Tutorials
Exploit DevelopmentUnderstanding the Stack: Frames, Prologue/Epilogue, and Stack LayoutLearn how x86 and x64 Windows stack frames are structured — from EBP chains and shadow space to prologue/epilogue sequences — and…Read →Exploit Developmentx86 and x64 Calling Conventions: cdecl, stdcall, fastcall, and System VCalling conventions dictate exactly where return addresses and arguments sit in memory. This tutorial breaks down cdecl, stdcall, fastcall, Microsoft x64, and…Read →Exploit DevelopmentWinDbg Crash Course: Navigation, Commands, and Workflow for Exploit DevsLearn to drive WinDbg from first principles — attach to targets, read access violations, master every breakpoint type, and use Time Travel…Read →Exploit DevelopmentSetting Up Your Exploit Development Lab (VMs, Debuggers, Tools)Learn to build a fully isolated Windows exploit development lab with two VMs, WinDbg kernel debugging, x64dbg, mona.py, boofuzz, and vulnerable targets…Read →Adversary EmulationThreat-Informed Defense: Principles, Frameworks, and the Intelligence-Driven Security CycleMove beyond brittle IOCs with threat-informed defense. This tutorial covers the Pyramid of Pain, MITRE ATT&CK, the six-phase CTI lifecycle, STIX/TAXII, M3TID…Read →Adversary EmulationAdversary Emulation vs. Adversary Simulation: Definitions, Differences, and Why It MattersAdversary emulation and adversary simulation are not synonyms. This tutorial breaks down both disciplines, maps them to MITRE ATT&CK, and shows you…Read →Red TeamingThe Attack Lifecycle: Reconnaissance to ExfiltrationFollow a full red team operation through every MITRE ATT&CK Enterprise tactic — from passive OSINT and phishing to credential dumping, lateral…Read →Red TeamingRed Teaming Fundamentals: Mindset, Methodology, and Engagement TypesDiscover how red team engagements differ from pen testing, how the adversarial mindset works, and how MITRE ATT&CK connects offensive TTPs to…Read →Windows InternalsAPCs: Asynchronous Procedure Calls and Thread Hijacking SurfaceDeep-dive into Windows Asynchronous Procedure Calls — from KAPC kernel structures and KiDeliverApc dispatch to classic, early-bird, and special user APC injection…Read →Windows InternalsDPCs: Deferred Procedure Calls and Interrupt DeferralDeep dive into Windows Deferred Procedure Calls (DPCs): how the kernel defers ISR work to DISPATCH_LEVEL, the KDPC lifecycle, and how rootkits…Read →Windows InternalsIRQL Levels: Interrupt Request Priorities ExplainedDeep-dive into Windows Interrupt Request Levels (IRQL): how the HAL arbitrates hardware and software interrupts, which kernel operations are legal at each…Read →Windows InternalsSystem Calls and SSDT: How User Mode Reaches the KernelExplore how the SYSCALL instruction, MSR_LSTAR, and the System Service Descriptor Table (SSDT) bridge user mode and the Windows kernel — and…Read →