๐ All Educational Series
Comprehensive Cybersecurity Education Across Multiple Domains
Explore our growing collection of in-depth educational series covering various cybersecurity topics. Each series provides complete coverage from basics to advanced techniques, with hands-on labs and detection strategies.
๐ Series 1: BYOPH - Bring Your Own Protocol Handler
| Status: โ Complete | Level: Intermediate | Platform: Windows | Parts: 7 |
A comprehensive guide to Windows protocol handler attacks, from basic concepts to advanced evasion techniques.
Quick Overview
Windows protocol handler attacks that achieve code execution, persistence, and evasion without exploits or admin privileges.
Topics Covered:
- Protocol handler mechanics and registry structure
- Attack techniques and persistence mechanisms
- Detection and threat hunting strategies
- Incident response procedures
- Advanced OPSEC and evasion techniques
Resources:
- ๐ 7-part article series
- ๐ ๏ธ Working code samples and handlers
- ๐ Detection rules (Sigma, Sysmon, PowerShell)
- ๐งช Lab exercises with cleanup scripts
BYOPH Series Articles
Part 1: The Hidden Attack Surface in Every Click
Topics: Protocol handlers, registry basics, attack chain overview
What Youโll Learn:
- How Windows protocol handlers work
- The attack chain from registration to execution
- Why this technique is so effective
- Real-world attack scenarios
Part 2: Anatomy of an Attack
Topics: Artifact analysis, IoC extraction, forensic investigation
What Youโll Learn:
- Dissecting malicious .reg files
- Identifying indicators of compromise
- Registry artifact analysis
- Attack reconstruction techniques
Part 3: Building a Safe Testing Ground
Topics: Lab setup, benign handler creation, safe testing practices
Part 4: HKCU vs HKLM - Understanding Persistence
Topics: Registration methods, precedence rules, privilege requirements
Part 5: From Documents to Browsers
Topics: Invocation methods, attack surface analysis, delivery mechanisms
Part 6: Hunting BYOPH - Detection and Response
Topics: Detection rules, Sysmon configuration, threat hunting
Part 7: OPSEC and the Future
Topics: Advanced techniques, evasion methods, evolved defenses
What Youโll Learn:
- Advanced OPSEC considerations
- Evasion techniques
- Custom handler development
- Future attack evolution
๐ง Coming Soon: Future Series
๐ง Series 2: Advanced Phishing Techniques
Status: ๐ Planned | Level: Intermediate | Platform: Cross-Platform
Email security analysis, link obfuscation, credential harvesting detection, and anti-phishing strategies.
โก Series 3: PowerShell Security
Status: ๐ Planned | Level: Intermediate | Platform: Windows
Script analysis, deobfuscation, logging, offensive PowerShell techniques, and detection strategies.
๐ฆ Series 4: Malware Analysis Fundamentals
Status: ๐ Planned | Level: Advanced | Platform: Cross-Platform
Static/dynamic analysis, reverse engineering basics, sandbox evasion, and behavioral analysis.
๐ Series 5: Threat Hunting Methodologies
Status: ๐ Planned | Level: Advanced | Platform: Cross-Platform
Hypothesis-driven hunting, data source analysis, tool development, and hunt documentation.
๐ก Want to see a specific topic? Suggest a series โ
โ ๏ธ Important Notice
All content is for educational and authorized security testing only. Always:
- Test in isolated lab environments
- Obtain written authorization
- Follow responsible disclosure practices
- Never use for unauthorized access
| โ Back to Home | BYOPH Series โ | Code Samples โ | Detection Rules โ |