverless-computing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/system-design/architecture-patterns/serverless-computing/Serverless computing Serverless Computing - execution model where cloud providers dynamically manage server allocation per request. Related Links: Architectural patterns Backend Architecture Microservices Monolith Monolith vs Microservices Serverless Service mesh architecture Service meshes Service-oriented architecture (SOA) Twelve-factor apphttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/serverless-phishing-cloudflare-worker/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/serverless-phishing-cloudflare-worker/Serverless Phishing Cloudflare Worker Serverless Phishing Cloudflare Worker - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automate Phishing Infrastructure Ansible Automate Phishing Infrastructure Terraform Database Setup MySQL Deploying Phishing Infrastructure Domain and DNS Configuration Improving Domain Reputation Domain Aging Improving Domain Reputation Domain Categorization Improving Domain Reputation Web Traffic Introduction to Caddy OPSEC Failure Directory Listing Performing Input Validation Protecting Phishing Servers via Caddy Protecting Phishing Servers via Mod Rewrite Secure SSH Configuration Securing Server Blocking Direct IP Access Securing Server Removing Verbose Information Securing Server Restrict HTTP Access Securing Server via Cloudflare SSL Configuration Comodo SSL SSL Configuration Lets Encrypt Web Server Setup Apache PHP Web Server Setup Nginx Flask Wildcard Certificate via Lets Encrypthttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/service-control-manager-interaction/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/service-control-manager-interaction/Service Control Manager Interaction Service Control Manager Interaction - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/service-creation-and-manipulation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/service-creation-and-manipulation/Service Creation and Manipulation Service Creation and Manipulation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/nmap/service-detection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/nmap/service-detection/Service Detection Service Detection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Nmap Fundamentals Nmap NSE Scripts Port Scanning Techniqueshttps://r0tbyt3.dev/wiki/content/backend-engineering/system-design/architecture-patterns/service-mesh-architecture/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/system-design/architecture-patterns/service-mesh-architecture/Service mesh architecture Service Mesh Architecture - infrastructure layer managing service-to-service communication in microservice deployments. Related Links: Architectural patterns Backend Architecture Microservices Monolith Monolith vs Microservices Serverless Serverless computing Service meshes Service-oriented architecture (SOA) Twelve-factor apphttps://r0tbyt3.dev/wiki/content/backend-engineering/system-design/architecture-patterns/service-meshes/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/system-design/architecture-patterns/service-meshes/Service meshes Service Meshes - dedicated infrastructure layer handling network communication between microservices. Related Links: Architectural patterns Backend Architecture Microservices Monolith Monolith vs Microservices Serverless Serverless computing Service mesh architecture Service-oriented architecture (SOA) Twelve-factor apphttps://r0tbyt3.dev/wiki/content/backend-engineering/system-design/architecture-patterns/service-oriented-architecture-soa/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/system-design/architecture-patterns/service-oriented-architecture-soa/Service-oriented architecture (SOA) Service-Oriented Architecture - design pattern organizing software as a collection of interoperable loosely coupled services. Related Links: Architectural patterns Backend Architecture Microservices Monolith Monolith vs Microservices Serverless Serverless computing Service mesh architecture Service meshes Twelve-factor apphttps://r0tbyt3.dev/wiki/content/backend-engineering/security/authentication/session-and-token-security/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/security/authentication/session-and-token-security/Session and Token Security Session and Token Security - best practices for securely managing user sessions and authentication tokens. Related Links: Authentication and Authorization AuthN vs AuthZ Multi-factor authentication (MFA) Password-based authentication Token-based authenticationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/set-privilege-via-adjusttokenprivileges/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/set-privilege-via-adjusttokenprivileges/Set Privilege via AdjustTokenPrivileges Set Privilege via AdjustTokenPrivileges - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/set-privilege-via-rtladjustprivilege/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/set-privilege-via-rtladjustprivilege/Set Privilege via RtlAdjustPrivilege Set Privilege via RtlAdjustPrivilege - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges SMB Pass the Hash Token Impersonation Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/backend-engineering/dsa/data-structures/sets/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/dsa/data-structures/sets/Sets Sets - unordered collections of unique elements with O(1) average membership testing using Python’s built-in set. Related Links: Arrays Binary Search Trees Graphs Hash Tables Heaps Linked Lists Queues Stacks Strings Trees Trieshttps://r0tbyt3.dev/wiki/content/backend-engineering/django/settings-and-configuration/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/django/settings-and-configuration/Settings and Configuration Settings and Configuration - managing Django settings across environments using environment variables and split config files. Related Links: Class-Based Views Custom User Model Deployment Django Admin Django Security Django Testing Forms and Validation Function-Based Views Middleware Migrations ModelForms Models and ORM Permissions and Groups QuerySets and Managers Signals Static Files and Media Templates and Template Tags URL Routing User Authenticationhttps://r0tbyt3.dev/wiki/content/backend-engineering/security/cryptography/sha-1/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/security/cryptography/sha-1/SHA-1 SHA-1 - cryptographic hash function producing a 160-bit digest, deprecated due to collision vulnerabilities. Related Links: Argon2 Bcrypt Hashing algorithms MD5 Scrypt SHA-256 TLShttps://r0tbyt3.dev/wiki/content/backend-engineering/security/cryptography/sha-256/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/security/cryptography/sha-256/SHA-256 SHA-256 - secure hash algorithm producing a 256-bit digest, widely used for data integrity and signatures. Related Links: Argon2 Bcrypt Hashing algorithms MD5 Scrypt SHA-1 TLShttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/covering-tracks/shadow-copy-deletion/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/covering-tracks/shadow-copy-deletion/Shadow Copy Deletion Shadow Copy Deletion - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Forensic Techniques Covering Tracks Techniques Data Destruction Techniques File Time Stomping Log Tampering Techniques Self-Deletion Techniques Timestomping Techniqueshttps://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-performance/sharding/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-performance/sharding/Sharding Sharding - horizontal database partitioning distributing data across multiple servers for scale. Related Links: Data replication Database index Database scaling Indexes and performance optimization Indexing and Query Performance N+1 query problem Performance tuning and query optimizationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/share-enumeration/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory-enumeration/share-enumeration/Share Enumeration Share Enumeration - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anonymous SMB Login Bind to ATSVC via Named Pipe Bind to BKRP via Named Pipe Bind to EPM via Named Pipe Bind to LSAD via Named Pipe Bind to LSAT via Named Pipe Bind to NRPC via Named Pipe Bind to RPRN via Named Pipe Bind to RRP via Named Pipe Bind to SAMR via Named Pipe Bind to SCMR via Named Pipe Bind to SRVS via Named Pipe Bind to WKST via Named Pipe Check If RPC Server Is Listening C706 Mgmt Connect to SAMR Server MS-SAMR Create a Group MS-SAMR Delete a Group MS-SAMR Domain Join Check Enumerate A Domain Groups Members Enumerate Accounts with Password Never Expiring Enumerate Aliases MS-SAMR Enumerate All Groups in the Domain Enumerate AS-REP Roastable Accounts Enumerate Connections MS-SRVS Enumerate Disabled User Accounts Enumerate Domain Admins Members Enumerate Domain Computers by Keyword Enumerate Domains MS-SAMR Enumerate Electron Fuses Enumerate Group Policy Objects (GPOs) Enumerate Groups MS-SAMR Enumerate Locked Out User Accounts Enumerate Logged On Users Level 0 MS-WKST Enumerate Logged On Users Level 1 MS-WKST Enumerate LSAD Accounts MS-LSAD Enumerate Must Change Password Accounts Enumerate NetBIOS Names Enumerate Organizational Units (OUs) Enumerate Process Memory Maps Enumerate Protected Admin Users Enumerate Remote Host Enumerate RPC Interfaces C706-MGMT Enumerate System Privileges MS-LSAD Enumerate User Service Accounts SPN Enumerate UserPassword Attribute Enumerate Users MS-SAMR Enumerate Users Requiring Smartcard for Logon Enumerate Users Who Never Logged In Enumerate Users with Password Never Expiring Enumerate Users with Password Not Required Enumerate Users with Reversible Encryption Enabled Enumerate Workstation Transports Level 0 MS-WKST Get Current LSA User MS-LSAT Get Domain SID MS-SAMR Get Service Display Name MS-SCMR Get Username Get Workstation Info Level 100 MS-WKST Get Workstation Info Level 101 MS-WKST Get Workstation Info Level 102 MS-WKST LDAP Query Lookup Privilege Value MS-LSAD MS-RPRN Abuse Open a Domain MS-SAMR Open a Group MS-SAMR Open a User Account MS-SAMR Open an Alias MS-SAMR Open LSAD Policy Handle MS-LSAD Process Enumeration Query Active Directory Site Name MS-NRPC Query CFG Status Query DNS Domain Information MS-LSAD Query Domain Controller Information MS-NRPC Query DSSP Operation State MS-DSSP Query DSSP Primary Domain Info MS-DSSP Query DSSP Upgrade Status MS-DSSP Query Extended Service Status MS-SCMR Query RPC Runtime Statistics C706-MGMT Query SMB Share Permissions Query User Account Control MS-SAMR Query User General Info MS-SAMR Query User Home Info MS-SAMR Query User Logon Info MS-SAMR Query User Parameters MS-SAMR Query User Preferences MS-SAMR Query Username Info MS-SAMR Resolve Names to RIDs MS-SAMR Resolve RIDs to Names MS-SAMR Retrieve Domain Computers Retrieve Domain Groups Retrieve Domain User Descriptions Retrieve Domain Users with All Attributes Retrieve MAC Address via NetBIOS Retrieve MS-DS-MachineAccountQuota Retrieve Private Data MS-LSAD Retrieve TXT Records RID to SID MS-SAMRhttps://r0tbyt3.dev/wiki/content/embedded-systems/execution-models/shared-state-synchronization-and-concurrency-safety/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/execution-models/shared-state-synchronization-and-concurrency-safety/Shared-State Synchronization and Concurrency Safety Shared-State Synchronization and Concurrency Safety - techniques for safely sharing data between tasks or ISRs, including atomic operations, mutexes, and critical sections. Related Links: Cooperative Scheduling Event-Driven and State-Machine Models Failure Recovery Models Hybrid Polling and Interrupt Models Interrupt-Driven Execution ISR-to-Task Communication Patterns Power-Aware Execution Strategies Preemptive RTOS Scheduling Real-Time Constraints, Latency, and Jitter Superloop Task Priorities and Deadline Handlinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/shell-execution/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/shell-execution/Shell Execution Shell Execution - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/shellcode-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/shellcode-injection/Shellcode Injection Shellcode Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/shellcode-injection-via-zwcreatethreadex-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/shellcode-injection-via-zwcreatethreadex-kernel/Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Injection via ZwCreateThreadEx Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/shellcode-injection-via-zwcreatethreadex-kernel-internals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/shellcode-injection-via-zwcreatethreadex-kernel-internals/Shellcode Injection via ZwCreateThreadEx Kernel Internals Shellcode Injection via ZwCreateThreadEx Kernel Internals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/shellcode-reflective-dll-injection-srdi/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/shellcode-reflective-dll-injection-srdi/Shellcode Reflective DLL Injection (sRDI) Shellcode Reflective DLL Injection (sRDI) - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/shellcode-reflective-dll-injection-srdi-technique/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/shellcode-reflective-dll-injection-srdi-technique/Shellcode Reflective DLL Injection (sRDI) Technique Shellcode Reflective DLL Injection (sRDI) Technique - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Thread Hijacking Kernel Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/shellcoding-a-reverse-shell/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/shellcoding-a-reverse-shell/Shellcoding a Reverse Shell Shellcoding a Reverse Shell - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/shellcoding-stager-local-inject/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/shellcoding-stager-local-inject/Shellcoding Stager Local Inject Shellcoding Stager Local Inject - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/shellcoding-stager-remote-inject/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/shellcoding-stager-remote-inject/Shellcoding Stager Remote Inject Shellcoding Stager Remote Inject - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/ci-cd/devsecops/shift-left-security/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/ci-cd/devsecops/shift-left-security/Shift Left Security Shift Left Security - embedding security checks early in development and CI/CD to catch vulnerabilities before production. Related Links: API Security Arachni Dynamic application security testing (DAST) Nikto Pipeline Security Software composition analysis (SCA) Static application security testing (SAST) W3afhttps://r0tbyt3.dev/wiki/content/backend-engineering/concurrency/short-polling/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/concurrency/short-polling/short polling Short Polling - technique where clients repeatedly request updates from a server at fixed intervals. Related Links: Backpressure Circuit breakers Event-driven architecture Failure modes Graceful degradation Loadshifting Rate limiting Real time data Realtime Server sent events Streaming Throttling Websocketshttps://r0tbyt3.dev/wiki/content/embedded-systems/exploits/side-channel-attacks/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/exploits/side-channel-attacks/Side-Channel Attacks Side-Channel Attacks - exploitation of information leaked through power consumption, electromagnetic emissions, timing variations, or other physical side channels. Related Links: Buffer Overflow Firmware Exploitation Network Attacks Physical Attackshttps://r0tbyt3.dev/wiki/content/cybersecurity/soc-and-detection-engineering/siem-and-tools/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/soc-and-detection-engineering/siem-and-tools/SIEM and Tools SIEM and Tools - security information and event management platforms and supporting tools used for log aggregation, correlation, and alerting. Hayabusa Maltego SIEM Fundamentals Splunk Related Links: Detection Engineering Endpoint Security SOC Honeypots Threat Hunting Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/soc-and-detection-engineering/siem-and-tools/siem-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/soc-and-detection-engineering/siem-and-tools/siem-fundamentals/SIEM Fundamentals SIEM Fundamentals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Hayabusa Maltego Splunkhttps://r0tbyt3.dev/wiki/content/embedded-systems/hardware/signal-integrity-protection-and-level-shifting/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/hardware/signal-integrity-protection-and-level-shifting/Signal Integrity, Protection, and Level Shifting Signal Integrity, Protection, and Level Shifting - techniques for maintaining clean signal transmission and protecting circuits from voltage mismatches, ESD, and noise. Related Links: Board Bring-Up and Hardware Validation Cables, Connectors, and Physical Interfaces Clocking and Reset Circuits Debug and Programming Hardware Digital and Analog Peripherals Memory Hardware Microcontrollers and Selection Criteria Power Regulation and Conversion Power Sources and Power Budgeting Sensors, Actuators, and Driver Componentshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/signalobjectandwait-alertable-function/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/signalobjectandwait-alertable-function/SignalObjectAndWait Alertable Function SignalObjectAndWait Alertable Function - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/backend-engineering/django/signals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/django/signals/Signals Signals - Django’s observer pattern allowing decoupled components to respond to model events like pre_save and post_save. Related Links: Class-Based Views Custom User Model Deployment Django Admin Django Security Django Testing Forms and Validation Function-Based Views Middleware Migrations ModelForms Models and ORM Permissions and Groups QuerySets and Managers Settings and Configuration Static Files and Media Templates and Template Tags URL Routing User Authenticationhttps://r0tbyt3.dev/wiki/content/embedded-systems/architectures/single-core-vs-multi-core-architectures/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/architectures/single-core-vs-multi-core-architectures/Single Core vs Multi-Core Architectures Single Core vs Multi-Core Architectures - comparison of single-processor and multi-processor embedded designs, including trade-offs in complexity, power, real-time behavior, and inter-core communication. Related Links: Arm M-profile Bus Fabrics and On-Chip Interconnects CPU Core Concepts Heterogeneous SoCs and Co-processors Memory Architecture Power and Clock Domain Architecture RISC-Vhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/sleep-obfuscation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/sleep-obfuscation/Sleep Obfuscation Sleep Obfuscation - techniques that encrypt or hide implant code in memory during beacon sleep intervals to evade memory scanning. Ekko Sleep Obfuscation with Control Flow Guard Ekko Sleep Obfuscation with Restored File Section Protections Ekko Sleep Obfuscation with RtlEncryptMemory and RtlDecryptMemory Ekko Sleep Obfuscation with Stack Spoofing Heap Encryption with Ekko Sleep Obfuscation Introduction to Ekko Sleep Obfuscation Introduction to Foliage Sleep Obfuscation Introduction to Sleep Obfuscation PEfluctuation Zilean Sleep Obfuscation with Stack Duplication Related Links: Beacon Object Files (BOF) C2 and Networking Credential Dumping Malware Concepts Payload and PE Persistence Process Injection Windows Internalshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/sleepex-alertable-function/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/sleepex-alertable-function/SleepEx Alertable Function SleepEx Alertable Function - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/observability-and-sre/sli-slo-sla/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/observability-and-sre/sli-slo-sla/SLI SLO SLA SLI SLO SLA - defining service reliability targets through indicators, objectives, agreements, and error budgets. Related Links: Incident Management for SRE Monitoring and Observability Monitoring Tools Observability Fundamentalshttps://r0tbyt3.dev/wiki/content/backend-engineering/dsa/patterns/sliding-window/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/dsa/patterns/sliding-window/Sliding Window Sliding Window - maintaining a variable or fixed-size subarray window to solve substring and subarray problems in O(n). Related Links: BFS Pattern Binary Search Pattern DFS Pattern Fast and Slow Pointers Merge Intervals Monotonic Stack Top K Elements Two Pointers Union Findhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/smb-pass-the-hash/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/smb-pass-the-hash/SMB Pass the Hash SMB Pass the Hash - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege Token Impersonation Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/backend-engineering/web/apis/soap/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/web/apis/soap/SOAP SOAP - XML-based messaging protocol for exchanging structured information in web services. Related Links: API API Design API styles GraphQL GraphQL Fundamentals GRPC HTTP and API Fundamentals Open API Specification (OAS) REST REST API Designhttps://r0tbyt3.dev/wiki/content/cybersecurity/soc-and-detection-engineering/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/soc-and-detection-engineering/SOC and Detection Engineering SOC and Detection Engineering - the processes and tools used by security operations centers to monitor, detect, triage, and respond to cyber threats. Detection Engineering Endpoint Security SIEM and Tools SOC Honeypots Threat Hunting Techniques Related Links: Application Security Bash Burp Suite Cryptography Cybersecurity Encryption Firewalls Ghidra Hashing Incident Response and Forensics Information Security Models Linux Operating System Malware Analysis Malware Development Network Security Nginx Nmap Obfuscation and Detection Evasion Offensive Phishing Operations Ransomware Social Engineering Threat Modeling Windows Security and Administration Wiresharkhttps://r0tbyt3.dev/wiki/content/cybersecurity/soc-and-detection-engineering/soc-honeypots/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/soc-and-detection-engineering/soc-honeypots/SOC Honeypots SOC Honeypots - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Detection Engineering Endpoint Security SIEM and Tools Threat Hunting Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/Social Engineering Social Engineering - the use of psychological manipulation to deceive individuals into divulging confidential information or performing actions that compromise security. Automated Social Engineering Techniques Automated Spear Phishing Email Generation Digital Social Engineering Physical Social Engineering Social Engineering Fundamentals Social Engineering Techniques Related Links: Application Security Bash Burp Suite Cryptography Cybersecurity Encryption Firewalls Ghidra Hashing Incident Response and Forensics Information Security Models Linux Operating System Malware Analysis Malware Development Network Security Nginx Nmap Obfuscation and Detection Evasion Offensive Phishing Operations Ransomware SOC and Detection Engineering Threat Modeling Windows Security and Administration Wiresharkhttps://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/social-engineering-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/social-engineering-fundamentals/Social Engineering Fundamentals Social Engineering Fundamentals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automated Social Engineering Techniques Automated Spear Phishing Email Generation Digital Social Engineering Physical Social Engineering Social Engineering Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/social-engineering-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/social-engineering-techniques/Social Engineering Techniques Social Engineering Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automated Social Engineering Techniques Automated Spear Phishing Email Generation Digital Social Engineering Physical Social Engineering Social Engineering Fundamentalshttps://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/ci-cd/devsecops/software-composition-analysis-sca/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/ci-cd/devsecops/software-composition-analysis-sca/Software composition analysis (SCA) SCA - identifying open-source dependencies and known vulnerabilities in application code and third-party libraries. Related Links: API Security Arachni Dynamic application security testing (DAST) Nikto Pipeline Security Shift Left Security Static application security testing (SAST) W3afhttps://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/ci-cd/devops-fundamentals/software-delivery-models/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/ci-cd/devops-fundamentals/software-delivery-models/Software Delivery Models Software Delivery Models - comparison of waterfall, agile, and DevOps delivery approaches and their trade-offs. Related Links: Agile and Scrum DevOps and DevSecOps Fundamentals Phases of DevOps Waterfall vs Agile vs DevOpshttps://r0tbyt3.dev/wiki/content/backend-engineering/python/software-engineering/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/python/software-engineering/Software Engineering Software Engineering - practices for writing maintainable, testable, and well-documented Python code. Code reviews Documentation generation Functional testing Git Integration testing Refactoring Unit testing Related Links: AI and LLMs Language Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/software-vulnerabilities-and-exploits/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/software-vulnerabilities-and-exploits/Software Vulnerabilities and Exploits Software Vulnerabilities and Exploits - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Authentication and Authorization Automated Exploit Generation Automated Vulnerability Discovery Common Exploit Frameworks and Tools Injection Attacks OWASP Top 10 Secure Coding Fundamentals Target-Specific Exploitation Web Based Attackshttps://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-types/solr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-types/solr/Solr Solr - open-source enterprise search platform built on Apache Lucene. Related Links: Column dbs Document dbs Elasticsearch Graphdbs Key value Memcached Non-relational databases NoSQL databases Redis Relational databases Search engines Time series dbs Vector databaseshttps://r0tbyt3.dev/wiki/content/backend-engineering/dsa/algorithms/sorting/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/dsa/algorithms/sorting/Sorting Sorting - ordering algorithms from O(n²) bubble and insertion sort