updating tables

OpenInternet · Mar 20, 2017 · d52a216 · d52a216
1 parent 57a0928
commit d52a216
Show file tree

Hide file tree

Showing 2 changed files with 100 additions and 80 deletions.
diff --git a/idacheatsheet.html b/idacheatsheet.html
@@ -14,86 +14,86 @@ <h1>IDAPro</br>Cheat Sheet</h1>
 <table>
 <caption style="text-align: left;"><h3>Navigation<h3></caption>
 <tr><td>Jump to operand</td><td>Enter</td></tr>
-<tr><td>Jump in new window</td><td>Alt+Enter</td></tr>
+<tr><td>Jump in new window</td><td><img src="https://securedorg.github.io/images/Alt-50.png" alt="Alt">+<img src="https://securedorg.github.io/images/Enter-50.png" alt="Enter"></td></tr>
 <tr><td>Jump to previous position</td><td>Esc</td></tr>
-<tr><td>Jump to Next position</td><td>Ctrl+Enter</td></tr>
+<tr><td>Jump to Next position</td><td><img src="https://securedorg.github.io/images/Ctrl-50.png" alt="Ctrl">+<img src="https://securedorg.github.io/images/Enter-50.png" alt="Enter"></td></tr>
 <tr><td>Jump to address</td><td>G</td></tr>
-<tr><td>Jump by name</td><td>Ctrl+L</td></tr>
-<tr><td>Jump to function</td><td>Ctrl+P</td></tr>
-<tr><td>Jump to segment</td><td>Ctrl+S</td></tr>
-<tr><td>Jump to segment register</td><td>Ctrl+G</td></tr>
-<tr><td>Jump to problem</td><td>Ctrl+Q</td></tr>
-<tr><td>Jump to cross reference</td><td>Ctrl+X</td></tr>
+<tr><td>Jump by name</td><td><img src="https://securedorg.github.io/images/Ctrl-50.png" alt="Ctrl">+L</td></tr>
+<tr><td>Jump to function</td><td><img src="https://securedorg.github.io/images/Ctrl-50.png" alt="Ctrl">+P</td></tr>
+<tr><td>Jump to segment</td><td><img src="https://securedorg.github.io/images/Ctrl-50.png" alt="Ctrl">+S</td></tr>
+<tr><td>Jump to segment register</td><td><img src="https://securedorg.github.io/images/Ctrl-50.png" alt="Ctrl">+G</td></tr>
+<tr><td>Jump to problem</td><td><img src="https://securedorg.github.io/images/Ctrl-50.png" alt="Ctrl">+Q</td></tr>
+<tr><td>Jump to cross reference</td><td><img src="https://securedorg.github.io/images/Ctrl-50.png" alt="Ctrl">+X</td></tr>
 <tr><td>Jump to xref to operand</td><td> X</td></tr>
-<tr><td>Jump to entry point</td><td>Ctrl+E</td></tr>
-<tr><td>Mark Position</td><td>Alt+M</td></tr>
+<tr><td>Jump to entry point</td><td><img src="https://securedorg.github.io/images/Ctrl-50.png" alt="Ctrl">+E</td></tr>
+<tr><td>Mark Position</td><td><img src="https://securedorg.github.io/images/Alt-50.png" alt="Alt">+M</td></tr>
 </table>
 <table>
 <caption style="text-align: left;"><h3>Search</h3></caption>
-<tr><td>Next code</td><td>Alt+C</td></tr>
-<tr><td>Next data</td><td>Ctrl+D</td></tr>
-<tr><td>Next explored</td><td>Ctrl+A</td></tr>
-<tr><td>Next unexplored</td><td>Ctrl+U</td></tr>
-<tr><td>Immediate value</td><td>Alt+I</td></tr>
-<tr><td>Next immediate value</td><td>Ctrl+I</td></tr>
-<tr><td>Text</td><td>Alt+T</td></tr>
-<tr><td>Next text</td><td>Ctrl+T</td></tr>
-<tr><td>Sequence of bytes</td><td>Alt+B</td></tr>
-<tr><td>Next sequence of bytes</td><td>Ctrl+B</td></tr>
-<tr><td>Not function</td><td>Alt+U</td></tr>
+<tr><td>Next code</td><td><img src="https://securedorg.github.io/images/Alt-50.png" alt="Alt">+C</td></tr>
+<tr><td>Next data</td><td><img src="https://securedorg.github.io/images/Ctrl-50.png" alt="Ctrl">+D</td></tr>
+<tr><td>Next explored</td><td><img src="https://securedorg.github.io/images/Ctrl-50.png" alt="Ctrl">+A</td></tr>
+<tr><td>Next unexplored</td><td><img src="https://securedorg.github.io/images/Ctrl-50.png" alt="Ctrl">+U</td></tr>
+<tr><td>Immediate value</td><td><img src="https://securedorg.github.io/images/Alt-50.png" alt="Alt">+I</td></tr>
