A collection of resources for Windows kernel development, exploitation, analysis, and security. Suitable for beginners to experts, this compilation covers a wide range of topics including driver development, reverse engineering, vulnerability research, and Windows internals.

If I'm missing anything, please let me know in the comments. I will add it!

Windows Kernel Exploitation Resources.

@offby1security stream :: free advanced content

https://pbs.twimg.com/media/GTSrvwPaYAMW71M?format=jpg&name=900x900

There are so many incredible videos here, far too many to list. Every Friday, they stream something new, I would recommend joining them on YouTube! h/t @Steph3nSims

• https://www.youtube.com/@OffByOneSecurity
• https://www.youtube.com/@OffByOneSecurity/streams
• A Look at Modern Windows Kernel Exploitationwith Connor McGarr @33y0re
• Emulating Obfuscated Codewith @herrcore From OALABS
• Creative Windows Evasion and Forensicswith @yarden_shafir

@OpenSecTraining OpenSecurityTraining2 :: free certification quality content

https://pbs.twimg.com/media/GTSey-BaYAQvdAm?format=png&name=small

Everything is FREE! h/t @XenoKovah

• https://ost2.fyi/

Prerequisite knowledge.

These should be taken in the order they are presented here.

• Architecture 1001: x86-64 Assembly
• Debuggers 1011: Introductory WinDbg
• Debuggers 2011: Intermediate WinDbg
• Debuggers 3011: Advanced WinDbg
• Reverse Engineering 3011: Reversing C++ Binaries
• Architecture 2821: Windows Kernel Internals 2 - With @saidelike
• Exploitation 4011: Windows Kernel Exploitation: Race Condition + UAF in KTM - With @saidelike

@vxunderground Windows Papers

https://pbs.twimg.com/media/GTSaLd6aYAAFHwd?format=png&name=small

Collection of the best papers online.

• https://vx-underground.org/Papers/Windows/
• Analysis and Internals
• Kernel Mode
• Network Communications
• Process Injection
• System Components and Abuse
• Windows Internals Series

@pagedout_zine

https://pbs.twimg.com/media/GTS5eTvaYAMqV5M?format=png&name=small

There are currently four issues. Every single issue is pure alpha. Words do not exists for how good this zine is. You'll have to search through it to find Windows resources. They have plenty :)

• https://pagedout.institute/

OALabs

https://pbs.twimg.com/media/GTSdwhoaYAEzTWk?format=jpg&name=900x900

God tier tutorials!

• https://www.patreon.com/oalabs 10/10 Patreon content!
• https://www.youtube.com/@OALABS

@offsectraining Offsec Certifications

https://pbs.twimg.com/media/GTS56D2aYAQcEJB?format=png&name=360x360

• https://www.offsec.com/
• https://www.offsec.com/resources/whitepaper/
• EXP-301: Windows User Mode Exploit Development
• EXP-401: Advanced Windows Exploitation

Content Creators

@hasherezade

Software Engineer, Malware Analyst. One of the most skilled individuals in the industry.

https://pbs.twimg.com/media/GTS9N7qasAAo_Mt?format=jpg&name=small

• https://hasherezade.github.io/
• https://hasherezade.github.io/articles.html
• https://speakerdeck.com/hshrzd

Duncan Ogilvie @mrexodia

Reverse engineer, creator of @x64dbg rad content!

• https://github.com/mrexodia
• https://x64dbg.com/
• Windows Internals Crash Course
• https://www.youtube.com/@mrexodia

@LowLevelTweets Low Level Learning

Bro is cracked. Lots of amazing content.

• https://lowlevel.tv/

Additional God Tier Exploitation Resources

• https://connormcgarr.github.io/ @33y0re
• https://www.x86matthew.com/ @x86matthew
• https://secret.club/ @the_secret_club
• https://j00ru.vexillium.org/ @j00ru
• https://h0mbre.github.io/ @h0mbre_
• http://blog.rewolf.pl/blog/ @rwfpl
• https://www.ired.team/
• https://googleprojectzero.blogspot.com