to O(n log n) merge sort and quicksort in Python. Related Links: Backtracking Big O Notation Bit Manipulation Divide and Conquer Dynamic Programming Graph Algorithms Greedy Algorithms Recursion Searchinghttps://r0tbyt3.dev/wiki/content/embedded-systems/communication-protocols/spi/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/communication-protocols/spi/SPI SPI - high-speed, full-duplex serial protocol for communicating with peripherals using dedicated clock, MOSI, MISO, and chip-select lines. Related Links: CAN Bus I2C Monodon Firmware UARThttps://r0tbyt3.dev/wiki/content/cybersecurity/soc-and-detection-engineering/siem-and-tools/splunk/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/soc-and-detection-engineering/siem-and-tools/splunk/Splunk Splunk - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Hayabusa Maltego SIEM Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-attacks/spoofing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-attacks/spoofing/Spoofing Spoofing - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: DNS Poisoning MITM Network Attacks Overview Packet Sniffing Exploits VLAN Hopping VMescape Exploitshttps://r0tbyt3.dev/wiki/content/backend-engineering/databases/sql/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/sql/SQL SQL - Structured Query Language for defining, querying, and manipulating relational database data. Advanced SQL Aggregate queries Common table expressions (CTEs) Dynamic SQL Join queries Pivot and unpivot operations Recursive queries Select, insert, delete, update statements Stored procedures and triggers Subqueries Views Window functions Related Links: Database Fundamentals Database Performance Database Typeshttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/injection-attacks/sql-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/injection-attacks/sql-injection/SQL Injection SQL Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Buffer Overflows CSRF Directory Traversal Timing Attacks XSShttps://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/infrastructure-as-code/server-administration/ssh/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/infrastructure-as-code/server-administration/ssh/SSH SSH - Secure Shell protocol for encrypted remote server access, key-based authentication, and secure tunneling. Related Links: Firewall Configuration Linux Security and Hardening Linux Server Administration Windows Security and Hardening Windows Server Administrationhttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/ssl-configuration-comodo-ssl/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/ssl-configuration-comodo-ssl/SSL Configuration Comodo SSL SSL Configuration Comodo SSL - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automate Phishing Infrastructure Ansible Automate Phishing Infrastructure Terraform Database Setup MySQL Deploying Phishing Infrastructure Domain and DNS Configuration Improving Domain Reputation Domain Aging Improving Domain Reputation Domain Categorization Improving Domain Reputation Web Traffic Introduction to Caddy OPSEC Failure Directory Listing Performing Input Validation Protecting Phishing Servers via Caddy Protecting Phishing Servers via Mod Rewrite Secure SSH Configuration Securing Server Blocking Direct IP Access Securing Server Removing Verbose Information Securing Server Restrict HTTP Access Securing Server via Cloudflare Serverless Phishing Cloudflare Worker SSL Configuration Lets Encrypt Web Server Setup Apache PHP Web Server Setup Nginx Flask Wildcard Certificate via Lets Encrypthttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/ssl-configuration-lets-encrypt/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/ssl-configuration-lets-encrypt/SSL Configuration Lets Encrypt SSL Configuration Lets Encrypt - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automate Phishing Infrastructure Ansible Automate Phishing Infrastructure Terraform Database Setup MySQL Deploying Phishing Infrastructure Domain and DNS Configuration Improving Domain Reputation Domain Aging Improving Domain Reputation Domain Categorization Improving Domain Reputation Web Traffic Introduction to Caddy OPSEC Failure Directory Listing Performing Input Validation Protecting Phishing Servers via Caddy Protecting Phishing Servers via Mod Rewrite Secure SSH Configuration Securing Server Blocking Direct IP Access Securing Server Removing Verbose Information Securing Server Restrict HTTP Access Securing Server via Cloudflare Serverless Phishing Cloudflare Worker SSL Configuration Comodo SSL Web Server Setup Apache PHP Web Server Setup Nginx Flask Wildcard Certificate via Lets Encrypthttps://r0tbyt3.dev/wiki/content/backend-engineering/dsa/data-structures/stacks/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/dsa/data-structures/stacks/Stacks Stacks - LIFO data structure supporting push and pop in O(1), implemented with Python lists or collections.deque. Related Links: Arrays Binary Search Trees Graphs Hash Tables Heaps Linked Lists Queues Sets Strings Trees Trieshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/stage-early-bird-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/stage-early-bird-injection/Stage Early Bird Injection Stage Early Bird Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/start-a-service-ms-scmr/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/start-a-service-ms-scmr/Start a Service MS-SCMR Start a Service MS-SCMR - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/start-local-remote-service/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/start-local-remote-service/Start Local Remote Service Start Local Remote Service - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/start-remote-registry/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/start-remote-registry/Start Remote Registry Start Remote Registry - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service User Access Control (UAC) Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-analysis/analysis-methods/static-analysis/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-analysis/analysis-methods/static-analysis/Static Analysis Static Analysis - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Dynamic Analysis Malware Analysis Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/ghidra/static-analysis-with-ghidra/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/ghidra/static-analysis-with-ghidra/Static Analysis with Ghidra Static Analysis with Ghidra - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ghidra Fundamentals Ghidra Scripting Reverse Engineering with Ghidrahttps://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/ci-cd/devsecops/static-application-security-testing-sast/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/ci-cd/devsecops/static-application-security-testing-sast/Static application security testing (SAST) SAST - analyzing source code without execution to detect security vulnerabilities early in the development process. Related Links: API Security Arachni Dynamic application security testing (DAST) Nikto Pipeline Security Shift Left Security Software composition analysis (SCA) W3afhttps://r0tbyt3.dev/wiki/content/backend-engineering/django/static-files-and-media/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/django/static-files-and-media/Static Files and Media Static Files and Media - serving CSS, JavaScript, and user-uploaded files using collectstatic and MEDIA_ROOT. Related Links: Class-Based Views Custom User Model Deployment Django Admin Django Security Django Testing Forms and Validation Function-Based Views Middleware Migrations ModelForms Models and ORM Permissions and Groups QuerySets and Managers Settings and Configuration Signals Templates and Template Tags URL Routing User Authenticationhttps://r0tbyt3.dev/wiki/content/cybersecurity/cryptography/steganography/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/cryptography/steganography/Steganography Steganography - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Cryptographic Algorithms Cryptography Fundamentals Data Anonymization Techniques Data Masking Techniques Secure Communication Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/steganography-shellcode-loader/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/steganography-shellcode-loader/Steganography Shellcode Loader Steganography Shellcode Loader - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/embedded-systems/stm32-microcontrollers/stm32-blue-pill/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/stm32-microcontrollers/stm32-blue-pill/STM32 Blue Pill STM32 Blue Pill - low-cost STM32F103-based development board commonly used for prototyping and learning embedded development with the STM32 family. Related Links: STM32L5 Serieshttps://r0tbyt3.dev/wiki/content/embedded-systems/stm32-microcontrollers/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/stm32-microcontrollers/STM32 Microcontrollers STM32 Microcontrollers - a family of 32-bit ARM Cortex-M microcontrollers designed by STMicroelectronics with a vendor-specific microcontroller architecture used in a wide range of embedded systems applications. STM32 Blue Pill STM32L5 Series Related Links: C Language for Embedded Systems Embedded Systems Architectures Embedded Systems Communication Protocols Embedded Systems Execution Models Embedded Systems Exploits Embedded Systems Hardware Embedded Systems Runtime Viewhttps://r0tbyt3.dev/wiki/content/embedded-systems/stm32-microcontrollers/stm32l5-series/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/stm32-microcontrollers/stm32l5-series/STM32L5 Series STM32L5 Series - STMicroelectronics ultra-low-power microcontroller series featuring Arm Cortex-M33 with TrustZone and advanced security features. Related Links: STM32 Blue Pillhttps://r0tbyt3.dev/wiki/content/backend-engineering/databases/sql/stored-procedures-and-triggers/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/sql/stored-procedures-and-triggers/Stored procedures and triggers Stored Procedures and Triggers - precompiled SQL code stored in the database for reuse and automation. Related Links: Advanced SQL Aggregate queries Common table expressions (CTEs) Dynamic SQL Join queries Pivot and unpivot operations Recursive queries Select, insert, delete, update statements Subqueries Views Window functionshttps://r0tbyt3.dev/wiki/content/backend-engineering/concurrency/streaming/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/concurrency/streaming/Streaming Streaming - processing and transmitting data continuously as it is generated rather than in batches. Related Links: Backpressure Circuit breakers Event-driven architecture Failure modes Graceful degradation Loadshifting Rate limiting Real time data Realtime Server sent events short polling Throttling Websocketshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/string-hashing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/string-hashing/String Hashing String Hashing - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashing Obfuscation Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/string-hashing-obfuscation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/string-hashing-obfuscation/String Hashing Obfuscation String Hashing Obfuscation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/string-hashing-obfuscation-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/code-obfuscation/string-hashing-obfuscation-techniques/String Hashing Obfuscation Techniques String Hashing Obfuscation Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AP String Hashing Algorithm AP String Hashing Algorithm ASCII AP String Hashing Syscalls Hash Values NT AP Syscalls Hash Values ZW AP WinAPIs Hash Values Bypass EAF Export Address Filtering CFG Query Code Obfuscation Compile-Time GetModuleHandle Compile-Time GetProcAddress Evasion with File Bloating File Entropy Reduction Techniques FNV1A String Hashing Algorithm FNV1A String Hashing Algorithm ASCII FNV1A String Hashing Syscalls Hash Values FNV1A String Hashing Syscalls Hash Values NT FNV1A Syscalls Hash Values ZW FNV1A WinAPIs Hash Values Function Replacements Function Replacements eg Malloc Strcpy ZeroMemory GoTo Functionality IAT Camouflage IAT Obfuscation Variants JS String Hashing Algorithm JS String Hashing Algorithm ASCII JS String Hashing Syscalls Hash Values NT JS Syscalls Hash Values ZW JS WinAPIs Hash Values Malware Binary Signing Obfuscation Mmgetsystemroutineaddress Replacement String Hashing Kernel Multiple Function Replacements Multiple GetModuleHandle Replacement Functions MurmurHash3 String Hashing Algorithm MurmurHash3 String Hashing Algorithm ASCII MurmurHash3 String Hashing Syscalls Hash Values NT MurmurHash3 Syscalls Hash Values ZW MurmurHash3 WinAPIs Hash Values Obfuscation IPv4fuscation IPv6fuscation UUIDfuscation MACfuscation Payload Obfuscation PJW String Hashing Algorithm PJW String Hashing Algorithm ASCII PJW String Hashing Syscalls Hash Values NT PJW Syscalls Hash Values ZW PJW WinAPIs Hash Values SDBM String Hashing Algorithm SDBM String Hashing Algorithm ASCII SDBM String Hashing Syscalls Hash Values NT SDBM Syscalls Hash Values ZW SDBM WinAPIs Hash Values Self Deletion String Hashinghttps://r0tbyt3.dev/wiki/content/backend-engineering/dsa/data-structures/strings/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/dsa/data-structures/strings/Strings Strings - immutable sequences of characters in Python with common manipulation, searching, and