+<tr><td>Next immediate value</td><td><img src="https://securedorg.github.io/images/Ctrl-50.png" alt="Ctrl">+I</td></tr>
+<tr><td>Text</td><td><img src="https://securedorg.github.io/images/Alt-50.png" alt="Alt">+T</td></tr>
+<tr><td>Next text</td><td><img src="https://securedorg.github.io/images/Ctrl-50.png" alt="Ctrl">+T</td></tr>
+<tr><td>Sequence of bytes</td><td><img src="https://securedorg.github.io/images/Alt-50.png" alt="Alt">+B</td></tr>
+<tr><td>Next sequence of bytes</td><td><img src="https://securedorg.github.io/images/Ctrl-50.png" alt="Ctrl">+B</td></tr>
+<tr><td>Not function</td><td><img src="https://securedorg.github.io/images/Alt-50.png" alt="Alt">+U</td></tr>
 </table>
 <table>
 <caption style="text-align: left;"><h3>Graphing</h3></caption>
 <tr><td>Flow chart</td><td>F12</td></tr>
-<tr><td>Function calls</td><td>Ctrl+F12</td></tr>
+<tr><td>Function calls</td><td><img src="https://securedorg.github.io/images/Ctrl-50.png" alt="Ctrl">+F12</td></tr>
 </table>
 <table>
 <caption style="text-align: left;"><h3>Comments</h3></caption>
-<tr><td>Enter comment</td><td>Shift+; </td></tr>
+<tr><td>Enter comment</td><td><img src="https://securedorg.github.io/images/Shift-50.png" alt="Shift">+; </td></tr>
 <tr><td>Enter repeatable comment</td><td>; </td></tr>
 <tr><td>Enter anterior lines</td><td>Ins </td></tr>
-<tr><td>Enter posterior lines</td><td>Shift+Ins </td></tr>
-<tr><td>Insert predefined comment</td><td>Shift+F1</td></tr>
+<tr><td>Enter posterior lines</td><td><img src="https://securedorg.github.io/images/Shift-50.png" alt="Shift">+Ins </td></tr>
+<tr><td>Insert predefined comment</td><td><img src="https://securedorg.github.io/images/Shift-50.png" alt="Shift">+F1</td></tr>
 </table>
 <table>
 <caption style="text-align: left;"><h3>Data Format Options</h3></caption>
-<tr><td>ASCII strings style</td><td>Alt+A</td></tr>
-<tr><td>Setup data types</td><td>Alt+D</td></tr>
+<tr><td>ASCII strings style</td><td><img src="https://securedorg.github.io/images/Alt-50.png" alt="Alt">+A</td></tr>
+<tr><td>Setup data types</td><td><img src="https://securedorg.github.io/images/Alt-50.png" alt="Alt">+D</td></tr>
 </table>
 </td>
 <td>
 <table>
 <caption style="text-align: left;"><h3>Open Subviews</h3></caption>
-<tr><td>Names</td><td>Shift+F4</td></tr>
-<tr><td>Functions</td><td>Shift+F3</td></tr>
-<tr><td>Strings</td><td>Shift+F12</td></tr>
-<tr><td>Segments</td><td>Shift+F7</td></tr>
-<tr><td>Segment registers</td><td>Shift+F8</td></tr>
-<tr><td>Signatures</td><td>Shift+F5</td></tr>
-<tr><td>Type libraries</td><td>Shift+F11</td></tr>
-<tr><td>Structures</td><td>Shift+F9</td></tr>
-<tr><td>Enumerations</td><td>Shift+F10</td></tr>
+<tr><td>Names</td><td><img src="https://securedorg.github.io/images/Shift-50.png" alt="Shift">+F4</td></tr>
+<tr><td>Functions</td><td><img src="https://securedorg.github.io/images/Shift-50.png" alt="Shift">+F3</td></tr>
+<tr><td>Strings</td><td><img src="https://securedorg.github.io/images/Shift-50.png" alt="Shift">+F12</td></tr>
+<tr><td>Segments</td><td><img src="https://securedorg.github.io/images/Shift-50.png" alt="Shift">+F7</td></tr>
+<tr><td>Segment registers</td><td><img src="https://securedorg.github.io/images/Shift-50.png" alt="Shift">+F8</td></tr>
+<tr><td>Signatures</td><td><img src="https://securedorg.github.io/images/Shift-50.png" alt="Shift">+F5</td></tr>
+<tr><td>Type libraries</td><td><img src="https://securedorg.github.io/images/Shift-50.png" alt="Shift">+F11</td></tr>
+<tr><td>Structures</td><td><img src="https://securedorg.github.io/images/Shift-50.png" alt="Shift">+F9</td></tr>
+<tr><td>Enumerations</td><td><img src="https://securedorg.github.io/images/Shift-50.png" alt="Shift">+F10</td></tr>
 </table>
 
