Offsec Notes — Sources
Provenance pages for the Offensive Security Notes ingest. The source wiki distinguishes already-distilled material (under sources/ingested/) from pending raw references at the root of sources/. The catalogued group is largely Maldev Academy course material (third-party, not republished) — these pages carry titles + excerpts only, with full text remaining in the raw store.
Total catalogued: 83 files (integrated: 36, catalogued: 47)
Integrated (36)
| Source | File |
|---|---|
| Abusing Windows Built in VPN Providers | Abusing Windows Built-in VPN Providers.md |
| Accelerating Offensive R&D with LLMs | Accelerating Offensive R&D with LLMs.md |
| AirSnitch: Demystifying and Breaking | AirSnitch - Demystifying and Breaking.md |
| AppLocker Rules Abuse | AppLocker Rules Abuse.md |
| Async BOFs Wake Me Up, Before You Go Go | Async BOFs - _Wake Me Up, Before You Go Go_.md |
| Attacking JWT using X509 Certificates | Attacking JWT using X509 Certificates.md |
| Bind Link – EDR Tampering | Bind Link – EDR Tampering.md |
| BOF Linting for Accelerated Development | BOF Linting for Accelerated Development.md |
| Command Line Underdog WMIC in Action | Command Line Underdog_ WMIC in Action.md |
| Common Mobile Device Threat Vectors | Common Mobile Device Threat Vectors.md |
| Credential Guard | Credential Guard.md |
| CVE 2025 1729 Privilege Escalation Using TPQMAssistant.exe | CVE-2025-1729 - Privilege Escalation Using TPQMAssistant.exe.md |
| Detecting Active Directory Password Spraying with a Honeypot Account | Detecting Active Directory Password-Spraying with a Honeypot Account.md |
| Dragging Secrets Out of Chrome NTLM Hash Leaks via File URLs | Dragging Secrets Out of Chrome_ NTLM Hash Leaks via File URLs.md |
| EDR Silencing | EDR Silencing.md |
| GAC Hijacking | GAC Hijacking.md |
| Hack cessibility When DLL Hijacks Meet Windows Helpers | Hack-cessibility_ When DLL Hijacks Meet Windows Helpers.md |
| Helpful Hints for Writing (and Editing) Cybersecurity Reports | Helpful Hints for Writing (and Editing) Cybersecurity Reports.md |
| Hunting Deserialization Vulnerabilities With Claude | Hunting Deserialization Vulnerabilities With Claude.md |
| Keys to JWT Assessments From a Cheat Sheet to a Deep Dive | Keys to JWT Assessments - From a Cheat Sheet to a Deep Dive.md |
| Kubernetes for Pentesters Part 1 | Kubernetes for Pentesters_ Part 1.md |
| Linux Process Injection via Seccomp Notify | Linux Process Injection via Seccomp Notify.md |
| LnkMeMaybe A Review of CVE 2026 25185 | LnkMeMaybe - A Review of CVE-2026-25185.md |
| LSASS Dump – Windows Error Reporting | LSASS Dump – Windows Error Reporting.md |
| macOS JIT Memory | macOS JIT Memory.md |
| MCP An Introduction to Agentic Op Support | MCP_ An Introduction to Agentic Op Support.md |
| Microsoft Speech | Microsoft Speech.md |
| Notepad++ Plugins Plug and Payload | Notepad++ Plugins_ Plug and Payload.md |
| Operating Inside the Interpreted Offensive Python | Operating Inside the Interpreted_ Offensive Python.md |
| PatchGuard Peekaboo Hiding Processes on Systems with PatchGuard in 2026 | PatchGuard Peekaboo_ Hiding Processes on Systems with PatchGuard in 2026.md |
| Purpling Your Ops | Purpling Your Ops.md |
| Red Team Gold Extracting Credentials from MDT Shares | Red Team Gold_ Extracting Credentials from MDT Shares.md |
| There’s More than One Way to Trigger a Windows Service | There's More than One Way to Trigger a Windows Service.md |
| Toast Notifications | Toast Notifications.md |
| Training Specialist Models | Training Specialist Models.md |
| WSUS Is SUS NTLM Relay Attacks in Plain Sight | WSUS Is SUS_ NTLM Relay Attacks in Plain Sight.md |
Catalogued (47)
| Source | File |
|---|---|
| APC Injection | APC Injection.md |
| Callback Code Execution | Callback Code Execution.md |
| Coding Basics | Coding Basics.md |
| Detection Mechanisms | Detection Mechanisms.md |
| Dynamic Link Library | Dynamic-Link Library.md |
| Early Bird APC Injection | Early Bird APC Injection.md |
| Evading Microsoft Defender Static Analysis | Evading Microsoft Defender Static Analysis.md |
| Introduction To Payload Encryption | Introduction To Payload Encryption.md |
| Introduction To The Windows API | Introduction To The Windows API.md |
| Local Function Stomping Injection | Local Function Stomping Injection.md |
| Local Mapping Injection | Local Mapping Injection.md |
| Local Payload Execution | Local Payload Execution.md |
| Local Payload Execution (1) | Local Payload Execution (1).md |
| Maldev Academy Tool | Maldev Academy Tool.md |
| Maldev Academy Tool (1) | Maldev Academy Tool (1).md |
| Malware Binary Signing | Malware Binary Signing.md |
| Payload Encryption | Payload Encryption.md |
| Payload Encryption AES Encryption | Payload Encryption - AES Encryption.md |
| Payload Encryption (1) | Payload Encryption (1).md |
| Payload Execution Control | Payload Execution Control.md |
| Payload Obfuscation | Payload Obfuscation.md |
| Payload Obfuscation (1) | Payload Obfuscation (1).md |
| Payload Obfuscation (2) | Payload Obfuscation (2).md |
| Payload Placement .data & .rdata Sections | Payload Placement - .data & .rdata Sections.md |
| Payload Placement .rsrc Section | Payload Placement - .rsrc Section.md |
| Payload Placement .text Section | Payload Placement - .text Section.md |
| Payload Staging Web Server | Payload Staging - Web Server.md |
| Payload Staging Windows Registry | Payload Staging - Windows Registry.md |
| Portable Executable Format | Portable Executable Format.md |
| Process Argument Spoofing (1) | Process Argument Spoofing (1).md |
| Process Argument Spoofing (2) | Process Argument Spoofing (2).md |
| Process Enumeration | Process Enumeration.md |
| Process Enumeration (1) | Process Enumeration (1).md |
| Process Injection DLL Injection | Process Injection - DLL Injection.md |
| Process Injection Shellcode Injection | Process Injection - Shellcode Injection.md |
| Remote Function Stomping Injection | Remote Function Stomping Injection.md |
| Remote Mapping Injection | Remote Mapping Injection.md |
| Required Tools | Required Tools.md |
| Spoofing PPID | Spoofing PPID.md |
| Thread Hijacking Local Thread Creation | Thread Hijacking - Local Thread Creation.md |
| Thread Hijacking Local Thread Enumeration | Thread Hijacking - Local Thread Enumeration.md |
| Thread Hijacking Remote Thread Creation | Thread Hijacking - Remote Thread Creation.md |
| Thread Hijacking Remote Thread Enumeration | Thread Hijacking - Remote Thread Enumeration.md |
| Undocumented Structures | Undocumented Structures.md |
| Windows Architecture | Windows Architecture.md |
| Windows Memory Management | Windows Memory Management.md |
| Windows Processes | Windows Processes.md |