pattern-matching techniques. Related Links: Arrays Binary Search Trees Graphs Hash Tables Heaps Linked Lists Queues Sets Stacks Trees Trieshttps://r0tbyt3.dev/wiki/content/backend-engineering/python/ai-and-llms/structured-outputs/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/python/ai-and-llms/structured-outputs/Structured outputs Structured Outputs - LLM technique for generating output in specific schemas like JSON. Related Links: Ai in development Embeddings Function calling RAGshttps://r0tbyt3.dev/wiki/content/embedded-systems/c-language/structures-bitfields-unions-and-bit-extraction/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/c-language/structures-bitfields-unions-and-bit-extraction/Structures, Bitfields, Unions, and Bit Extraction Structures, Bitfields, Unions, and Bit Extraction - aggregate data types used to model packed hardware data, protocol frames, and register overlays. Related Links: Accessing Memory-Mapped Registers with Pointers Bitwise Operators and Bit Manipulation Techniques Compiler Optimization Behavior and volatile Fixes Complex const and volatile Combinations Control Flow for Firmware Data Types, Variables, and Storage Class Specifiers Defensive C Patterns for Vulnerability Prevention ELF File Format, Symbols, Sections, and Segments Functions and Modular Firmware Design Pointers and Casting in Embedded C Register Definitions with C Structures Relocation, Linking, Literal Pools, and Veneers Toolchain Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-protocols/subnetting/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-protocols/subnetting/Subnetting Subnetting - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: DNS Handshakes HTTPS Networking Networking Fundamentalshttps://r0tbyt3.dev/wiki/content/backend-engineering/databases/sql/subqueries/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/sql/subqueries/Subqueries Subqueries - SQL queries nested inside other queries to filter or transform result sets. Related Links: Advanced SQL Aggregate queries Common table expressions (CTEs) Dynamic SQL Join queries Pivot and unpivot operations Recursive queries Select, insert, delete, update statements Stored procedures and triggers Views Window functionshttps://r0tbyt3.dev/wiki/content/embedded-systems/execution-models/superloop/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/execution-models/superloop/Superloop Superloop - the simplest embedded execution model consisting of an infinite loop that polls peripherals and handles all system tasks sequentially. Related Links: Cooperative Scheduling Event-Driven and State-Machine Models Failure Recovery Models Hybrid Polling and Interrupt Models Interrupt-Driven Execution ISR-to-Task Communication Patterns Power-Aware Execution Strategies Preemptive RTOS Scheduling Real-Time Constraints, Latency, and Jitter Shared-State Synchronization and Concurrency Safety Task Priorities and Deadline Handlinghttps://r0tbyt3.dev/wiki/content/cybersecurity/threat-modeling/supply-chain-attacks/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/threat-modeling/supply-chain-attacks/Supply Chain Attacks Supply Chain Attacks - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APT OSINT Reconnaissance Techniques Threat Modeling Fundamentals Zero Dayhttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/html-smuggling/svg-smuggling/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/html-smuggling/svg-smuggling/SVG Smuggling SVG Smuggling - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing and Evading SmuggleShield HTML Smuggling HTML Smuggling Strategies Integrating Anti-Bot with HTML Smuggling MOTW Bypass via FileFix Variations WebAssembly Smugglinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/syscall-gadget-pattern-scan/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/syscall-gadget-pattern-scan/Syscall Gadget Pattern Scan Syscall Gadget Pattern Scan - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/syscall-number-retrieval-from-ntdll-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/syscall-number-retrieval-from-ntdll-kernel/Syscall Number Retrieval from NTDLL Kernel Syscall Number Retrieval from NTDLL Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/syscalls/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/syscalls/Syscalls Syscalls - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/syscalls-tampering/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/syscalls-tampering/Syscalls Tampering Syscalls Tampering - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/backend-engineering/system-design/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/system-design/System Design System Design - architecture patterns, scalability strategies, and infrastructure practices for backend systems. Architecture Patterns Scalability and Infrastructure Related Links: Backend Engineering Concurrency Databases Django DSA Python Security Webhttps://r0tbyt3.dev/wiki/content/backend-engineering/system-design/scalability-and-infrastructure/system-design-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/system-design/scalability-and-infrastructure/system-design-fundamentals/System Design Fundamentals System Design Fundamentals - core concepts for designing scalable, reliable, and maintainable distributed systems. Related Links: Building for scale Caching Caching Fundamentals Docker Instrumentation and monitoring Kubernetes Profiling performance Telemetryhttps://r0tbyt3.dev/wiki/content/cybersecurity/encryption/systemfunction040-encryption-decryption/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/encryption/systemfunction040-encryption-decryption/SystemFunction040 Encryption Decryption SystemFunction040 Encryption Decryption - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AES Base N Encoder Entropy Reduction Brute Forcing Key Decryption Caesar Cipher Encryption Decryption ChaCha20 Encryption Algorithm Data Encryption Techniques Encryption Fundamentals Generating Encryption Keys Without WinAPI Calls Random Key Generation RC4 XOR Encryption Decryption via Multi-Byte Key XOR Encryption Decryption via Single Bytehttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/tampered-syscalls-via-hardware-breakpoints/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/tampered-syscalls-via-hardware-breakpoints/Tampered Syscalls via Hardware Breakpoints Tampered Syscalls via Hardware Breakpoints - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/target-specific-exploitation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/target-specific-exploitation/Target-Specific Exploitation Target-Specific Exploitation - techniques for attacking unique infrastructure and deployment environments beyond standard web applications. Exploiting Cloud Infrastructure Exploiting Containerized Environments Exploiting Embedded Systems Exploiting Industrial Control Systems (ICS) Exploiting IoT Devices Exploiting Mobile Devices Exploiting Operational Technology (OT) Systems Exploiting Serverless Environments Related Links: Authentication and Authorization Automated Exploit Generation Automated Vulnerability Discovery Common Exploit Frameworks and Tools Injection Attacks OWASP Top 10 Secure Coding Fundamentals Software Vulnerabilities and Exploits Web Based Attackshttps://r0tbyt3.dev/wiki/content/embedded-systems/execution-models/task-priorities-and-deadline-handling/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/execution-models/task-priorities-and-deadline-handling/Task Priorities and Deadline Handling Task Priorities and Deadline Handling - assignment of execution priorities to tasks in an RTOS and strategies for meeting hard and soft timing deadlines. Related Links: Cooperative Scheduling Event-Driven and State-Machine Models Failure Recovery Models Hybrid Polling and Interrupt Models Interrupt-Driven Execution ISR-to-Task Communication Patterns Power-Aware Execution Strategies Preemptive RTOS Scheduling Real-Time Constraints, Latency, and Jitter Shared-State Synchronization and Concurrency Safety Superloophttps://r0tbyt3.dev/wiki/content/embedded-systems/runtime-view/task-scheduling-and-context-switching/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/runtime-view/task-scheduling-and-context-switching/Task Scheduling and Context Switching Task Scheduling and Context Switching - mechanisms by which an RTOS saves and restores task state to achieve multitasking on a single processor. Related Links: Runtime Memory Managementhttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/tcp-port-scan/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/tcp-port-scan/TCP Port Scan TCP Port Scan - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: DNS Lookup Host Check ICMP Echo Network Attacks Network Evasion Techniques Network Protocols Port Scanning VPNs Wireless and Physical Attackshttps://r0tbyt3.dev/wiki/content/cybersecurity/wireshark/tcpdump/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/wireshark/tcpdump/Tcpdump Tcpdump - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Network Forensics with Wireshark Protocol Analysis Wireshark Fundamentalshttps://r0tbyt3.dev/wiki/content/backend-engineering/system-design/scalability-and-infrastructure/telemetry/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/system-design/scalability-and-infrastructure/telemetry/Telemetry Telemetry - automated collection of performance and usage data from applications for analysis and alerting. Related Links: Building for scale Caching Caching Fundamentals Docker Instrumentation and monitoring Kubernetes Profiling performance System Design Fundamentalshttps://r0tbyt3.dev/wiki/content/backend-engineering/django/templates-and-template-tags/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/django/templates-and-template-tags/Templates and Template Tags Templates and Template Tags - Django’s template language for rendering HTML with context variables, filters, and custom tags. Related Links: Class-Based Views Custom User Model Deployment Django Admin Django Security Django Testing Forms and Validation Function-Based Views Middleware Migrations ModelForms Models and ORM Permissions and Groups QuerySets and Managers Settings and Configuration Signals Static Files and Media URL Routing User Authenticationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/terminating-a-process-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/terminating-a-process-kernel/Terminating a Process Kernel Terminating a Process Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/infrastructure-as-code/iac-tools/terraform-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/infrastructure-as-code/iac-tools/terraform-fundamentals/Terraform Fundamentals Terraform Fundamentals - writing declarative HCL to provision and manage cloud infrastructure with plan, apply, and state workflows. Related Links: Configuration Management Fundamentals IaC Security Infrastructure as Code Fundamentalshttps://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/ci-cd/pipeline-and-delivery/testing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/ci-cd/pipeline-and-delivery/testing/Testing Testing - automated unit, integration, and end-to-end testing integrated into CI pipelines for continuous quality assurance. Related Links: CI-CD Fundamentals Deployment Development Phase Release Strategies Requirements and Design Phasehttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/thread-enumeration-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/thread-enumeration-techniques/Thread Enumeration Techniques Thread Enumeration Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/thread-enumeration-via-procfs/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/thread-enumeration-via-procfs/Thread Enumeration via ProcFS Thread Enumeration via ProcFS - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/thread-enumeration-via-syscall/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/thread-enumeration-via-syscall/Thread Enumeration via Syscall Thread Enumeration via Syscall - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/thread-hijacking-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/thread-hijacking-kernel/Thread Hijacking Kernel Thread Hijacking Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Threadless Injection VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/thread-hijacking-kernel-internals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/thread-hijacking-kernel-internals/Thread Hijacking Kernel Internals Thread Hijacking Kernel Internals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/threadless-injection/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/threadless-injection/Threadless Injection Threadless Injection - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel VEH Manipulation for Local Code Executionhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/beacon-object-files-bof/threadless-shellcode-injection-via-hwbps-bof/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/beacon-object-files-bof/threadless-shellcode-injection-via-hwbps-bof/Threadless Shellcode Injection via HWBPs BOF Threadless Shellcode Injection via HWBPs BOF - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: BOF Execution Introduction to BOF LSASS Dump BOF Object File Loader with Module Stomping Writing BOF Fileshttps://r0tbyt3.dev/wiki/content/cybersecurity/incident-response-and-forensics/threat-hunting-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/incident-response-and-forensics/threat-hunting-techniques/Threat