 
 
 <table>
 <caption style="text-align: left;"><h3>File Operations</h3></caption>
-<tr><td>Parse C header file</td><td>Ctrl+F9</td></tr>
-<tr><td>Create ASM file</td><td>Alt+F10</td></tr>
-<tr><td>Save database</td><td>Ctrl+W</td></tr>
+<tr><td>Parse C header file</td><td><img src="https://securedorg.github.io/images/Ctrl-50.png" alt="Ctrl">+F9</td></tr>
+<tr><td>Create ASM file</td><td><img src="https://securedorg.github.io/images/Alt-50.png" alt="Alt">+F10</td></tr>
+<tr><td>Save database</td><td><img src="https://securedorg.github.io/images/Ctrl-50.png" alt="Ctrl">+W</td></tr>
 </table>
 
 <table>
 <caption style="text-align: left;"><h3>Debugger</h3></caption>
 <tr><td>Star process</td><td>F9</td></tr>
-<tr><td>Terminate process</td><td>Ctrl+F2</td></tr>
+<tr><td>Terminate process</td><td><img src="https://securedorg.github.io/images/Ctrl-50.png" alt="Ctrl">+F2</td></tr>
 <tr><td>Step into</td><td>F7</td></tr>
 <tr><td>Step over</td><td>F8</td></tr>
-<tr><td>Run until return</td><td>Ctrl+F7</td></tr>
+<tr><td>Run until return</td><td><img src="https://securedorg.github.io/images/Ctrl-50.png" alt="Ctrl">+F7</td></tr>
 <tr><td>Run to cursor</td><td>F4</td></tr>
 <tr><td>Breakpoints</td></tr>
-<tr><td>Breakpoint list</td><td>Ctrl+Alt+B</td></tr>
+<tr><td>Breakpoint list</td><td><img src="https://securedorg.github.io/images/Ctrl-50.png" alt="Ctrl">+<img src="https://securedorg.github.io/images/Alt-50.png" alt="Alt">+B</td></tr>
 </table>
 