Various Unsorted Exploitation Resources

• :: Detailed analysis of kernel shellcode injection techniques https://web.archive.org/web/20201031082416/https://www.fireeye.com/blog/threat-research/2018/04/loading-kernel-shellcode.html
• :: Comprehensive guide to crafting Windows kernel shellcode https://web.archive.org/web/20240620155055/https://www.matteomalvica.com/blog/2019/07/06/windows-kernel-shellcode/
• :: Three-part series on Windows 10-specific kernel shellcode development https://web.archive.org/web/20230904145124/https://improsec.com/tech-blog/windows-kernel-shellcode-on-windows-10-part-1
• :: Exploration of x64 kernel shellcode and SMEP bypass methods https://connormcgarr.github.io/x64-Kernel-Shellcode-Revisited-and-SMEP-Bypass/
• :: In-depth look at token manipulation for privilege escalation https://web.archive.org/web/20240131031335/https://www.ired.team/miscellaneous-reversing-forensics/windows-kernel-internals/how-kernel-exploits-abuse-tokens-for-privilege-escalation
• :: OWASP's introductory guide to shellcode creation https://web.archive.org/web/20230902090123/https://owasp.org/www-pdf-archive/Introduction_to_shellcode_development.pdf
• :: Beginner-friendly Windows shellcode development tutorial series https://web.archive.org/web/20230331070657/https://securitycafe.ro/2015/10/30/introduction-to-windows-shellcode-development-part1/
• :: Analysis of the DoublePulsar SMB backdoor https://web.archive.org/web/20240628025230/https://zerosum0x0.blogspot.com/2017/04/doublepulsar-initial-smb-backdoor-ring.html
• :: Tutorial on shellcode injection techniques https://web.archive.org/web/20240628025230/https://zerosum0x0.blogspot.com/2017/04/doublepulsar-initial-smb-backdoor-ring.html
• :: HITB2016AMS presentation on kernel exploit hunting https://web.archive.org/web/20200830052506/https://www.youtube.com/watch?v=nvI6w8aW-4Q&gl=US&hl=en
• :: Ilja van Sprundel's talk on Windows driver attack surfaces https://web.archive.org/web/20220318065226/https://www.youtube.com/watch?v=qk-OI8Z-1To
• :: REcon 2015 presentation on font exploitation https://web.archive.org/web/20221220204348/https://www.youtube.com/watch?v=uvy5BF1Nlio
• :: Detailed walkthrough of a Windows 10 PagedPool vulnerability https://web.archive.org/web/20240314064102/https://j00ru.vexillium.org/2018/07/exploiting-a-windows-10-pagedpool-off-by-one/
• :: LSE Week 2016 presentation on Windows kernel exploitation https://web.archive.org/web/20200830023723/https://www.youtube.com/watch?v=f8hTwFpRphU&gl=US&hl=en
• :: Two-part tutorial series on CAPCOM.SYS exploitation https://web.archive.org/web/20240124130626/https://www.youtube.com/watch?v=pJZjWXxUEl4
• :: In-depth guide to practical Windows kernel exploitation https://web.archive.org/web/20210525001326/https://www.youtube.com/watch?v=hUCmV7uT29I
• :: Presentation on reverse engineering and bug hunting in KMDF drivers https://web.archive.org/web/20230605131831/https://www.youtube.com/watch?v=puNkbSTQtXY
• :: Historical overview of binary exploit mitigation techniques https://vimeo.com/379935124
• :: Morten Schenk's talk on advanced Windows 10 kernel exploitation https://www.youtube.com/watch?v=Gu_5kkErQ6Y
• :: REcon 2015 presentation on reverse engineering Windows AFD.sys https://web.archive.org/web/20220910152758/https://www.youtube.com/watch?v=Gu_5kkErQ6Y&ab_channel=DEFCONConference
• :: Analysis of Windows kernel graphics driver attack surface https://web.archive.org/web/20240227203704/https://www.youtube.com/watch?v=uzPTyXQ1Oys
• :: TOCTTOU vulnerabilities in Windows kernel font scaler https://web.archive.org/web/20220816032001/https://www.youtube.com/watch?v=61K3kqTRbzU
• :: Black Hat USA 2013 talk on exploiting Windows kernel font scaler https://www.youtube.com/watch?v=efgoislKd8Q
• :: Comprehensive whitepaper on kernel exploit hunting and mitigation https://archive.conference.hitb.org/hitbsecconf2016ams/wp-content/uploads/2015/11/Broderick-Aquilino-and-Wayne-Low-Kernel-Exploit-Hunting-and-Mitigation.pdf
• :: Resource hub for various Windows kernel exploitation techniques https://www.greyhathacker.net/
• :: Detailed analysis of the BlueKeep vulnerability (CVE-2019-0708) https://web.archive.org/web/20240315214615/https://malwaretech.com/2019/09/bluekeep-a-journey-from-dos-to-rce-cve-2019-0708.html
• :: Writeup on exploiting S