In the Open

Crypto

Openssl

rsa

Enumeration

Containers

Docs

Snmp

Network_scanners

Windows

Exfiltration

Dns

dns

Linux

Windows

Exploit

CPUs

meltdown

Binaries

aslr

Buffer_overflow

Docs

ropping

Canary_bypass

canary_bypass

Format_string

format_string

Integral_promotion

integral_promotion

Dns

zone_transfer

Hashes

collision

Imagemagick

imagetragick

Java

OGNL

cve_2022_26134

Level3_hypervisor

Docker_sec

docker

Linux

capabilities

Dirty_pipe

dirty_pipe

Pkexec

CVE_2021_4034

Sudo

wildard_exploitation

MacOS

Network

mac_spoofing

Padding

padbuster

Python

Samba

smbmap

Sqli

Ssl_tls

heartbleed

Web

Bypass_rate_limiting

bypass_rate_limiting

command_injection

Content_security_policy

content_security_policy

cookie_tampering
csrf

Forced_browsing

forced_browsing

http_header_injection

Idor

idor

Javascript

Jwt

jwt

local_file_inclusion
methodology

Nodejs

deserialization

Php

re_registration
remote_file_inclusion

Ssrf

Ssti

ssti

Xxe

Windows

Dll_hijacking

dll_hijacking

Docs

Macros

macros

Payloads

windows_scripting_host

Print_nightmare

CVE-2021-1675

Nightmare-dll

print_nightmare

Process_injection

Service_escalation

service_escalation

Zero_logon

zero_logon

Yaml

deserialization

Forensics

Hashes

Bruteforce

Password_cracking

Password_guessing

standard_passwords

Misc

Active_directory

Printer_hacking

preta

Telecommunications

_sipvicious

.github

ISSUE_TEMPLATE

Sipvicious

sip_vicious

Threat_intelligence

Wifi

airmon-ng

Osint

recon_ng

Social_engineering

spiderfoot
theharvester

Persistence

Post exploitation

Seatbelt

.github

ISSUE_TEMPLATE

CHANGELOG

Seatbelt

Commands

Windows

EventLogs

Output

Bc_security

Docs

Windows

pivoting

Priv_esc

Docs

linux_priv_esc
pspy

Windows

Kernel-exploits

Privesc-scripts

Docs

get_script_onto_target

Suid

Reverse engineering

Android

misc

Docs

Java

krakatau

Reverse shells

Docs

firewalls

Windows

Stego

Docs

amd64 instructions
- Values
- Move
- Arithmetic
- Conditionals
- Address Handling
- Zero Handling in Registers
- Jumps
- Flags
  - Status
- Calling Conventions
- cdecl
- fastcall

amd64 instructions

; starts a comment

Values

Immediate, numbers
register, existing registers
memory, memory addresses

Move

MOV, from source to destination
LEA, loads memory address and stores it in the destination. Address can have an offset. Does not dereference [var] or [var+x]
PUSH & POP, put & delete registers to/from stack.

Arithmetic

INC, increment
DEC, decrement
ADD
SUB, substracts source from dest and stores in dest
MUL & IMUL, result may be stored in upper and lower halfs (rdx:rax)
DIV & IDIV, rax is divided by rbx and may be stored in two halfs as well

Conditionals

RET, return value to the caller
CMP, compare two values and sets flag. Next instruction is a jump condition to a line number. Works as follows
- JE, JEZ, JLE ... followed by linenumber
NOP, \x90
CALL a function

Address Handling

[var], memory address of var.
- If var contains an address then after mov [var], 42 var points to the value 42. [ dereference.

Zero Handling in Registers

Move to eax will result in zeroing the upper 32 bit of an rax register, move to ax, ah, al will not.
MOVZX zeros anything but the value moved to the register inside of it.

Jumps

For signed value comparison
- JL/JNGE (SF <> OF) ; Jump if less/not greater or equal
- JGE/JNL (SF = OF) ; Jump if greater or equal/not less
- JLE/JNG (ZF = 1 or SF <> OF); Jump if less or equal/not greater
- JG/JNLE (ZF = 0 and SF = OF); Jump if greater/not less or equal
For unsigned value comparison
- JB/JNAE (CF = 1) ; Jump if below/not above or equal
- JAE/JNB (CF = 0) ; Jump if above or equal/not below
- JBE/JNA (CF = 1 or ZF = 1) ; Jump if below or equal/not above
- JA/JNBE (CF = 0 and ZF = 0); Jump if above/not below or equal

Flags

eflags 32bit
rflags 64bit

Status

Zero Flag (ZF), 1 if the result of the comparison is equal.
Carry Flag (CF), a 1 is stored if a carry is needed after a calculation.
Overflow Flag (OF), register overflow is 1
Sign Flag (SF), 1 if result is negative.
Adjust/Auxiliary Flag (AF), carry flag for BCD.
Parity Flag (PF), 1 if the last 8 bits are even.
Trap Flag (TF)

Calling Conventions

cdecl

fastcall

First four are passed left to right
int -> RCX, RDX, R8, R9
float -> XMM0, XMM1, XMM2, XMM3
Rest is right to left
Basepointer is saved by the caller
Return values is passes via rax or xmm0
Caller allocates space for at least four values, so 32 bytes are reserved. $rsp to $rsp+0x18
Volatile registers are rax, rcx, r8, r9, r10, r11, xmm0, xmm1, xmm2, xmm3, xmm4, xmm5. These are destroyed after function call.
Nonvolatile registers are rbx, rbp, rdi, rsi, rsp, r12, r13, r14, r15, xmm6-15 ares saved and restored after function call.