 <table>
@@ -103,29 +103,29 @@ <h1>IDAPro</br>Cheat Sheet</h1>
 
 <table>
 <caption style="text-align: left;"><h3>Tracing</caption>
-<tr><td>Stack trace</td><td>Ctrl+Alt+S</td></tr>
+<tr><td>Stack trace</td><td><img src="https://securedorg.github.io/images/Ctrl-50.png" alt="Ctrl">+<img src="https://securedorg.github.io/images/Alt-50.png" alt="Alt">+S</td></tr>
 </table>
 
 <table>
 <caption style="text-align: left;"><h3>Miscellaneous</h3></caption>
-<tr><td>Calculator</td><td>Shift+/ </td></tr>
-<tr><td>Cycle through open views</td><td>Ctrl+Tab </td></tr>
-<tr><td>Select tab</td><td>Alt + [1…N] </td></tr>
-<tr><td>Close current view</td><td>Ctrl+F4</td></tr>
-<tr><td>Exit</td><td>Alt+X </td></tr>
-<tr><td>IDC Command</td><td>Shift+F2</td></tr>
+<tr><td>Calculator</td><td><img src="https://securedorg.github.io/images/Shift-50.png" alt="Shift">+/ </td></tr>
+<tr><td>Cycle through open views</td><td><img src="https://securedorg.github.io/images/Ctrl-50.png" alt="Ctrl">+Tab </td></tr>
+<tr><td>Select tab</td><td><img src="https://securedorg.github.io/images/Alt-50.png" alt="Alt"> + [1…N] </td></tr>
+<tr><td>Close current view</td><td><img src="https://securedorg.github.io/images/Ctrl-50.png" alt="Ctrl">+F4</td></tr>
+<tr><td>Exit</td><td><img src="https://securedorg.github.io/images/Alt-50.png" alt="Alt">+X </td></tr>
+<tr><td>IDC Command</td><td><img src="https://securedorg.github.io/images/Shift-50.png" alt="Shift">+F2</td></tr>
 </table>
 
 </td>
 <td>
 <table>
 <caption style="text-align: left;"><h3>Edit (Data Types – etc)</h3></caption>
-<tr><td>Copy</td><td>Ctrl+Ins</td></tr>
-<tr><td>Begin selection</td><td>Alt+L</td></tr>
-<tr><td>Manual instruction</td><td>Alt+F2</td></tr>
+<tr><td>Copy</td><td><img src="https://securedorg.github.io/images/Ctrl-50.png" alt="Ctrl">+Ins</td></tr>
+<tr><td>Begin selection</td><td><img src="https://securedorg.github.io/images/Alt-50.png" alt="Alt">+L</td></tr>
+<tr><td>Manual instruction</td><td><img src="https://securedorg.github.io/images/Alt-50.png" alt="Alt">+F2</td></tr>
 <tr><td>Code</td><td>C</td></tr>
 <tr><td>Data</td><td>D</td></tr>
-<tr><td>Struct variable</td><td>Alt+Q</td></tr>
+<tr><td>Struct variable</td><td><img src="https://securedorg.github.io/images/Alt-50.png" alt="Alt">+Q</td></tr>
 <tr><td>ASCII string</td><td>A</td></tr>
 <tr><td>Array</td><td>Num *</td></tr>
 <tr><td>Undefine</td><td>U</td></tr>
@@ -136,44 +136,44 @@ <h1>IDAPro</br>Cheat Sheet</h1>
 <table>
 <caption style="text-align: left;"><h3>Operand Type</caption>
 <tr><td>Offset (data segment)</td><td>O</td></tr>
-<tr><td>Offset (current segment)</td><td>Ctrl+O</td></tr>
-<tr><td>Offset by (any segment)</td><td>Alt+R</td></tr>
-<tr><td>Offset (user-defined)</td><td>Ctrl+R</td></tr>
+<tr><td>Offset (current segment)</td><td><img src="https://securedorg.github.io/images/Ctrl-50.png" alt="Ctrl">+O</td></tr>
+<tr><td>Offset by (any segment)</td><td><img src="https://securedorg.github.io/images/Alt-50.png" alt="Alt">+R</td></tr>
+<tr><td>Offset (user-defined)</td><td><img src="https://securedorg.github.io/images/Ctrl-50.png" alt="Ctrl">+R</td></tr>
 <tr><td>Offset (struct)</td><td>T</td></tr>
-<tr><td>Number (default)</td><td>Shift+3</td></tr>
+<tr><td>Number (default)</td><td><img src="https://securedorg.github.io/images/Shift-50.png" alt="Shift">+3</td></tr>
 <tr><td>Hexadecimal</td><td>Q</td></tr>
 <tr><td>Decimal</td><td>H</td></tr>
 <tr><td>Binary</td><td>B</td></tr>
 <tr><td>Character</td><td>R </td></tr>
 <tr><td>Segment</td><td>S</td></tr>
 <tr><td>Enum member</td><td>M </td></tr>
 <tr><td>Stack variable</td><td>K</td></tr>
-<tr><td>Change sign</td><td>Shift+-</td></tr>
-<tr><td>Bitwise negate</td><td> Shift+`</td></tr>
-<tr><td>Manual</td><td>Alt+F1</td></tr>
+<tr><td>Change sign</td><td><img src="https://securedorg.github.io/images/Shift-50.png" alt="Shift">+-</td></tr>
+<tr><td>Bitwise negate</td><td> <img src="https://securedorg.github.io/images/Shift-50.png" alt="Shift">+`</td></tr>
+<tr><td>Manual</td><td><img src="https://securedorg.github.io/images/Alt-50.png" alt="Alt">+F1</td></tr>
 </table>
 
