A tester here. Looking forward to connecting and learning from you.

I make notes so that I don't forget.

.-- .-- .-- .-.-.- .-.. .. -. -.- . -.. .. -. .-.-.- -.-. --- -- -..-. .. -. -..-. .-.. .. ..-. . - .. -- . ... -.-. .-. .. .--. - -.- .. -.. -.. .. .

SSBkb24ndCBrbm93IHdoYXQgSSBhbSBkb2luZy4gClNvIGhlbHAgbWUsIEdvZC4=

March 2025

Goal: Make a CS beacon that can survive the initial drop by the end of this month.
What I need:
Deep understanding of Binaries and windows system
Deep understanding of EDR
Deep understanding of Cobalt Strike kits

Resources: CRTO, CRTL, Maldev, chatgpt!

How does a binary work ?

graph TD
  A[DOS Headers -- IMAGE_DOS_HEADER] -->|e_lfanew _File Offset_| B[NT Headers -- IMAGE_NT_HEADERS]
  B --> C[File Header -- IMAGE_FILE_HEADER]
  B --> D[Optional Header -- IMAGE_OPTIONAL_HEADER]
  D --> E[Data Directories _Contain RVAs_]
  E --> F[Export Table RVA]
  E --> G[Import Table RVA]
  E --> H[Resource Table RVA]
  D --> I[Section Table -- IMAGE_SECTION_HEADER]
  I --> J[.text - RVA]
  I --> K[.data - RVA]
  I --> L[.rdata - RVA]

0. Resources
1. Portable Executable Structure
2. From PE to Memory
3. Flow of System Calls - ntdll.dll, kernel32.dll
4. Win32 API and Windows Native API
4a. NTDLL.DLL - Overview and Functionality
5. Syscalls Flow
5a. Syscalls Deep dive
5b. From Memory - PEB_TEB
6. Execution

graph TD
    A[User Application] -->|Calls Function| B[Win32 API - kernel32.dll / user32.dll]
    B -->|Calls Function| C[Ntdll.dll - Native API]
    C -->|Executes Syscall Instruction| D[Windows Kernel - KiSystemService]
    D -->|Handles Request| E[Kernel-Mode Service - ntoskrnl.exe]
    E -->|Returns Result| D
    D -->|Returns to User Mode| C
    C -->|Returns Result| B
    B -->|Returns to Application| A

How does EDR work?
1. Let's understand EDR like a blue team
2. Let's understand EDR like a red team

How to bypass EDR?
0. Binary creation and insertion
1. Download Prevention & Bypass Techniques
1a. AES, RC4, XOR encryption
1b. XOR-Based Self-Decrypting Payload (With Memory Execution)
1c. RC4-Based Self-Decrypting Payload (C++)
1d. AES-Based Self-Decrypting Payload (C++)
1e. Advanced UPX Methods for Modifying Binary Structure
2. Direct syscalls intro
2a. Direct Syscalls cpp
2b. Indirect Syscalls intro
2c. Indirect Syscalls -Tool
3. API Hooking

Learn Clouds like a systems engineer and attack like a script kiddie

AtoZ Cyber LLC Cloud Journey

Learn Clouds
<<<<<<< HEAD
0. Clouds
1. Clouds testing Scoping
2. Associate roles and services

Attack Clouds
0. Attack Clouds
1. Search for Credentials - Services
2. Search for Credentials - File

0. Clouds
1. Clouds testing Scoping
2. Associate roles and services

Attack Clouds
0. Attack Clouds
1. Search for Credentials - Services
2. Search for Credentials - File

Attack Azure
0. Resources
0. Azure - Readme
1. Azure Blob Container to Initial Access
2. Unlock Access with Azure Key Vault
3. Azure with Bloodhound and Microsoft.Graph
4. Loot Exchange, Teams and SharePoint with GraphRunner
5. Unmask Privileged Access in Azure
6. Azure Recon to Foothold and Profit
8. Execute Azure Credential Shuffle to Achieve Objectives

Attack AWS
0. AWS Resources
1. AWS Cloud Services
2. AWS Enumeration Process
AWS -Tools

AWS Practice - flaws.cloud
AWS Practice 2 -flaws2.cloud

Learn Web application like a systems engineer and attack like a script kiddie

0. Web Architecture 101
1. Attack Web application
2. DNS Security - Defen ding Against Attacks
3. Load Balancer Security- Defending Against Attacks
4. Web Application Server Security- Defending Against Attacks
4a. RCE
5. Databases
6. Web Caching Security- Attacks & Mitigation Strategies
7a. Introduction to Job Queue Security
8. Microservices Security- Protecting APIs & Authentication Mechanisms
8a. JWT
8b. OAuth
8c. SAML
9. Introduction to Data Pipeline Security