วีดีโอ

great video, you conviced me to purchase one of trainsec courses

awesome, thanks !!👏👏👏

you need to set primary screen to have dialogs pop up into video..

Please can you make video about windbg I couldn't find any resources that is easy I need you to cover both kernel and user debugger

@zodiacon can you make an video about running an Service DLL in Svchost?

sir, what is your Visual Studio theme and font name?

Does this technique work if the injector app is 64bit but target process and dll are 32bit? Or do i need to use a proxy 32bit process?

Thank you! I followed the same instructions to configure symbols for Process Monitor and it worked too :)

Great explanation! That really helped me a lot to understand and a land the lectures I've been reading about COM.

my man pavel got me and my homie a xmas gift windows programming part 1 and 2 with the kernel programming for after best 100 dollars i spent this whole year

Amazing :) regards from Peru south America :)

Yet another amazing video.

But you don't use Api CreateProcessWithTokenW....

As always you are amazing ❤❤❤❤❤

does explorer do animated icons yet? on hover?

Hi pavel, i wanted to thank you for making these amazing videos about these interesting things (the shell internals always got me interested but i couldn't find a lot of information about it). By the way i just got your kernel programming book :)

Very glad you make videos on various topics. It is really magnificent discovering many different topics you cover, and they are always interesting and well explained.

Hello sir can u please make a video on getting the user logon events using etw provider I have tried it but using the provider Microsoft-Windows-Security-Auditing I can't able to get any event using this provider

<3

Lets say i want to do all of this on sn Android app emulated on my pc Is this possible?

Great stuff as always Pavel! Thank you for the content.

great video!

12:30 I’m looking forward to the video about the missing crucial pieces

hi pavel, thanks for sharing great contents for free, it would be so nice to make a video about registry programmingm , like services you did, thanks :)

I'm new to this. My observation is that when you create shared memory where 8 processes can write *in their own segment*, and then after some time close the view for these 7 processes and try to read with the remaining process what the others have written, about 2% of the writes seem to have failed: there is nothing there but zeros. The result is not always the same, and waiting a few seconds before starting the read helps somewhat. I stress the system a bit during the writes (CPU 80%, 50% of it disk I/O) and I see disk-i/o still going on after the writes stop, but more than 10 seconds waiting does not help. As I mentioned, the writes do not overlap in memory, and reading starts after the writes. I'm baffled.

Greate Work !

BrainFuck fr

Wow. I have never seen so much information on anything. 👍

I might have found a peak channel

int main(int argc, const char* argv[]) { if (argc < 3) { printf("Usage: CloseHandle <pid> <handle> "); return 0; } int pid = strtol(argv[1], nullptr, 0); HANDLE handle = (HANDLE)(ULONG_PTR)strtol(argv[2], nullptr, 0); HANDLE hProcess = OpenProcess(PROCESS_DUP_HANDLE, FALSE, pid); if (!hProcess) { printf("Error opening process (%u) ", GetLastError()); return 1; } HANDLE hTarget; if (DuplicateHandle(hProcess, handle, GetCurrentProcess(), &hTarget, 0, FALSE, DUPLICATE_CLOSE_SOURCE)) { CloseHandle(hTarget); printf("Success! "); } else { printf("Error duplicating handle (%u) ", GetLastError()); } CloseHandle(hProcess); return 0; }

@Pavel What is the significance of setting completion key? you are not checking it anywhere anyways.

PAVEL my man!!!! if you will tell mark i said what up 🙂

Thanks so much Pavel, appreciate all of your work heaps mate, always a pleasure to be able to leave a thumbs up and a comment 😊

Going to write the coordinates to my buried treasure in a stream on "monthly_budget_oct24_revised_v2.pdf"

As you demonstrated int the source code, an stream could be opened by using plain old Win32 name and the classic file opening functions. Guess what program uses these two: notepad.exe! So you can launch notepad from command line, giving it the stream name. Now you have Windows built-in tool to both view and edit alternate data streams.

As you demonstrated int the source code, an stream could be opened by using plain old Win32 name and the classic file opening functions. Guess what program uses these two: notepad.exe! So you can launch notepad from command line, giving it the stream name. Now you have Windows built-in tool to both view and edit alternate data streams.

appreciate the uploads!

Yaaaaay ADS!! Hope you are well Pavel!

You explaining very fast and most of code i did not know what you did

connection is established between the two programs but i get an error code 10057(lost connection) from the local program. in tcpview it shows that the connection is established i tried downloading the reverse shell on my laptop and i connected the laptop to my LAN but i get an error from the send function 10051

Great video Pavel! Very enlightening!

Hi, thanks for such a great explanation. I have a question: When I run notepad, the corresponding message box will always appear?

Regarding shellcode injection using APC, I successfully execute the shellcode in the remote process, but afterward, the target process forcibly terminates. Do you know how to resolve this issue?

I love thee videos label!!!

MY MAN PAVEL RPC IS MY FAVORITE I LOVE THE RPCRT SUNRPC aka ONC portmappers stubs marshalls the whole deal!!!

This channel is definitely not for newbies this content the author provides is really unique on yt.