 <table>
 <caption style="text-align: left;"><h3>Segments</caption>
-<tr><td>Edit segment</td><td>Alt+S</td>
-<tr><td>Change segment register value</td><td>Alt+G</td></tr>
+<tr><td>Edit segment</td><td><img src="https://securedorg.github.io/images/Alt-50.png" alt="Alt">+S</td>
+<tr><td>Change segment register value</td><td><img src="https://securedorg.github.io/images/Alt-50.png" alt="Alt">+G</td></tr>
 </table>
 
 <table>
 <caption style="text-align: left;"><h3>Structs</caption>
-<tr><td>Struct var</td><td>Alt+Q</td><tr>
-<tr><td>Force zero offset field</td><td>Ctrl+Z</td></tr>
-<tr><td>Select union member</td><td>Alt+Y</td></tr>
+<tr><td>Struct var</td><td><img src="https://securedorg.github.io/images/Alt-50.png" alt="Alt">+Q</td><tr>
+<tr><td>Force zero offset field</td><td><img src="https://securedorg.github.io/images/Ctrl-50.png" alt="Ctrl">+Z</td></tr>
+<tr><td>Select union member</td><td><img src="https://securedorg.github.io/images/Alt-50.png" alt="Alt">+Y</td></tr>
 </table>
 
 
 <table>
 <caption style="text-align: left;"><h3>Functions</caption>
 <tr><td>Create function</td><td>P</td></tr>
-<tr><td>Edit function</td><td>Alt+P </td></tr>
+<tr><td>Edit function</td><td><img src="https://securedorg.github.io/images/Alt-50.png" alt="Alt">+P </td></tr>
 <tr><td>Set function end</td><td>E </td></tr>
-<tr><td>Stack variables</td><td>Ctrl+K </td></tr>
-<tr><td>Change stack pointer</td><td>Alt+K</td></tr>
+<tr><td>Stack variables</td><td><img src="https://securedorg.github.io/images/Ctrl-50.png" alt="Ctrl">+K </td></tr>
+<tr><td>Change stack pointer</td><td><img src="https://securedorg.github.io/images/Alt-50.png" alt="Alt">+K</td></tr>
 <tr><td>Rename register</td><td>V</td></tr>
 <tr><td>Set function type</td><td>Y</td></tr>
 </table>