Hunting Techniques Threat Hunting Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Forensic Techniques Automated Reverse Engineering Digital Forensics Forensics Hayabusa Incident Responsehttps://r0tbyt3.dev/wiki/content/cybersecurity/soc-and-detection-engineering/threat-hunting-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/soc-and-detection-engineering/threat-hunting-techniques/Threat Hunting Techniques Threat Hunting Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Detection Engineering Endpoint Security SIEM and Tools SOC Honeypotshttps://r0tbyt3.dev/wiki/content/cybersecurity/threat-modeling/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/threat-modeling/Threat Modeling Threat Modeling - the structured process of identifying, quantifying, and prioritizing potential threats to a system in order to guide security decisions. APT OSINT Reconnaissance Techniques Supply Chain Attacks Threat Modeling Fundamentals Zero Day Related Links: Application Security Bash Burp Suite Cryptography Cybersecurity Encryption Firewalls Ghidra Hashing Incident Response and Forensics Information Security Models Linux Operating System Malware Analysis Malware Development Network Security Nginx Nmap Obfuscation and Detection Evasion Offensive Phishing Operations Ransomware SOC and Detection Engineering Social Engineering Windows Security and Administration Wiresharkhttps://r0tbyt3.dev/wiki/content/cybersecurity/threat-modeling/threat-modeling-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/threat-modeling/threat-modeling-fundamentals/Threat Modeling Fundamentals Threat Modeling Fundamentals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APT OSINT Reconnaissance Techniques Supply Chain Attacks Zero Dayhttps://r0tbyt3.dev/wiki/content/backend-engineering/concurrency/throttling/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/concurrency/throttling/Throttling Throttling - limiting the rate of processing to prevent resource exhaustion under heavy load. Related Links: Backpressure Circuit breakers Event-driven architecture Failure modes Graceful degradation Loadshifting Rate limiting Real time data Realtime Server sent events short polling Streaming Websocketshttps://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-types/time-series-dbs/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-types/time-series-dbs/Time series dbs Time Series Databases - databases optimized for storing and querying timestamped data sequences. Related Links: Column dbs Document dbs Elasticsearch Graphdbs Key value Memcached Non-relational databases NoSQL databases Redis Relational databases Search engines Solr Vector databaseshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/covering-tracks/timestomping-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/covering-tracks/timestomping-techniques/Timestomping Techniques Timestomping Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Forensic Techniques Covering Tracks Techniques Data Destruction Techniques File Time Stomping Log Tampering Techniques Self-Deletion Techniques Shadow Copy Deletionhttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/injection-attacks/timing-attacks/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/injection-attacks/timing-attacks/Timing Attacks Timing Attacks - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Buffer Overflows CSRF Directory Traversal SQL Injection XSShttps://r0tbyt3.dev/wiki/content/backend-engineering/security/cryptography/tls/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/security/cryptography/tls/TLS TLS - cryptographic protocol providing secure communication over a network through encryption and certificates. Related Links: Argon2 Bcrypt Hashing algorithms MD5 Scrypt SHA-1 SHA-256https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/tls-callbacks-for-anti-debugging/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/tls-callbacks-for-anti-debugging/TLS Callbacks for Anti-Debugging TLS Callbacks for Anti-Debugging - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques User Interaction Evasion Techniqueshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/token-impersonation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/token-impersonation/Token Impersonation Token Impersonation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Manipulation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/token-manipulation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/token-manipulation/Token Manipulation Token Manipulation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Querying Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/token-querying/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/token-querying/Token Querying Token Querying - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Manipulation Utilizing Hardware Breakpoints for Credential Dumpinghttps://r0tbyt3.dev/wiki/content/backend-engineering/security/authentication/token-based-authentication/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/security/authentication/token-based-authentication/Token-based authentication Token-Based Authentication - authentication approach using digitally signed tokens instead of server-side sessions. Related Links: Authentication and Authorization AuthN vs AuthZ Multi-factor authentication (MFA) Password-based authentication Session and Token Securityhttps://r0tbyt3.dev/wiki/content/embedded-systems/c-language/toolchain-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/c-language/toolchain-fundamentals/Toolchain Fundamentals Toolchain Fundamentals - components of the embedded C toolchain including the compiler, assembler, linker, and object file utilities. Related Links: Accessing Memory-Mapped Registers with Pointers Bitwise Operators and Bit Manipulation Techniques Compiler Optimization Behavior and volatile Fixes Complex const and volatile Combinations Control Flow for Firmware Data Types, Variables, and Storage Class Specifiers Defensive C Patterns for Vulnerability Prevention ELF File Format, Symbols, Sections, and Segments Functions and Modular Firmware Design Pointers and Casting in Embedded C Register Definitions with C Structures Relocation, Linking, Literal Pools, and Veneers Structures, Bitfields, Unions, and Bit Extractionhttps://r0tbyt3.dev/wiki/content/backend-engineering/dsa/patterns/top-k-elements/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/dsa/patterns/top-k-elements/Top K Elements Top K Elements - using a min-heap of size K to efficiently find the K largest or most frequent elements. Related Links: BFS Pattern Binary Search Pattern DFS Pattern Fast and Slow Pointers Merge Intervals Monotonic Stack Sliding Window Two Pointers Union Findhttps://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-fundamentals/transactions/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-fundamentals/transactions/Transactions Transactions - units of work in a database that must execute atomically to maintain consistency. Related Links: ACID CAP theorem Data constraints Data definition language Data integrity and normalization and security Data manipulation language Databases and Data Modeling Migrations Normalization ORMs Transactions and isolation levelshttps://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-fundamentals/transactions-and-isolation-levels/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-fundamentals/transactions-and-isolation-levels/Transactions and isolation levels Transactions and Isolation Levels - database transaction guarantees and concurrent access control levels. Related Links: ACID CAP theorem Data constraints Data definition language Data integrity and normalization and security Data manipulation language Databases and Data Modeling Migrations Normalization ORMs Transactionshttps://r0tbyt3.dev/wiki/content/backend-engineering/dsa/data-structures/trees/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/dsa/data-structures/trees/Trees Trees - hierarchical node-based structures with a root and parent-child relationships used for ordered data. Related Links: Arrays Binary Search Trees Graphs Hash Tables Heaps Linked Lists Queues Sets Stacks Strings Trieshttps://r0tbyt3.dev/wiki/content/backend-engineering/dsa/data-structures/tries/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/dsa/data-structures/tries/Tries Tries - prefix trees enabling O(m) string search and autocomplete, where m is the length of the key. Related Links: Arrays Binary Search Trees Graphs Hash Tables Heaps Linked Lists Queues Sets Stacks Strings Treeshttps://r0tbyt3.dev/wiki/content/embedded-systems/architectures/arm-m-profile/trustzone-m/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/architectures/arm-m-profile/trustzone-m/TrustZone-M TrustZone-M - the Cortex-M security extension that partitions the system into Secure and Non-Secure worlds, enabling hardware-enforced isolation between trusted firmware and untrusted application code. Related Links: Boot Flow on Cortex-M Exceptions Interruptions MPU Usage Patterns NVIChttps://r0tbyt3.dev/wiki/content/backend-engineering/system-design/architecture-patterns/twelve-factor-app/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/system-design/architecture-patterns/twelve-factor-app/Twelve-factor app Twelve-Factor App - methodology for building software-as-a-service apps with scalability and maintainability. Related Links: Architectural patterns Backend Architecture Microservices Monolith Monolith vs Microservices Serverless Serverless computing Service mesh architecture Service meshes Service-oriented architecture (SOA)https://r0tbyt3.dev/wiki/content/backend-engineering/dsa/patterns/two-pointers/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/dsa/patterns/two-pointers/Two Pointers Two Pointers - technique using two indices moving toward each other or in the same direction to reduce O(n²) to O(n). Related Links: BFS Pattern Binary Search Pattern DFS Pattern Fast and Slow Pointers Merge Intervals Monotonic Stack Sliding Window Top K Elements Union Findhttps://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/digital-social-engineering/typo-squatting/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/digital-social-engineering/typo-squatting/Typo Squatting Typo Squatting - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Business Email Compromise Drive-By Downloads File Sharing and Removable Media Phishing Overview Watering Hole Attackshttps://r0tbyt3.dev/wiki/content/embedded-systems/communication-protocols/uart/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/communication-protocols/uart/UART UART - asynchronous serial communication protocol for point-to-point data exchange between microcontrollers and peripherals. Related Links: CAN Bus I2C Monodon Firmware SPIhttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/ultrasonic-communication-exploits/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/ultrasonic-communication-exploits/Ultrasonic Communication Exploits Ultrasonic Communication Exploits - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Acoustic Communication Exploits Bluetooth Exploits Deauth Evil Twin Attacks Infrared Exploits Near-Field Communication (NFC) Exploits Power Line Communication Exploits Quantum Communication Exploits Radio Frequency Exploits Rogue Access Point Satellite Communication Exploits Visible Light Communication Exploits WiFi Exploitshttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/ntdll-unhooking-and-api-hooking/unhooking-all-dlls/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/ntdll-unhooking-and-api-hooking/unhooking-all-dlls/Unhooking All DLLs Unhooking All DLLs - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Variants Hardware Hooks NTDLL Unhooking NTDLL Unhooking Variants Utilizing Hardware Breakpoints for Hooking 1 Utilizing Hardware Breakpoints for Hooking 2https://r0tbyt3.dev/wiki/content/backend-engineering/dsa/patterns/union-find/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/dsa/patterns/union-find/Union Find Union Find - disjoint set data structure with near O(1) union and find operations for grouping and connectivity problems. Related Links: BFS Pattern Binary Search Pattern DFS Pattern Fast and Slow Pointers Merge Intervals Monotonic Stack Sliding Window Top K Elements Two Pointershttps://r0tbyt3.dev/wiki/content/backend-engineering/python/software-engineering/unit-testing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/python/software-engineering/unit-testing/Unit testing Unit Testing - testing individual units of code in isolation to verify their correctness. Related Links: Code reviews Documentation generation Functional testing Git Integration testing Refactoringhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/upload-file-via-smb/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/upload-file-via-smb/Upload File via SMB Upload File via SMB - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/backend-engineering/django/url-routing/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/django/url-routing/URL Routing URL Routing - mapping URL patterns to views using URLconf, path converters, and namespaced app URLs. Related Links: Class-Based Views Custom User Model Deployment Django Admin Django Security Django Testing Forms and Validation Function-Based Views Middleware Migrations ModelForms Models and ORM Permissions and Groups QuerySets and Managers