NO-MERCY Posted March 15, 2014 Report Posted March 15, 2014 Hello RST ...This book about "AWE" Advanced Windows Exploitation V1.1Offensive Security#----------------------#Table of Contents #----------------------#Module 0x00 Introduction _ Module 0x01 Egghunters _ Lab Objectives _ Overview _ Exercise 1-1 MS08-067 Vulnerability _ MS08-067 Case Study: Crashing the Service _ MS08-067 Case Study: Finding the Right Offset _ MS08-067 Case Study: From PoC to Exploit _ Controlling the Execution Flow _ Getting our Remote Shell _ Wrapping UpModule 0x02 Bypassing NX _ Lab Objectives _ A Note from the Authors - Overview _ Hardware-Enforcement and the NX Bit _ Hardware-Enforced DEP Bypassing Theory Part I _ Hardware-Enforced DEP Bypassing Theory Part II _ Hardware-Enforced DEP on Windows 2003 Server SP2 _ MS08-067 Case Study: Testing NX Protection _ Exercise _ MS08-067 Case Study: Approaching the NX Problem _ MS08-067 Case Study: Memory Space Scanning _ MS08-067 Case Study: Defeating NX _ Exercise _ MS08-067 Case Study: Returning into our Buffer _ Exercise _ Wrapping Up Module 0x02 (Update) Bypassing DEP AlwaysOn Policy _ Lab Objectives _ Overview _ Ret2Lib Attacks and Their Evolution _ Return Oriented Programming Exploitation _ Immunity Debugger’s API and findroppy _ Exercise _ ASLR _ PHP 60 Dev Case Study: The Crash _ PHP 60 Dev Case Study: The ROP Approach _ PHP 60 Dev Case Study: Preparing the Battlefield _ Exercise _ PHP 60 Dev Case Study: Crafting the ROP Payload _ Steps 1 and 2 _ Steps 3 and 4 _ Step 5 _ PHP 60 Dev Case Study: Getting our Shell _ Exercise _ Deplib: Gadgets on Steroids _ Classification _ Searching the Database _ Stack Pivoting _ Wrapping UpModule 0x03 Custom Shellcode Creation _ Lab Objectives _ Overview _ System Calls and “The Windows Problem” _ Talking to the Kernel _ Finding kernel32dll: PEB Method _ Exercise _ Resolving Symbols: Export Directory Table Method _ Working with the Export Names Array _ Computing Function Names Hashes _ Fetching Function's VMA _ MessageBox Shellcode _ Exercise _ Position Independent Shellcode (PIC) _ Exercise _ Shellcode in a Real Exploit _ Exercise _ Wrapping UpModule 0x04 Venetian Shellcode _ Lab Objectives _ Overview _ The Unicode Problem _ The Venetian Blinds Method _ Exercise _ DivX Player 66 Case Study: Crashing the Application _ Exercise _ DivX Player 66 Case Study: Controlling the Execution Flow _ Exercise _ DivX Player 66 Case Study: The Unicode Payload Builder _ DivX Player 66 Case Study: Getting our Shell _ Exercise Module 0x05 Kernel Drivers Exploitation _ Lab Objectives _ Overview _ Windows I/O System and Device Drivers _ Communicating with drivers _ I/O Control Codes _ Privilege Levels and Ring0 Payloads _ Staging R3 Payloads from Kernel Space _ Case Study Payloads _ Case Study Payload (1): Token Stealing _ Case Study payload (2): MSR Hooking _ Function Pointer Overwrites _ avast! Case Study: Kernel Memory Corruption _ avast! Case Study: Way Down in ring0 Land _ Exercise _ avast! Case Study: Bypassing Device Driver Checks _ Exercise _ avast! Case Study: EIP Hunting _ Exercise _ avast! Case Study: Elevation (1) _ Exercise _ avast! Case Study: Elevation (2) _ Exercise _ Wrapping upModule 0x06 64-bit Kernel Driver Exploitation _ Lab Objectives _ Overview _ 64-bit Address Space _ 64-bit Main Enhancements _ Windows-On-Windows Emulation _ 64-bit Exploitation: General Concepts _ MS11-080 Case Study: The Bug _ MS11-080 Case Study: IOCTL Hunting _ MS11-080 Case Study: Triggering the vulnerable code _ Exercise _ MS11-080 Case Study: Mapping your Route _ MS11-080 Case Study: “BSODing” the Box _ Exercise _ MS11-080 Case Study: Owning RIP _ MS11-080 Case Study: You are on your Own Bring me a SYSTEM Shell! Module 0x07 Heap Spraying _ Lab Objectives _ Overview _ JavaScript Heap Internals Key Points _ Heap Spray: The Technique _ Heap Spray Case Study: CVE-2011-2371 POC _ Exercise _ Heap Spray Case Study: A Deeper Look at the Bug _ Heap Spray Case Study: Mapping the Object in Memory _ Exercise _ Heap Spray Case Study: Controlling the Execution Flow _ Exercise _ Heap Spray Case Study: Stack Pivoting _ Exercise _ Heap Spray Case Study: Pointers Stunts _ Exercise _ Heap Spray Case Study: When 1bit = Shell _ Exercise _ Wrapping Up Download link : "AWE" Advanced Windows Exploitation V1.1size : 33 Mbparts : 4 pdf'spages : 185password : NO-MERCYBest Regrads 2 Quote
AlexDavidson00011 Posted November 13, 2017 Report Posted November 13, 2017 "This file is no loger Avalible" Srsly, is this a joke? 3 Quote
spider Posted November 13, 2017 Report Posted November 13, 2017 1 minute ago, AlexDavidson00011 said: "This file is no loger Avalible" Srsly, is this a joke? Posted March 15, 2014 2 Quote
gutui Posted November 13, 2017 Report Posted November 13, 2017 https://top-kickass.org/F20E09397C6EC52B295006E6EDA44FE246D0AC00 Quote
num1r0 Posted November 13, 2017 Report Posted November 13, 2017 23 minutes ago, gutui said: https://top-kickass.org/F20E09397C6EC52B295006E6EDA44FE246D0AC00 Doar ca fiti mai atenti cind extrageti PDF-ul (daca exista) https://www.virustotal.com/#/file/575146a3e8f99b11b12a0fc2dd84fe011d879fc8c2fc5eece2425de91b5fb52d/detection Un VM nu ar incurca (deconectat de la net). 1 Quote
Tejvil Posted April 8, 2018 Report Posted April 8, 2018 Ok am si eu o intrebare ....de ce nu merge link-ul si ce e cu link-ul cu top-kickass ...daca a luat cineva de acolo ...e o sursa sigura ? Quote
spider Posted April 8, 2018 Report Posted April 8, 2018 1 hour ago, Tejvil said: Ok am si eu o intrebare ....de ce nu merge link-ul si ce e cu link-ul cu top-kickass ...daca a luat cineva de acolo ...e o sursa sigura ? Arhiva din acel torent; o descarci pe riscul tau : ) Offensive Security - Advanced Windows Exploitation (AWE) v 1.1 Quote
