Breaking Control Flow Flattening: A Deep Technical Analysis
https://zerotistic.blog/posts/cff-remover/
advanced obfuscation with LLVM and template metaprogramming
https://0xpat.github.io/Malware_development_part_6/
basic Ultility To Generate C++ Codes That Applies Some Sort Of Control Flow Flattening Obfuscation On Your Projects.
https://github.com/PaulNorman01/Control-Flow-Flattening-Ultility
Building a Compile-Time Obfuscation Tool
https://medium.com/@bu19akov/building-a-compile-time-obfuscation-tool-c757effe19b5
Angr Control Flow Deobfuscation
https://research.openanalysis.net/angr/symbolic%20execution/deobfuscation/research/2022/03/26/angr_notes.html
https://zerotistic.blog/posts/cff-remover/
advanced obfuscation with LLVM and template metaprogramming
https://0xpat.github.io/Malware_development_part_6/
basic Ultility To Generate C++ Codes That Applies Some Sort Of Control Flow Flattening Obfuscation On Your Projects.
https://github.com/PaulNorman01/Control-Flow-Flattening-Ultility
Building a Compile-Time Obfuscation Tool
https://medium.com/@bu19akov/building-a-compile-time-obfuscation-tool-c757effe19b5
Angr Control Flow Deobfuscation
https://research.openanalysis.net/angr/symbolic%20execution/deobfuscation/research/2022/03/26/angr_notes.html
1👾7
I wannabe Red Team Operator, so what Now?
Tools won’t make you a Red Teamer any more than a stethoscope makes you a doctor. What matters is knowing why, when, and how to use them. Surgically.
Tools won’t make you a Red Teamer any more than a stethoscope makes you a doctor. What matters is knowing why, when, and how to use them. Surgically.
👾10
executing shellcode from non-executable memory and "bypassing" DEP/NX.
A proof-of-concept implementation demonstrating how to execute code from non-executable memory on Windows x64 systems by combining hardware breakpoints, vectored exception handling (VEH), and instruction emulation—bypassing DEP/NX protection without modifying memory permissions.
A proof-of-concept implementation demonstrating how to execute code from non-executable memory on Windows x64 systems by combining hardware breakpoints, vectored exception handling (VEH), and instruction emulation—bypassing DEP/NX protection without modifying memory permissions.
👾6
Meet the Malware: Extension
#stealer
TigerJack's Extensions Continue to Rob Developers Blind Across Different Marketplaces
#stealer
👾2
Bypassing Web Filters - SNI spoofing
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-1-sni-spoofing/
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-2-host-header-spoofing/
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-3-domain-fronting/
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-4-host-header-spoofing-domain-fronting-detection-bypasses/
#Infra
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-1-sni-spoofing/
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-2-host-header-spoofing/
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-3-domain-fronting/
https://blog.compass-security.com/2025/03/bypassing-web-filters-part-4-host-header-spoofing-domain-fronting-detection-bypasses/
#Infra
👾7
👾4
Fast, Broad, and Elusive: How Vidar Stealer 2.0 Upgrades Infostealer Capabilities
Trend™ Research examines the latest version of the Vidar stealer, which features a full rewrite in C, a multithreaded architecture, and several enhancements that warrant attention. Its timely evolution suggests that Vidar is positioning itself to occupy the space left after Lumma Stealer’s decline.
#stealer
Trend™ Research examines the latest version of the Vidar stealer, which features a full rewrite in C, a multithreaded architecture, and several enhancements that warrant attention. Its timely evolution suggests that Vidar is positioning itself to occupy the space left after Lumma Stealer’s decline.
#stealer
👾6
Forwarded from 1N73LL1G3NC3
Credential Guard was supposed to end credential dumping. It didn't. @bytewreck just dropped a new blog post detailing techniques for extracting credentials on fully patched Windows 11 & Server 2025 with modern protections enabled.
🔗 DumpGuard
Proof-of-Concept tool for extracting NTLMv1 hashes from sessions on modern Windows systems.
P.S. Previously, crack.sh operated a free service for performing rainbow table lookups to recover NT hashes from NTLMv1 responses, but was recently shut down due to maintenance issues. In its absence, a new free service was published at ntlmv1.com.
Please open Telegram to view this post
VIEW IN TELEGRAM
👾9
👾5
Forwarded from Threat Hunting Father 🦔
ADCS ESC9_15 Offzone2025.pdf
2 MB
На Offzone 2025 показали, как цепочки ESC9–ESC15 позволяют эскалировать права через AD Certificate Services: обход StrongCertificateBindingEnforcement, подмена
altSecurityIdentities, злоупотребление IssuancePolicy, и новый баг — CVE-2024-49019 (arbitrary Application Policy).🦔 THF
Please open Telegram to view this post
VIEW IN TELEGRAM
👾3
call stack signatures with call gadgets
Published on Thu 06 November 2025 by SAERXCIT (@SAERXCIT)
TL;DR: Using call gadgets to insert arbitrary modules in the call stack during module load, breaking signatures used in detection rules. The code is available here: https://github.com/AlmondOffSec/LibTPLoadLib
👾4
Forwarded from Proxy Bar
Visual Studio 2026 is here
Keys:
Keys:
Professional: NVTDK-QB8J9-M28GR-92BPC-BTHXK
Enterprise: VYGRN-WPR22-HG4X3-692BF-QGT2V
👾3