Blue Team Cyber Defender

  Learn how to interact with the win32 API and understand its wide range of use cases Link- https://tryhackme.com/room/windowsapi Does a process in the user mode have direct hardware access? (Y/N) n Does launching an application as an administrator open the process in kernel mode? (Y/N) n What header file imports and defines the User32 DLL and structure? winuser.h What parent header file contains all other required child and core header files? windows.h What overarching namespace provides P/Invoke to .NET? system What memory protection solution obscures the process of importing API calls? aslr Which character appended to an API call represents an ANSI encoding? a Which character appended to an API call represents extended functionality? ex What is the memory allocation type of 0x00080000 in the VirtualAlloc API call? MEM_RESET Do you need to define a structure to use API calls in C? (Y/N) n What method is used to import a required DLL? dllimport What type of method is used to reference

  Introduction to x64 Assembly on Windows. Link- https://tryhackme.com/room/win64assembly What is 0xA in decimal? 10 What is decimal 25 in hexadecimal? Include the prefix for hexadecimal. 0x19 How many bytes is a WORD? 2 How many bits is a WORD? 16 What is the result of the binary operation: 1011 AND 1100? 1000 What is the result of the binary operation: 1011 NAND 1100? Include leading zeroes. 0111 How many bytes is RAX? 8 How many bytes is EAX? 4 What instruction returns from a function? ret What instruction will call/execute a function? call What instruction could be used to save a register in a way that it can later be restored? PUSH If two equal values are compared to each other, what will ZF be set to as result of the comparison? 1 In fastcall, what 64-bit register will hold the return value of a function? RAX In fastcall, what register is the first function parameter passed in? RCX In what order is data taken off of or put onto the stack? Provide the acronym. LIFO That’s it! See