Settings and Configuration Signals Static Files and Media Templates and Template Tags User Authenticationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-analysis/urlvoid/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-analysis/urlvoid/Urlvoid Urlvoid - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analysis Methods Automated Malware Analysis Maltego Memory Leaks Metasploit Reverse Engineering Virustotalhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/user-access-control-uac/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/user-access-control-uac/User Access Control (UAC) User Access Control (UAC) - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry Virtualization Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory/user-administration/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/active-directory/user-administration/User Administration User Administration - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Active Directory Fundamentals Group Administration IAM Policies Identity and Access Management Fundamentals Identity Federation Pass the Hash Privileged Access Managementhttps://r0tbyt3.dev/wiki/content/backend-engineering/django/user-authentication/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/django/user-authentication/User Authentication User Authentication - Django’s built-in auth system handling login, logout, password hashing, and session management. Related Links: Class-Based Views Custom User Model Deployment Django Admin Django Security Django Testing Forms and Validation Function-Based Views Middleware Migrations ModelForms Models and ORM Permissions and Groups QuerySets and Managers Settings and Configuration Signals Static Files and Media Templates and Template Tags URL Routinghttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/user-interaction-evasion-techniques/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/anti-analysis/user-interaction-evasion-techniques/User Interaction Evasion Techniques User Interaction Evasion Techniques - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Anti-Debugging Techniques Anti-Debugging via NtGlobalFlag Anti-Debugging via NtSystemDebugControl Anti-Debugging via ProcessDebugFlags Anti-Debugging via Ptrace Anti-Debugging via TLS Callbacks Anti-Forensic Evasion Techniques Anti-Malware Evasion Techniques Anti-Virtualization Techniques Anti-Virus Evasion Techniques Automated Evasion Techniques Avoid Detection Techniques Check Debug Object Handle Check Debug Object Handle via NtQueryInformationProcess Check Hyper-V Status Detect Virtualization Methods Detect Virtualization via Hardware Specification Detect Virtualization via Monitor Resolution Detect Virtualization via User Interaction Detect Virtualized Environments IDS Evasion Techniques IP Address Whitelisting Multiple Anti-Debugging Techniques Network Evasion Techniques Overview Sandbox Evasion Techniques TLS Callbacks for Anti-Debugginghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/user-mode-function-lookup-in-process-modules-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/user-mode-function-lookup-in-process-modules-kernel/User Mode Function Lookup in Process Modules Kernel User Mode Function Lookup in Process Modules Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/user-mode-process-modules-enumeration-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/user-mode-process-modules-enumeration-kernel/User Mode Process Modules Enumeration Kernel User Mode Process Modules Enumeration Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel Using Class in C Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/user-shared-data-delay/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/user-shared-data-delay/User Shared Data Delay User Shared Data Delay - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/using-class-in-c-kernel/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/using-class-in-c-kernel/Using Class in C Kernel Using Class in C Kernel - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel WinAPIs PE File Format Overviewhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/utilizing-hardware-breakpoints-for-credential-dumping/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/credential-dumping/utilizing-hardware-breakpoints-for-credential-dumping/Utilizing Hardware Breakpoints for Credential Dumping Utilizing Hardware Breakpoints for Credential Dumping - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Clipboard Data Theft Dumping Browser Cookies Chrome Dumping Browser Cookies Firefox Dumping Saved Logins Chrome Dumping Saved Logins Firefox Dumping the SAM Database Dumping the SAM from Disk Dumping the SAM Remotely Enable WDigest Extract WiFi Passwords Fetching LSASS Handle and Bypassing PPL Get Current Token Impersonate Process User Introduction to LSASS Dumping LSASS Dump via Handle Duplication LSASS Dump via MiniDumpWriteDump LSASS Dump via RtlReportSilentProcessExit LSASS Dump via SecLogon Race Condition Privilege Query Read Clipboard Data Set Privilege via AdjustTokenPrivileges Set Privilege via RtlAdjustPrivilege SMB Pass the Hash Token Impersonation Token Manipulation Token Queryinghttps://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/ntdll-unhooking-and-api-hooking/utilizing-hardware-breakpoints-for-hooking-1/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/ntdll-unhooking-and-api-hooking/utilizing-hardware-breakpoints-for-hooking-1/Utilizing Hardware Breakpoints for Hooking 1 Utilizing Hardware Breakpoints for Hooking 1 - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Variants Hardware Hooks NTDLL Unhooking NTDLL Unhooking Variants Unhooking All DLLs Utilizing Hardware Breakpoints for Hooking 2https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/ntdll-unhooking-and-api-hooking/utilizing-hardware-breakpoints-for-hooking-2/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/obfuscation-and-detection-evasion/ntdll-unhooking-and-api-hooking/utilizing-hardware-breakpoints-for-hooking-2/Utilizing Hardware Breakpoints for Hooking 2 Utilizing Hardware Breakpoints for Hooking 2 - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Variants Hardware Hooks NTDLL Unhooking NTDLL Unhooking Variants Unhooking All DLLs Utilizing Hardware Breakpoints for Hooking 1https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/utilizing-ntcreateuserprocess/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/utilizing-ntcreateuserprocess/Utilizing NtCreateUserProcess Utilizing NtCreateUserProcess - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.exe Executing Commands via IShellDispatch2 COM Interface Executing Files via IHxHelpPaneServer COM Interface Executing Files via IHxInteractiveUser COM Interface Fetch a Pointer to PEB Fetch a Pointer to PEB ARM Fetch a Pointer to TEB Fetch Image DOS Header Fetch Image Headers Fetch Image NT Headers File Entropy Reduction Forwarded Functions Get NTDLL Base Address from Stack Frame Walk GetModuleHandle Replacement GetProcAddress Replacement IAT API Set Resolution Inserting a Custom Section into a PE Local Payload Execution Local PE Execution Local Shellcode Execution Manually Mapping API Set Names NET Assemblies Patching SystemEnvironment.https://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-types/vector-databases/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/database-types/vector-databases/Vector databases Vector Databases - databases optimized for storing and querying high-dimensional vector embeddings. Related Links: Column dbs Document dbs Elasticsearch Graphdbs Key value Memcached Non-relational databases NoSQL databases Redis Relational databases Search engines Solr Time series dbshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/veh-manipulation-for-local-code-execution/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/process-injection/veh-manipulation-for-local-code-execution/VEH Manipulation for Local Code Execution VEH Manipulation for Local Code Execution - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Hooking Cross-Architecture Injection x86 to x64 DLL Injection via ZwCreateThreadEx Kernel Function Stomping Ghost Process Injection Ghostly Hollowing Hardware Breakpoint Hooking Library Hardware Breakpoint Threadless Injection Hellshall Herpaderping Hollowing Herpaderping Process Injection KnownDLL Cache Poisoning Injection Library Proxy Loading Local APC Injection Local DLL Injection Local Function Stomping Local Mapping Injection Module Overloading Module Stomping Multiple Anti-Debugging Techniques Multiple Payload Execution Control Methods Patchless Threadless Injection via Hardware Breakpoints Payload Execution Control Payload Execution Control via Events Payload Execution Control via Mutexes Payload Execution Control via Semaphores Payload Execution via Callbacks Payload Execution via CertEnumSystemStore Callback Payload Execution via CertEnumSystemStoreLocation Callback Payload Execution via CopyFileExW Callback Payload Execution via CryptEnumOIDInfo Callback Payload Execution via EnumCalendarInfoW Callback Payload Execution via EnumDesktopsW Callback Payload Execution via EnumDesktopWindows Callback Payload Execution via EnumDirTreeW Callback Payload Execution via EnumDisplayMonitors Callback Payload Execution via EnumerateLoadedModules Callback Payload Execution via EnumFontFamiliesW Callback Payload Execution via EnumFontsW Callback Payload Execution via EnumLanguageGroupLocalesW Callback Payload Execution via EnumObjects Callback Payload Execution via EnumPageFilesW Callback Payload Execution via EnumPropsW Callback Payload Execution via EnumPwrSchemes Callback Payload Execution via EnumResourceTypesW Callback Payload Execution via EnumSystemLocalesEx Callback Payload Execution via EnumThreadWindows Callback Payload Execution via EnumTimeFormatsEx Callback Payload Execution via EnumWindows Callback Payload Execution via EnumWindowStationsW Callback Payload Execution via Fibers Payload Execution via FlsAlloc Callback Payload Execution via ImageGetDigestStream Callback Payload Execution via ImmEnumInputContext Callback Payload Execution via InitOnceExecuteOnce Callback Payload Execution via SymEnumProcesses Callback Payload Execution via SymEnumSourceFiles Callback Payload Execution via SymFindFileInPath Callback Process Hollowing Process Hypnosis Proxy Execute NtAllocateVirtualMemory with Timer APIs C Proxy Execute NtAllocateVirtualMemory with Work Item APIs C Proxy Execute NtCreateThreadEx with Work Item APIs C Reflective DLL Injection Reimplementing Injection via Syscalls Remote APC Injection Remote DLL Injection Remote Function Stomping Remote Mapping Injection Remote Module Stomping Remote Payload Execution via Injection ROP Hellshall RunPE Shellcode Injection Shellcode Injection via ZwCreateThreadEx Kernel Shellcode Reflective DLL Injection (sRDI) Technique Thread Hijacking Kernel Threadless Injectionhttps://r0tbyt3.dev/wiki/content/backend-engineering/databases/sql/views/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/sql/views/Views Views - virtual tables defined by a SQL query providing a simplified or filtered interface to data. Related Links: Advanced SQL Aggregate queries Common table expressions (CTEs) Dynamic SQL Join queries Pivot and unpivot operations Recursive queries Select, insert, delete, update statements Stored procedures and triggers Subqueries Window functionshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/virtualization/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/virtualization/Virtualization Virtualization - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Windows Administration Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-analysis/virustotal/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-analysis/virustotal/Virustotal Virustotal - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analysis Methods Automated Malware Analysis Maltego Memory Leaks Metasploit Reverse Engineering Urlvoidhttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/visible-light-communication-exploits/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/visible-light-communication-exploits/Visible Light Communication Exploits Visible Light Communication Exploits - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Acoustic Communication Exploits Bluetooth Exploits Deauth Evil Twin Attacks Infrared Exploits Near-Field Communication (NFC) Exploits Power Line Communication Exploits Quantum Communication Exploits Radio Frequency Exploits Rogue Access Point Satellite Communication Exploits Ultrasonic Communication Exploits WiFi Exploitshttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-attacks/vlan-hopping/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-attacks/vlan-hopping/VLAN Hopping VLAN Hopping - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: DNS Poisoning MITM Network Attacks Overview Packet Sniffing Exploits Spoofing VMescape Exploitshttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-attacks/vmescape-exploits/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/network-attacks/vmescape-exploits/VMescape Exploits VMescape Exploits - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: DNS Poisoning MITM Network Attacks Overview Packet Sniffing Exploits Spoofing VLAN Hoppinghttps://r0tbyt3.dev/wiki/content/embedded-systems/architectures/memory-architecture/von-neumann/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/embedded-systems/architectures/memory-architecture/von-neumann/Von