Red Team
[Exploiting Application Logic to Phish Internal Mailing Lists | by Tanner | Jan, 2023 | Medium](https://medium.com/@cachemoney/exploiting-application-logic-to-phish-internal-mailing-lists-486b94fc2ef1) |
[Give me a browser, I’ll give you a Shell | by Rend | System Weakness](https://systemweakness.com/give-me-a-browser-ill-give-you-a-shell-de19811defa0) |
Wra7h/FlavorTown: Various ways to execute shellcode
[Home Grown Red Team: Let’s Make Some OneNote Phishing Attachments | by assume-breach | Feb, 2023 | Medium](https://assume-breach.medium.com/home-grown-read-team-lets-make-some-onenote-phishing-attachments-a14f4ef6ccc4) |
Offphish - Phishing revisited in 2023
[The toddler’s introduction to Heap exploitation (Part 1) | by +Ch0pin🕷️ | InfoSec Write-ups](https://infosecwriteups.com/the-toddlers-introduction-to-heap-exploitation-part-1-515b3621e0e8) |
[The toddler’s introduction to Dynamic Memory Allocation | by +Ch0pin🕷️ | InfoSec Write-ups](https://infosecwriteups.com/the-toddlers-introduction-to-dynamic-memory-allocation-300f312cd2db) |
pwndbg/pwndbg: Exploit Development and Reverse Engineering with GDB Made Easy
Linux Privilege Escalation for Beginners - YouTube
CMEPW/BypassAV: This map lists the essential techniques to bypass anti-virus and EDR
Maintaining persistent access in a SaaS-first world
gh0x0st/wanderer: An open-source process injection enumeration tool written in C#
namazso/linux_injector: A simple ptrace-less shared library injector for x64 Linux
frkngksl/Shoggoth: Shoggoth: Asmjit Based Polymorphic Encryptor
Practical EDR Bypass Methods in 2022 - István Tóth - YouTube
Mez0: Vulpes: Obfuscating Memory Regions with Timers
[SilentMoonwalk: Implementing a dynamic Call Stack Spoofer | CyberSecurity Blog](https://klezvirus.github.io/RedTeaming/AV_Evasion/StackSpoofing/) |
Null Terminated Programming 101 - x64
Intro to x64 assembly programming and writing shellcode that does not contain any null bytes (a common constraint).
Facebook’s ‘Red Team X’ Hunts Bugs Beyond the Social Network’s Walls
Wired article discussing Facebook’s ‘Red Team X,’ whose purview is basically any tech
that Facebook uses, including hardware, software, low-level firmware, cloud
services, network tools, and even industrial control. It ain’t cheap having
teams like this, but Red Team X, Project Zero, and the like are valuable for
pushing security forward. Also, shout-out to my bud Vlad
Ionescu who is quoted throughout 🙌