NO-MERCY Posted March 15, 2014 Report Share Posted March 15, 2014 Hello RST ...This book about "AWE" Advanced Windows Exploitation V1.1Offensive Security#----------------------#Table of Contents #----------------------#Module 0x00 Introduction _ Module 0x01 Egghunters _ Lab Objectives _ Overview _ Exercise 1-1 MS08-067 Vulnerability _ MS08-067 Case Study: Crashing the Service _ MS08-067 Case Study: Finding the Right Offset _ MS08-067 Case Study: From PoC to Exploit _ Controlling the Execution Flow _ Getting our Remote Shell _ Wrapping UpModule 0x02 Bypassing NX _ Lab Objectives _ A Note from the Authors - Overview _ Hardware-Enforcement and the NX Bit _ Hardware-Enforced DEP Bypassing Theory Part I _ Hardware-Enforced DEP Bypassing Theory Part II _ Hardware-Enforced DEP on Windows 2003 Server SP2 _ MS08-067 Case Study: Testing NX Protection _ Exercise _ MS08-067 Case Study: Approaching the NX Problem _ MS08-067 Case Study: Memory Space Scanning _ MS08-067 Case Study: Defeating NX _ Exercise _ MS08-067 Case Study: Returning into our Buffer _ Exercise _ Wrapping Up Module 0x02 (Update) Bypassing DEP AlwaysOn Policy _ Lab Objectives _ Overview _ Ret2Lib Attacks and Their Evolution _ Return Oriented Programming Exploitation _ Immunity Debugger’s API and findroppy _ Exercise _ ASLR _ PHP 60 Dev Case Study: The Crash _ PHP 60 Dev Case Study: The ROP Approach _ PHP 60 Dev Case Study: Preparing the Battlefield _ Exercise _ PHP 60 Dev Case Study: Crafting the ROP Payload _ Steps 1 and 2 _ Steps 3 and 4 _ Step 5 _ PHP 60 Dev Case Study: Getting our Shell _ Exercise _ Deplib: Gadgets on Steroids _ Classification _ Searching the Database _ Stack Pivoting _ Wrapping UpModule 0x03 Custom Shellcode Creation _ Lab Objectives _ Overview _ System Calls and “The Windows Problem” _ Talking to the Kernel _ Finding kernel32dll: PEB Method _ Exercise _ Resolving Symbols: Export Directory Table Method _ Working with the Export Names Array _ Computing Function Names Hashes _ Fetching Function's VMA _ MessageBox Shellcode _ Exercise _ Position Independent Shellcode (PIC) _ Exercise _ Shellcode in a Real Exploit _ Exercise _ Wrapping UpModule 0x04 Venetian Shellcode _ Lab Objectives _ Overview _ The Unicode Problem _ The Venetian Blinds Method _ Exercise _ DivX Player 66 Case Study: Crashing the Application _ Exercise _ DivX Player 66 Case Study: Controlling the Execution Flow _ Exercise _ DivX Player 66 Case Study: The Unicode Payload Builder _ DivX Player 66 Case Study: Getting our Shell _ Exercise Module 0x05 Kernel Drivers Exploitation _ Lab Objectives _ Overview _ Windows I/O System and Device Drivers _ Communicating with drivers _ I/O Control Codes _ Privilege Levels and Ring0 Payloads _ Staging R3 Payloads from Kernel Space _ Case Study Payloads _ Case Study Payload (1): Token Stealing _ Case Study payload (2): MSR Hooking _ Function Pointer Overwrites _ avast! Case Study: Kernel Memory Corruption _ avast! Case Study: Way Down in ring0 Land _ Exercise _ avast! Case Study: Bypassing Device Driver Checks _ Exercise _ avast! Case Study: EIP Hunting _ Exercise _ avast! Case Study: Elevation (1) _ Exercise _ avast! Case Study: Elevation (2) _ Exercise _ Wrapping upModule 0x06 64-bit Kernel Driver Exploitation _ Lab Objectives _ Overview _ 64-bit Address Space _ 64-bit Main Enhancements _ Windows-On-Windows Emulation _ 64-bit Exploitation: General Concepts _ MS11-080 Case Study: The Bug _ MS11-080 Case Study: IOCTL Hunting _ MS11-080 Case Study: Triggering the vulnerable code _ Exercise _ MS11-080 Case Study: Mapping your Route _ MS11-080 Case Study: “BSODing” the Box _ Exercise _ MS11-080 Case Study: Owning RIP _ MS11-080 Case Study: You are on your Own Bring me a SYSTEM Shell! Module 0x07 Heap Spraying _ Lab Objectives _ Overview _ JavaScript Heap Internals Key Points _ Heap Spray: The Technique _ Heap Spray Case Study: CVE-2011-2371 POC _ Exercise _ Heap Spray Case Study: A Deeper Look at the Bug _ Heap Spray Case Study: Mapping the Object in Memory _ Exercise _ Heap Spray Case Study: Controlling the Execution Flow _ Exercise _ Heap Spray Case Study: Stack Pivoting _ Exercise _ Heap Spray Case Study: Pointers Stunts _ Exercise _ Heap Spray Case Study: When 1bit = Shell _ Exercise _ Wrapping Up Download link : "AWE" Advanced Windows Exploitation V1.1size : 33 Mbparts : 4 pdf'spages : 185password : NO-MERCYBest Regrads 2 Quote Link to comment Share on other sites More sharing options...
AlexDavidson00011 Posted November 13, 2017 Report Share Posted November 13, 2017 "This file is no loger Avalible" Srsly, is this a joke? 3 Quote Link to comment Share on other sites More sharing options...
spider Posted November 13, 2017 Report Share Posted November 13, 2017 1 minute ago, AlexDavidson00011 said: "This file is no loger Avalible" Srsly, is this a joke? Posted March 15, 2014 2 Quote Link to comment Share on other sites More sharing options...
AlexDavidson00011 Posted November 13, 2017 Report Share Posted November 13, 2017 Yes i am!! ;-; 2 Quote Link to comment Share on other sites More sharing options...
gutui Posted November 13, 2017 Report Share Posted November 13, 2017 https://top-kickass.org/F20E09397C6EC52B295006E6EDA44FE246D0AC00 Quote Link to comment Share on other sites More sharing options...
num1r0 Posted November 13, 2017 Report Share Posted November 13, 2017 23 minutes ago, gutui said: https://top-kickass.org/F20E09397C6EC52B295006E6EDA44FE246D0AC00 Doar ca fiti mai atenti cind extrageti PDF-ul (daca exista) https://www.virustotal.com/#/file/575146a3e8f99b11b12a0fc2dd84fe011d879fc8c2fc5eece2425de91b5fb52d/detection Un VM nu ar incurca (deconectat de la net). 1 Quote Link to comment Share on other sites More sharing options...
Tejvil Posted April 8, 2018 Report Share Posted April 8, 2018 Ok am si eu o intrebare ....de ce nu merge link-ul si ce e cu link-ul cu top-kickass ...daca a luat cineva de acolo ...e o sursa sigura ? Quote Link to comment Share on other sites More sharing options...
spider Posted April 8, 2018 Report Share Posted April 8, 2018 1 hour ago, Tejvil said: Ok am si eu o intrebare ....de ce nu merge link-ul si ce e cu link-ul cu top-kickass ...daca a luat cineva de acolo ...e o sursa sigura ? Arhiva din acel torent; o descarci pe riscul tau : ) Offensive Security - Advanced Windows Exploitation (AWE) v 1.1 Quote Link to comment Share on other sites More sharing options...