Tutorials
Windows InternalsAccess Tokens and Privileges: The Kernel’s Security ContextEvery Windows process runs inside a security context defined by its access token. Learn how the kernel builds and enforces that context…Read →Windows InternalsSIDs and Security Descriptors: Identity in Windows SecurityUnderstand how Windows uses Security Identifiers and security descriptors to make every access decision — and how attackers abuse NULL DACLs, SID-History…Read →Exploit DevelopmentEgghunters: Staged Payload Delivery When Buffer Space Is TightWhen your overflow buffer is too small for real shellcode, an egghunter scans process memory for your tagged payload and jumps to…Read →Exploit DevelopmentShellcode Encoders: XOR Encoding, Custom Decoders, and Avoiding Bad CharsControl EIP but your shellcode dies in transit? This tutorial covers XOR encoding, custom x86 decoder stubs using JMP-CALL-POP, per-chunk keying, and…Read →Red TeamingPhishing Campaign Design: Pretexting, Lures, and Target ProfilingBuild effective authorized phishing simulations by mastering OSINT target profiling, pretext construction, and lure delivery selection — with full MITRE ATT&CK coverage…Read →Adversary EmulationAPT Profiling: How to Build a Comprehensive Adversary Profile from Open-Source IntelligenceMaster APT profiling by systematically collecting OSINT, mapping TTPs to MITRE ATT&CK, and serializing a full adversary dossier in STIX 2.1 —…Read →Red TeamingBuilding a Red Team Lab: Infrastructure, VMs, and C2 SetupDesign and deploy a self-contained red team lab with tiered network segmentation, Sliver C2, redirector chains, and a full blue team monitoring…Read →Exploit DevelopmentPosition-Independent Code: Writing PIC Shellcode Without Hardcoded AddressesDiscover how Windows shellcode achieves position independence by walking the PEB loader chain, hashing export names with ROR-13, and eliminating null bytes…Read →Exploit DevelopmentWriting x64 Shellcode: Differences, Shadow Space, and Register ConventionsLearn the ABI-level differences between x86 and x64 Windows shellcode, including shadow space, register conventions, PEB walking via GS:[0x60], and export table…Read →Windows InternalsFibers: User-Mode Cooperative ThreadsDeep dive into Windows fibers: how cooperative context switches work entirely in user mode, how the TEB and undocumented FIBER structure tie…Read →Exploit DevelopmentWriting Your First Shellcode: x86 Reverse Shell from ScratchLearn to hand-craft a Windows x86 reverse shell in NASM — resolving APIs via PEB walk and PE export parsing, initialising Winsock,…Read →Exploit DevelopmentBad Characters, Null Bytes, and Restricted Character SetsDiscover why bad characters like null bytes corrupt shellcode in buffer overflows, how to enumerate restricted character sets with mona.py, and how…Read →