Neumann Von Neumann - a processor memory architecture where instructions and data share a single address space and bus, simplifying design at the cost of simultaneous instruction and data access. Related Links: Harvardhttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/vpns/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/vpns/VPNs VPNs - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: DNS Lookup Host Check ICMP Echo Network Attacks Network Evasion Techniques Network Protocols Port Scanning TCP Port Scan Wireless and Physical Attackshttps://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/ci-cd/devsecops/w3af/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/ci-cd/devsecops/w3af/W3af W3af - open-source web application attack and audit framework for discovering and exploiting web vulnerabilities. Related Links: API Security Arachni Dynamic application security testing (DAST) Nikto Pipeline Security Shift Left Security Software composition analysis (SCA) Static application security testing (SAST)https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/waitformultipleobjectsex-alertable-function/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/waitformultipleobjectsex-alertable-function/WaitForMultipleObjectsEx Alertable Function WaitForMultipleObjectsEx Alertable Function - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/waitforsingleobjectex-alertable-function/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/waitforsingleobjectex-alertable-function/WaitForSingleObjectEx Alertable Function WaitForSingleObjectEx Alertable Function - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/ci-cd/devops-fundamentals/waterfall-vs-agile-vs-devops/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/ci-cd/devops-fundamentals/waterfall-vs-agile-vs-devops/Waterfall vs Agile vs DevOps Waterfall vs Agile vs DevOps - evolution from sequential phase-based delivery to iterative and continuous deployment models. Related Links: Agile and Scrum DevOps and DevSecOps Fundamentals Phases of DevOps Software Delivery Modelshttps://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/digital-social-engineering/watering-hole-attacks/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/social-engineering/digital-social-engineering/watering-hole-attacks/Watering Hole Attacks Watering Hole Attacks - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Business Email Compromise Drive-By Downloads File Sharing and Removable Media Phishing Overview Typo Squattinghttps://r0tbyt3.dev/wiki/content/backend-engineering/web/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/web/Web Web - HTTP, APIs, web servers, and protocols powering modern backend web services. APIs Web Infrastructure Related Links: Backend Engineering Concurrency Databases Django DSA Python Security System Designhttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/web-based-attacks/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/web-based-attacks/Web Based Attacks Web Based Attacks - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Authentication and Authorization Automated Exploit Generation Automated Vulnerability Discovery Common Exploit Frameworks and Tools Injection Attacks OWASP Top 10 Secure Coding Fundamentals Software Vulnerabilities and Exploits Target-Specific Exploitationhttps://r0tbyt3.dev/wiki/content/backend-engineering/web/web-infrastructure/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/web/web-infrastructure/Web Infrastructure Web Infrastructure - servers, protocols, and network primitives that underpin web application delivery. Apache Caddy Domain name Domain name system Http caching Https Nginx Fundamentals Web servers Related Links: APIshttps://r0tbyt3.dev/wiki/content/backend-engineering/security/web-security/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/security/web-security/Web Security Web Security - browser and server-side protections against common web application vulnerabilities and attacks. API security best practices Container security best practices CORS CSP Mitigation techniques OWASP risks Server security Related Links: Authentication Authorization Cryptographyhttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/web-server-setup-apache-php/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/web-server-setup-apache-php/Web Server Setup Apache PHP Web Server Setup Apache PHP - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automate Phishing Infrastructure Ansible Automate Phishing Infrastructure Terraform Database Setup MySQL Deploying Phishing Infrastructure Domain and DNS Configuration Improving Domain Reputation Domain Aging Improving Domain Reputation Domain Categorization Improving Domain Reputation Web Traffic Introduction to Caddy OPSEC Failure Directory Listing Performing Input Validation Protecting Phishing Servers via Caddy Protecting Phishing Servers via Mod Rewrite Secure SSH Configuration Securing Server Blocking Direct IP Access Securing Server Removing Verbose Information Securing Server Restrict HTTP Access Securing Server via Cloudflare Serverless Phishing Cloudflare Worker SSL Configuration Comodo SSL SSL Configuration Lets Encrypt Web Server Setup Nginx Flask Wildcard Certificate via Lets Encrypthttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/web-server-setup-nginx-flask/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/web-server-setup-nginx-flask/Web Server Setup Nginx Flask Web Server Setup Nginx Flask - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automate Phishing Infrastructure Ansible Automate Phishing Infrastructure Terraform Database Setup MySQL Deploying Phishing Infrastructure Domain and DNS Configuration Improving Domain Reputation Domain Aging Improving Domain Reputation Domain Categorization Improving Domain Reputation Web Traffic Introduction to Caddy OPSEC Failure Directory Listing Performing Input Validation Protecting Phishing Servers via Caddy Protecting Phishing Servers via Mod Rewrite Secure SSH Configuration Securing Server Blocking Direct IP Access Securing Server Removing Verbose Information Securing Server Restrict HTTP Access Securing Server via Cloudflare Serverless Phishing Cloudflare Worker SSL Configuration Comodo SSL SSL Configuration Lets Encrypt Web Server Setup Apache PHP Wildcard Certificate via Lets Encrypthttps://r0tbyt3.dev/wiki/content/backend-engineering/web/web-infrastructure/web-servers/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/web/web-infrastructure/web-servers/Web servers Web Servers - software that serves web content over HTTP by handling incoming requests and sending responses. Related Links: Apache Caddy Domain name Domain name system Http caching Https Nginx Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/html-smuggling/webassembly-smuggling/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/html-smuggling/webassembly-smuggling/WebAssembly Smuggling WebAssembly Smuggling - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Analyzing and Evading SmuggleShield HTML Smuggling HTML Smuggling Strategies Integrating Anti-Bot with HTML Smuggling MOTW Bypass via FileFix Variations SVG Smugglinghttps://r0tbyt3.dev/wiki/content/backend-engineering/concurrency/websockets/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/concurrency/websockets/Websockets WebSockets - protocol providing full-duplex communication channels over a single TCP connection. Related Links: Backpressure Circuit breakers Event-driven architecture Failure modes Graceful degradation Loadshifting Rate limiting Real time data Realtime Server sent events short polling Streaming Throttlinghttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/wifi-exploits/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/wifi-exploits/WiFi Exploits WiFi Exploits - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Acoustic Communication Exploits Bluetooth Exploits Deauth Evil Twin Attacks Infrared Exploits Near-Field Communication (NFC) Exploits Power Line Communication Exploits Quantum Communication Exploits Radio Frequency Exploits Rogue Access Point Satellite Communication Exploits Ultrasonic Communication Exploits Visible Light Communication Exploitshttps://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/wildcard-certificate-via-lets-encrypt/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/offensive-phishing-operations/infrastructure/wildcard-certificate-via-lets-encrypt/Wildcard Certificate via Lets Encrypt Wildcard Certificate via Lets Encrypt - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Automate Phishing Infrastructure Ansible Automate Phishing Infrastructure Terraform Database Setup MySQL Deploying Phishing Infrastructure Domain and DNS Configuration Improving Domain Reputation Domain Aging Improving Domain Reputation Domain Categorization Improving Domain Reputation Web Traffic Introduction to Caddy OPSEC Failure Directory Listing Performing Input Validation Protecting Phishing Servers via Caddy Protecting Phishing Servers via Mod Rewrite Secure SSH Configuration Securing Server Blocking Direct IP Access Securing Server Removing Verbose Information Securing Server Restrict HTTP Access Securing Server via Cloudflare Serverless Phishing Cloudflare Worker SSL Configuration Comodo SSL SSL Configuration Lets Encrypt Web Server Setup Apache PHP Web Server Setup Nginx Flaskhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/winapis-and-pe-file-format/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/winapis-and-pe-file-format/WinAPIs and PE File Format WinAPIs and PE File Format - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/winapis-pe-file-format-overview/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/winapis-pe-file-format-overview/WinAPIs PE File Format Overview WinAPIs PE File Format Overview - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernelhttps://r0tbyt3.dev/wiki/content/backend-engineering/databases/sql/window-functions/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/backend-engineering/databases/sql/window-functions/Window functions Window Functions - SQL functions performing calculations across rows related to the current row. Related Links: Advanced SQL Aggregate queries Common table expressions (CTEs) Dynamic SQL Join queries Pivot and unpivot operations Recursive queries Select, insert, delete, update statements Stored procedures and triggers Subqueries Viewshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/Windows Administration Windows Administration - core Windows system administration tasks including user management, registry operations, services, and remote access. Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualization Windows Administration Fundamentals Related Links: Active Directory Active Directory Enumeration Create Shortcut via IShellLink COM Interface File Creation File Operations Windows Exploitation Write File to Diskhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/windows-administration-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-administration/windows-administration-fundamentals/Windows Administration Fundamentals Windows Administration Fundamentals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add User to Local Group Check Process Admin Privileges Kernel Check Process Elevation Status Check Token Elevation Status via NtQueryInformationToken Create Local Remote Service Create Local User Create Local User Account Create Remote Service Delete Remote Service Disk Interaction Enable Disable RDP Enable Disable Restricted Admin Enable Remote Desktop via Registry Get Domain SID Hostname Verification Hypervisors Permissions PowerShell PowerShell Security Print OS Version Query Extended Service Status Query Remote Registry Key Query Remote Service Query Service Configuration MS-SCMR Read Process Memory via Pread Registry Interaction Registry Key Interaction Registry Modifications Scheduled Tasks and Cron Jobs Service Control Manager Interaction Service Creation and Manipulation Start a Service MS-SCMR Start Local Remote Service Start Remote Registry User Access Control (UAC) Virtualizationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/windows-dll-template/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/windows-dll-template/Windows DLL Template Windows DLL Template - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Worm-Like Propagation XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/windows-exploitation/Windows Exploitation Windows Exploitation - techniques for escalating privileges, moving laterally, and maintaining persistence in Windows environments post-compromise. AlwaysInstallElevated Privilege Escalation Check Brute Force vs Password Spraying Windows Check HKCU AlwaysInstallElevated Check HKLM AlwaysInstallElevated DLL Hijacking Elevate Process to SYSTEM Enable SeDebugPrivilege Exploitation Enable WDigest for Credential Capture Jail Breaking Lateral Movement Techniques Living Off the Land (LOTL) Techniques Maintaining Persistence Techniques Move File to Startup Folder Persistence via Startup Folder Privilege Escalation Techniques Python Jail Breaking Registry Kill Switch Related Links: Active Directory Active Directory Enumeration Create Shortcut via IShellLink COM Interface File Creation File Operations Windows Administration Write File to Diskhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/windows-internals/Windows Internals Windows Internals - foundational knowledge of Windows