Some resources, links, books, and papers related to mostly Windows Internals and anything Windows kernel related. Mostly talks and videos that I enjoyed watching.
- https://www.youtube.com/watch?v=ewNo_poX7bA&list=PLF58FB7BCB20ED11A (11 part playlist) Rootkits: What they are, and how to find them
- https://www.youtube.com/watch?v=pHyWyH804xE - Hooking Nirvana (Alex Ionescu)
- https://www.youtube.com/watch?v=dpG97TBR3Ys - Alex Ionescu - Advancing the State of UEFI Bootkits
- https://www.lastline.com/labsblog/dissecting-turla-rootkit-malware-using-dynamic-analysis/
- https://j00ru.vexillium.org/2010/06/insight-into-the-driver-signature-enforcement/
- http://www.sekoia.fr/blog/windows-driver-signing-bypass-by-derusbi/
- https://youtu.be/qVIxFfXpyNc - BlueHat v18 || Return of the kernel rootkit malware (on windows 10)
- https://www.youtube.com/watch?v=TgMsMwsfoQ0 - Numchecker: A System Approach for Kernel Rootkit Detection
- https://www.youtube.com/watch?v=7AEMxaZhdLU - DEF CON 26 - Ring 0 Ring 2 Rootkits Bypassing Defenses
- https://www.youtube.com/watch?v=99Znv6tgYS0 - Black Hat Windows 2001 - Kernel Mode Rootkits
- https://www.youtube.com/watch?v=1Ie20b5IGgY&t=2087s - Black Hat Windows 2004 - DKOM (Direct Kernel Object Manipulation)
- https://www.youtube.com/watch?v=QuFJpH3My7A - WinDbg Basics for Malware Analysis
- https://www.youtube.com/watch?v=2rGS5fYGtJ4 - Windows Debugging and Troubleshooting
- https://www.youtube.com/watch?v=8sVZsxoCpSc - CNIT 126 10: Kernel Debugging with WinDbg
- https://www.youtube.com/watch?v=s5gOW-N9AAo - Windows Kernel Debugging Part I
- https://www.youtube.com/watch?v=BBJgKuXzfwc - Kernel Mode Threats and Practical Defenses
- https://www.youtube.com/watch?v=ZDHHGZlEfsQ - Selling 0-Days to Governments and Offensive Security Companies
- https://www.youtube.com/watch?v=yJHyHU5UjTg - Unveiling the Underground World of Anti-Cheats
- https://www.youtube.com/watch?v=77-jaeUKH7c - Vulnerability Exploitation In Docker Container Environments
- https://www.youtube.com/watch?v=Y-G2WJ2cBKE - Modern Exploitation of the SVGA Device for Guest-to-Host Escapes
- https://www.youtube.com/watch?v=i29bAx6W1uI - REcon 2014 - Breaking Out of VirtualBox through 3D Acceleration
- https://www.youtube.com/watch?v=EkGDSqpfzgg
- https://blog.quarkslab.com/reverse-engineering-the-win32k-type-isolation-mitigation.html
- https://www.nccgroup.trust/globalassets/our-research/uk/blog-post/2015-07-07_-_exploiting_cve_2015_0057.pdf
- https://www.youtube.com/watch?v=LvW68czaEGs- Windows Offender Reverse Engineering Windows Defender's Antivirus Emulator
- https://www.youtube.com/watch?v=gCu2GQd0GSE - Windows 10 Mitigation Improvements (really good talk)
- https://www.youtube.com/watch?v=v149T7p4XLA - Overview of Windows 10 Requirements for TPM, HVCI and SecureBoot
- https://www.youtube.com/watch?v=a0AB76YNMlQ - Examining the Guardians of Windows 10 Security - Chuanda Ding
- https://www.youtube.com/watch?v=_646Gmr_uo0 - Analysis of the Attack Surface of Windows 10 Virtualization-Based Security
- https://www.youtube.com/watch?v=2bK_rC81_Eo - A Dive in to Hyper-V Architecture & Vulnerabilities
- https://www.youtube.com/watch?v=PTnuwchEci0&t=1225s - the last kaslr leak
- https://www.youtube.com/watch?v=5HbmpPBKVFg&t=409s - REcon 2013 - I got 99 problems but a kernel pointer ain't one
- https://www.youtube.com/watch?v=RGn-knmXf_Y - REcon 2013 - Inside EMET 4 0
- https://www.youtube.com/watch?v=puNkbSTQtXY - Reverse Engineering and Bug Hunting on KMDF Drivers
- https://vimeo.com/379935124 - Morten Schenk - Binary Exploit Mitigation and Bypass History ( not just kernel )
- https://www.youtube.com/watch?v=Gu_5kkErQ6Y - Morten Schenk - Taking Windows 10 Kernel Exploitation to the next level
- https://www.youtube.com/watch?v=2sPNUpfTJ5A - REcon 2015 - Reverse Engineering Windows AFD.sys
- https://www.youtube.com/watch?v=uzPTyXQ1Oys - Windows Kernel Graphics Driver Attack Surface
- https://www.youtube.com/watch?v=61K3kqTRbzU - Understanding TOCTTOU in the Windows Kernel Font Scaler Engine
- https://www.youtube.com/watch?v=efgoislKd8Q - Black Hat USA 2013 - Smashing The Font Scaler Engine in Windows Kernel
- https://youtu.be/XUlbYRFFYf0 - Windows Kernel Programming (14 part playlist)
- https://youtu.be/T5VtaP-wtkk - Windows Driver Development (19 part playlist)
- https://www.youtube.com/watch?v=AsSMKL5vaXw - Developing Kernel Drivers with Modern C++ - Pavel Yosifovich
- https://www.youtube.com/watch?v=vz15OqiYYXo - Windows Internals
- https://www.youtube.com/watch?v=hetZx78SQ_A - Windows 10 Segment Heap Internals
- https://www.youtube.com/watch?v=aRZ5Wi-NWXs - Windows Kernel Vulnerability Research and Exploitation - Gilad Bakas
- https://youtu.be/ffYiIUOUAUs - NIC 5th Anniversary - Windows 10 internals
- https://www.youtube.com/watch?v=aRZ5Wi-NWXs - Windows Kernel Vulnerability Research and Exploitation
- https://www.youtube.com/watch?v=-BkjkimINC8 - Bugs on the Windshield: Fuzzing the Windows Kernel
- https://www.youtube.com/watch?v=wnNyPcerjJo - Windows Kernel Fuzzing for Intermediate Learners
- https://www.youtube.com/watch?v=FY-33TUKlqY - Windows Kernel Fuzzing For Beginners - Ben Nagy
- https://www.youtube.com/watch?v=mpXQvto4Vy4 - Disobey 2018 - Building Windows Kernel fuzzer
- https://www.youtube.com/watch?v=9FPuKfwucsw - For The Win: The Art Of The Windows Kernel Fuzzing
- https://www.youtube.com/watch?v=x4LPhwbTs9E - RECON 2019 - Vectorized Emulation Putting it all together
- Windows Internals, Part 1 (Pavel Yosifovich, and some others)
- Windows 10 System Programming, Part 1 (Pavel Yosifovich)
- Windows 10 System Programming, Part 2 (Pavel Yosifovich)
- Windows Kernel Programming (Pavel Yosifovich)
- Rootkits: Subverting the Windows Kernel
- The Rootkit Arsenal
- Intel® 64 and IA-32 Architectures Software Developer Manuals