diff --git a/malware.md b/malware.md
@@ -14,18 +14,12 @@ title: Malware Techniques
 | ![alt text](https://securedorg.github.io/images/rightarrow.png) | ![alt text](https://securedorg.github.io/images/rightarrow.png) | ![alt text](https://securedorg.github.io/images/rightarrow.png) | ![alt text](https://securedorg.github.io/images/rightarrow.png) | ![alt text](https://securedorg.github.io/images/rightarrow.png) | ![alt text](https://securedorg.github.io/images/rightarrow.png) |
 
 ## Techniques Overview ##
-* [Compression](#compression)
-* [Obfuscation](#obfuscation)
-* [Persistence](#persistence)
-* [Privilege Escalation](#privilege-escalation)
-* [Defense Evasion](#defense-evasion)
-* [Credential Theft](#credential-theft)
-* [Reconnaissance](#recon)
-* [Lateral Movement](#lateral-movement)
-* [Execution](#execution)
-* [Collection](#collection)
-* [Exfiltration](#exfiltration)
-* [Command and Control](#command-and-control)
+| [Compression](#compression) | [Obfuscation](#obfuscation) | [Persistence](#persistence) |
+| [Privilege Escalation](#privilege-escalation) | [Defense Evasion](#defense-evasion) | [Credential Theft](#credential-theft) |
+| [Reconnaissance](#recon) | [Lateral Movement](#lateral-movement) | [Execution](#execution) |
+| [Collection](#collection) | [Exfiltration](#exfiltration) | [Command and Control](#command-and-control) |
+
+---
 
 ## Compression
 
@@ -59,6 +53,8 @@ title: Malware Techniques
   * [XComp/XPack](http://soft-lab.de/JoKo)
 
   <center>[Top^](#techniques-overview)</center>
+
+---
 
 ## Obfuscation
 
@@ -70,13 +66,17 @@ title: Malware Techniques
 
 ![alt text](https://securedorg.github.io/images/CodeObfuscation.gif "CodeObfuscation")
 
+---
+
 ## Persistence 
 
 * Once malware gains access to a system, it often looks to be there for a long time. 
 * If the persistence mechanism is unique enough, it can even serve as a great way to identify a given piece of malware.
 
 ![alt text](https://securedorg.github.io/images/Persistence.png "Persistence")
 
+---
+
 ## Privilege Escalation
 
 * Exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user.
@@ -94,6 +94,9 @@ title: Malware Techniques
 Example: Dll Search Order Hijacking
 ![alt text](https://securedorg.github.io/images/DLLload.gif "Dll loading")
 
+---
+
+
 ## Defense Evasion   
 * Evading detection or avoiding defenses.
 * Common Techniques:
@@ -105,6 +108,8 @@ Example: Dll Search Order Hijacking
   * Masquerading
   * Process Hallowing
 
+---
+
 ## Credential Theft
 
 * Going after password storage
@@ -114,28 +119,43 @@ Example: Dll Search Order Hijacking
 Example: Mimikatz credential theft
 ![alt text](https://securedorg.github.io/images/mimikatzElevate.png "Mimkatz Elevating")
 
+---
+
 ## Reconnaissance   
 
 * Gain knowledge about the system and internal network.
 
+---
+
 ## Lateral Movement   
 
 * Enable an adversary to access and control remote systems on a network and could  
 
+---
+
 ## Execution
 
 * Techniques that result in execution of adversary-controlled code on a local or remote system
 * scripts
 * post-exploitation
 
+---
+
+
 ## Collection
 
 * Identify and gather information, such as sensitive files, from a target network prior to exfiltration
 
+---
+
+
 ## Exfiltration
 
 * Removing files and information
 
+---
+
+
 ## Command and Control
 
 * Communicate with systems under their control