architecture, kernel structures, API resolution, and PE file format for malware development. API Set Resolution Blocking Driver Loading Kernel Check If Process Is WOW64 Cleaning Driver Artifacts from Memory Dumps Kernel Disabling the Debugger Kernel DLL Injection via ZwCreateThreadEx Kernel Internals Elevate Process to SYSTEM Kernel Enable SeDebugPrivilege Hide Process Kernel Internals Hide Thread Kernel Internals Indirect Syscalls Kernel Modules Enumeration via AuxKlibQueryModuleInformation Kernel Modules Enumeration via PsLoadedModuleList Kernel Modules Enumeration via ZwQuerySystemInformation Mmgetsystemroutineaddress Replacement with String Hashing Kernel Process Enumeration via ZwQuerySystemInformation Kernel Reading a File Kernel Retrieving Kernel Version Retrieving Process Identifier Kernel Retrieving Process Image Base Address Kernel Retrieving Process Name Kernel Retrieving Process Parent ID Kernel Retrieving Process Session ID Kernel Retrieving the Address of an Unexported ZW API Kernel Shellcode Injection via ZwCreateThreadEx Kernel Internals Syscall Gadget Pattern Scan Syscall Number Retrieval from NTDLL Kernel Syscalls Tampering Tampered Syscalls via Hardware Breakpoints Terminating a Process Kernel Thread Enumeration Techniques Thread Enumeration via ProcFS Thread Enumeration via Syscall Thread Hijacking Kernel Internals User Mode Function Lookup in Process Modules Kernel User Mode Process Modules Enumeration Kernel Using Class in C Kernel WinAPIs PE File Format Overview Related Links: Beacon Object Files (BOF) C2 and Networking Credential Dumping Malware Concepts Payload and PE Persistence Process Injection Sleep Obfuscationhttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/Windows Security and Administration Windows Security and Administration - Windows OS administration, Active Directory management, security hardening, and post-exploitation techniques. Active Directory Active Directory Enumeration Create Shortcut via IShellLink COM Interface File Creation File Operations Windows Administration Windows Exploitation Write File to Disk Related Links: Application Security Bash Burp Suite Cryptography Cybersecurity Encryption Firewalls Ghidra Hashing Incident Response and Forensics Information Security Models Linux Operating System Malware Analysis Malware Development Network Security Nginx Nmap Obfuscation and Detection Evasion Offensive Phishing Operations Ransomware SOC and Detection Engineering Social Engineering Threat Modeling Wiresharkhttps://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/infrastructure-as-code/server-administration/windows-security-and-hardening/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/infrastructure-as-code/server-administration/windows-security-and-hardening/Windows Security and Hardening Windows Security and Hardening - securing Windows servers through Group Policy, patch management, and audit configuration. Related Links: Firewall Configuration Linux Security and Hardening Linux Server Administration SSH Windows Server Administrationhttps://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/infrastructure-as-code/server-administration/windows-server-administration/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/devops-and-platform-engineering/infrastructure-as-code/server-administration/windows-server-administration/Windows Server Administration Windows Server Administration - managing Windows Server environments including Active Directory, IIS, and PowerShell automation. Related Links: Firewall Configuration Linux Security and Hardening Linux Server Administration SSH Windows Security and Hardeninghttps://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/network-security/wireless-and-physical-attacks/Wireless and Physical Attacks Wireless and Physical Attacks - techniques exploiting wireless communications, radio frequencies, and physical-layer channels to compromise systems. Acoustic Communication Exploits Bluetooth Exploits Deauth Evil Twin Attacks Infrared Exploits Near-Field Communication (NFC) Exploits Power Line Communication Exploits Quantum Communication Exploits Radio Frequency Exploits Rogue Access Point Satellite Communication Exploits Ultrasonic Communication Exploits Visible Light Communication Exploits WiFi Exploits Related Links: DNS Lookup Host Check ICMP Echo Network Attacks Network Evasion Techniques Network Protocols Port Scanning TCP Port Scan VPNshttps://r0tbyt3.dev/wiki/content/cybersecurity/wireshark/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/wireshark/Wireshark Wireshark - a widely used network protocol analyzer for capturing and interactively inspecting network traffic in real time. Network Forensics with Wireshark Protocol Analysis Tcpdump Wireshark Fundamentals Related Links: Application Security Bash Burp Suite Cryptography Cybersecurity Encryption Firewalls Ghidra Hashing Incident Response and Forensics Information Security Models Linux Operating System Malware Analysis Malware Development Network Security Nginx Nmap Obfuscation and Detection Evasion Offensive Phishing Operations Ransomware SOC and Detection Engineering Social Engineering Threat Modeling Windows Security and Administrationhttps://r0tbyt3.dev/wiki/content/cybersecurity/wireshark/wireshark-fundamentals/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/wireshark/wireshark-fundamentals/Wireshark Fundamentals Wireshark Fundamentals - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Network Forensics with Wireshark Protocol Analysis Tcpdumphttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/wmi-query/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/c2-and-networking/wmi-query/WMI Query WMI Query - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Alertable Functions APC Queues Automated C2 Infrastructure Setup C2 Communication Techniques Command and Control Patterns Custom SMB Client Data Exfiltration Techniques Domain Generation Algorithms (DGA) Domain Registration Kill Switch Download and Upload via SMB Download File via BITS Execute Shell Command Fetch Payload via URL Fetch Payload via URL using IWinHttpRequest COM Interface File Upload via SMB Get Payload from URL Introduction to Havoc C2 List SMB Files Malware Kill Date Malware Working Hours MsgWaitForMultipleObjectsEx Alertable Function Multiple Alertable Functions Named Pipes PowerShell Execution via .https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/worm-like-propagation/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/worm-like-propagation/Worm-Like Propagation Worm-Like Propagation - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template XLL Templateshttps://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/write-file-to-disk/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/windows-security-and-administration/write-file-to-disk/Write File to Disk Write File to Disk - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Active Directory Active Directory Enumeration Create Shortcut via IShellLink COM Interface File Creation File Operations Windows Administration Windows Exploitationhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/beacon-object-files-bof/writing-bof-files/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/beacon-object-files-bof/writing-bof-files/Writing BOF Files Writing BOF Files - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: BOF Execution Introduction to BOF LSASS Dump BOF Object File Loader with Module Stomping Threadless Shellcode Injection via HWBPs BOFhttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/writing-custom-shellcode/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/writing-custom-shellcode/Writing Custom Shellcode Writing Custom Shellcode - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/writing-to-process-memory-via-apcs/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/payload-and-pe/writing-to-process-memory-via-apcs/Writing to Process Memory via APCs Writing to Process Memory via APCs - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APC Injection via Write to Process Memory Automated Payload Generation Techniques Building a Loader Building a PE Packer Building an Evasive DLL Payload Loader Command Line Argument Spoofing Compile-Time Hash Obfuscation Compile-Time String Encryption Controlling Payload Execution CRT Library Removal CRT Removal Custom WinAPI Functions DLL Sideloading via at.https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/xll-templates/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/malware-concepts/xll-templates/XLL Templates XLL Templates - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Add Binary Icon AI-Generated Malware Assembly Automated Botnet Development Automated Cryptojacking Malware Development Automated Fileless Malware Development Automated Malware Delivery Techniques Automated Malware Distribution Techniques Automated Payload Generation Automated Polymorphic and Metamorphic Malware Development AV Detection Mechanisms Binary Metadata Modification Binary Properties Icon Metadata Block DLL Policy Bring Your Own File Extension Bring Your Own Protocol Handler Bring Your Own Vulnerable Driver (BYOVD) Building a DRM-Equipped Malware C Programming Capturing and Saving Screenshots into Memory Create a DLL Template Cryptojacking Exploits Custom Built Tools Demonstration Developing a Keylogger DLL Sideloading for EDR Evasion DLL Sideloading Overview DLL Sideloading Practical Example DRM-Equipped Malware Encryption and Packing Encryption and Packing Techniques Exploiting EDR for Evasion Fileless Malware Hide Console Window Hide Process Kernel Hide Thread Kernel Introduction to DLL Sideloading Introduction to EDRs Introduction to Keylogging Introduction to MASM Assembly Introduction to the Windows OS Malware Binary Signing Malware Compiling Malware Development Techniques Malware Directory Placement Metamorphic Malware Monitoring Display State Kernel Monitoring User Presence Kernel More C Fundamentals Persistence Techniques Overview Polymorphic and Metamorphic Techniques Polymorphic Malware Print a Hexadecimal Array Print OS Version Process Creation Python for Malware Development Rootkits Rootkits and Bootkits Screen Capture to BMP Windows DLL Template Worm-Like Propagationhttps://r0tbyt3.dev/wiki/content/cybersecurity/encryption/xor-encryption-decryption-via-multi-byte-key/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/encryption/xor-encryption-decryption-via-multi-byte-key/XOR Encryption Decryption via Multi-Byte Key XOR Encryption Decryption via Multi-Byte Key - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AES Base N Encoder Entropy Reduction Brute Forcing Key Decryption Caesar Cipher Encryption Decryption ChaCha20 Encryption Algorithm Data Encryption Techniques Encryption Fundamentals Generating Encryption Keys Without WinAPI Calls Random Key Generation RC4 SystemFunction040 Encryption Decryption XOR Encryption Decryption via Single Bytehttps://r0tbyt3.dev/wiki/content/cybersecurity/encryption/xor-encryption-decryption-via-single-byte/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/encryption/xor-encryption-decryption-via-single-byte/XOR Encryption Decryption via Single Byte XOR Encryption Decryption via Single Byte - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: AES Base N Encoder Entropy Reduction Brute Forcing Key Decryption Caesar Cipher Encryption Decryption ChaCha20 Encryption Algorithm Data Encryption Techniques Encryption Fundamentals Generating Encryption Keys Without WinAPI Calls Random Key Generation RC4 SystemFunction040 Encryption Decryption XOR Encryption Decryption via Multi-Byte Keyhttps://r0tbyt3.dev/wiki/content/cybersecurity/application-security/injection-attacks/xss/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/application-security/injection-attacks/xss/XSS XSS - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Buffer Overflows CSRF Directory Traversal SQL Injection Timing Attackshttps://r0tbyt3.dev/wiki/content/cybersecurity/threat-modeling/zero-day/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/threat-modeling/zero-day/Zero Day Zero Day - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: APT OSINT Reconnaissance Techniques Supply Chain Attacks Threat Modeling Fundamentalshttps://r0tbyt3.dev/wiki/content/cybersecurity/firewalls/zero-trust-architecture/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/firewalls/zero-trust-architecture/Zero Trust Architecture Zero Trust Architecture - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: DMZ Firewalls Overview Honeypots Jump Server Microsegmentation Network Segmentation Port Blockinghttps://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/sleep-obfuscation/zilean-sleep-obfuscation-with-stack-duplication/Mon, 01 Jan 0001 00:00:00 +0000https://r0tbyt3.dev/wiki/content/cybersecurity/malware-development/sleep-obfuscation/zilean-sleep-obfuscation-with-stack-duplication/Zilean Sleep Obfuscation with Stack Duplication Zilean Sleep Obfuscation with Stack Duplication - a cybersecurity concept, technique, or tool relevant to this section of the wiki. Related Links: Ekko Sleep Obfuscation with Control Flow Guard Ekko Sleep Obfuscation with Restored File Section Protections Ekko Sleep Obfuscation with RtlEncryptMemory and RtlDecryptMemory Ekko Sleep Obfuscation with Stack Spoofing Heap Encryption with Ekko Sleep Obfuscation Introduction to Ekko Sleep Obfuscation Introduction to Foliage Sleep Obfuscation Introduction to Sleep Obfuscation PEfluctuation