- Operating System and Programming Fundamentals
- Low Level Programming Languages
- Programming Concepts
- Windows Concepts
- Windows on Windows
- Win32 API
- Windows Registry
- Client Side Code Execution with Office
- Droppers
- HTML Smuggling
- Phishing With Microsoft Office
- Basic Macro Payloads
- Security Settings of Microsoft Office
- Opening cmd.exe from macros
- Powershell with Macros
- Phishing user into disabling protected view and Enabling Macros
- Shellcode Execution in word Memory
- Interacting with Win32 API from VBA
- In-Memory Shellcode runner in VBA
- Shellcode Runner using Powershell
- Calling Win32 API from Powershell
- Shellcode Runner in Powershell
- In-Memory Shellcode Runner in Powershell
- Problem with Add-Type
- Leveraging UnsafeNativemethods
- Reflection Shellcode Runner in Powershell
- Working With Proxy
- Client Side Code Execution with Windows Script Host
- Basic Dropper in Jscript
- Jscript and C#
- DotNetToJscript
- Win32 API calls from C#
- Shellcode Runner in C# using Win32 API
- Jscript Shellcode Runner
- SharpShooter
- Reflective Load of Win32 API for In-Memory Powershell
- Process Injection and Migration
- Process Injection
- Process Injection Theory
- Process Injection in C#
- DLL Injection
- DLL Injection Theory
- DLL Injection in C#
- Reflective DLL Injection
- Process Hollowing
- Process Injection
- Antivirus Evasion
- Overview
- Signature Based Detection
- Bypassing AV with Metasploit
- Encoders
- Encrypters
- Bypassing AV with C#
- Caesar Cipher
- Sleep Timers
- Non-Emulated APIs
- Bypassing AV with Office
- AV Bypass with VBA
- VBA Stomping
- Powershell in VBA
- Dechaining with WMI
- Obfuscating VBA
- Advanced Antivirus Evasion
This repo is still work in progress. Any errors or suggestions can be conveyed by raising an issue. You can contact me directly on my Discord or Twitter