Malware Reverse Engineering for Beginners: Unpacking Packers and Defeating Protectors
#reverse_engineering #malware_analysis #deobfuscation
https://hackmag.com/malware/reversing-malware-tutorial-part3
#reverse_engineering #malware_analysis #deobfuscation
@ZwLowLevel
https://hackmag.com/malware/reversing-malware-tutorial-part3
HackMag
Malware Reverse Engineering for Beginners: Unpacking Packers and Defeating Protectors
Tech magazine for cybersecurity specialists
Windows Heap Exploitation - From Heap Overflow to Arbitrary R/W
#windows_heap #windows_internals #exploit_development
https://mrt4ntr4.github.io/Windows-Heap-Exploitation-dadadb
#windows_heap #windows_internals #exploit_development
@ZwLowLevel
https://mrt4ntr4.github.io/Windows-Heap-Exploitation-dadadb
mrT4ntr4's Blog
Windows Heap Exploitation - From Heap Overflow to Arbitrary R/W
TLDR I was unable to find some good writeups/blogposts on Windows user mode heap exploitation which inspired me to write an introductory but practical post on Windows heap internals and exploitati
OPEN SOURCE MALWARE
A community database, API and collaboration platform to help identify and protect against open source malware
#malware #maldev #malware_development
A community database, API and collaboration platform to help identify and protect against open source malware
#malware #maldev #malware_development
@ZwLowLevel
Ghosts in /proc: Manipulation and Timeline Corruption
#malware_analysis #linux_malware #malware
https://www.group-ib.com/blog/ghosts-in-proc/
#malware_analysis #linux_malware #malware
@ZwLowLevel
https://www.group-ib.com/blog/ghosts-in-proc/
Group-IB
Ghosts in /proc: Manipulation and Timeline Corruption
Discover how attackers could manipulate the Linux /proc filesystem to hide malicious processes and distort forensic timelines. This technical deep dive highlights examples of command-line substitution and start time corruption, and offers detection and defense…
Code-in-the-Middle : An Introduction to IR
#edr_bypass #maldev #malware_development
https://rohannk.com/posts/Code-in-the-Middle/
#edr_bypass #maldev #malware_development
@ZwLowLevel
https://rohannk.com/posts/Code-in-the-Middle/
Cipher007
Code-in-the-Middle : An Introduction to IR
The EDR Wall
LeakyInjector and LeakyStealer Duo Hunts For Crypto and Browser History
#malware #malware_analysis
#malware #malware_analysis
@ZwLowLevel
Blogspot
LeakyInjector and LeakyStealer Duo Hunts For Crypto and Browser History
Author(s): Vlad Pasca, Radu-Emanuel Chiscariu New two-stage malware targets cryptocurrency wallets and browser history LeakyInjector uses l...
CrossC2 Expanding Cobalt Strike Beacon to Cross-Platform Attacks
#cobalt_strike #c2 #beacon #red_team
https://blogs.jpcert.or.jp/en/2025/08/crossc2.html
#cobalt_strike #c2 #beacon #red_team
@ZwLowLevel
https://blogs.jpcert.or.jp/en/2025/08/crossc2.html
JPCERT/CC Eyes
CrossC2 Expanding Cobalt Strike Beacon to Cross-Platform Attacks - JPCERT/CC Eyes
From September to December 2024, JPCERT/CC has confirmed incidents involving CrossC2, the extension tool to create Cobalt Strike Beacon for Linux OS. The attacker employed CrossC2 as well as other tools such as PsExec, Plink, and Cobalt Strike in attempts...
The Kernel Explained: The Hidden Heartbeat of Your Operating System
#kernel #os_internals #ring_0 #ring3
#kernel #os_internals #ring_0 #ring3
@ZwLowLevel
Medium
The Kernel Explained: The Hidden Heartbeat of Your Operating System
When you power on your computer, there’s one unsung hero that comes alive before anything else — the kernel. It’s the very first program…
EtwLeakKernel
Leaking kernel addresses from ETW consumers
#etw #windows_kernel #memory_keak #memory_corruption
https://github.com/Idov31/EtwLeakKernel/tree/master
Leaking kernel addresses from ETW consumers
#etw #windows_kernel #memory_keak #memory_corruption
@ZwLowLevel
https://github.com/Idov31/EtwLeakKernel/tree/master
GitHub
GitHub - Idov31/EtwLeakKernel: Leaking kernel addresses from ETW consumers. Required Administrator privileges.
Leaking kernel addresses from ETW consumers. Required Administrator privileges. - Idov31/EtwLeakKernel
Windows Early Boot DSE Bypass Solution
Loading Unsigned Drivers on Windows 11 25H2: Boot-Time DSE Bypass via SeCiCallbacks Manipulation.
#bootloader #driver_signature_enforcement #windows_kernel #dse_bypass
https://github.com/wesmar/KernelResearchKit
Loading Unsigned Drivers on Windows 11 25H2: Boot-Time DSE Bypass via SeCiCallbacks Manipulation.
#bootloader #driver_signature_enforcement #windows_kernel #dse_bypass
@ZwLoWLevel
https://github.com/wesmar/KernelResearchKit
GitHub
GitHub - wesmar/KernelResearchKit: Windows 11 kernel research framework demonstrating DSE bypass on Windows 11 25H2 through boot…
Windows 11 kernel research framework demonstrating DSE bypass on Windows 11 25H2 through boot-time execution. Loads unsigned drivers by surgically patching SeCiCallbacks via native subsystem. Inclu...
Inside the Rise of AI-Powered Pharmaceutical Scams
#scam #ai #scampages
https://blog.checkpoint.com/healthcare/inside-the-rise-of-ai-powered-pharmaceutical-scams/
#scam #ai #scampages
@ZwLowLevel
https://blog.checkpoint.com/healthcare/inside-the-rise-of-ai-powered-pharmaceutical-scams/
Check Point Blog
Inside the Rise of AI-Powered Pharmaceutical Scams - Check Point Blog
Introduction Over the past few months, we identified an emerging online threat that combines fraud, social engineering, and genuine health risks. Scammers
PromptJacking: Critical RCEs in Claude Desktop That Turn Questions Into Exploits
#rce #exploit
#rce #exploit
@ZwLowLevel
www.koi.ai
PromptJacking: The Critical RCEs in Claude Desktop That Turn Questions Into Exploits
Critical RCE flaws in Claude Desktop (“PromptJacking”) let attackers turn simple user questions into dangerous exploits, risking data security.
Windows Memory Introspection with IceBox
#windows_internals #windows_kernel #virtual_memory #virtual_machine_introspection #page_table
https://blog.thalium.re/posts/windows-full-memory-introspection-with-icebox/
#windows_internals #windows_kernel #virtual_memory #virtual_machine_introspection #page_table
@ZwLowLevel
https://blog.thalium.re/posts/windows-full-memory-introspection-with-icebox/
THALIUM
Windows Memory Introspection with IceBox
Virtual Machine Introspection (VMI) is an extremely powerful technique to explore a guest OS. Directly acting on the hypervisor allows a stealth and precise control of the guest state, which means its CPU context as well as its memory.
Basically, a common…
Basically, a common…
BlackPill
BlackPill is a stealthy Linux rootkit made in Rust
#roorkit #linux_kernel #ring0 #ring_0
https://github.com/rce-3/blackpill
BlackPill is a stealthy Linux rootkit made in Rust
#roorkit #linux_kernel #ring0 #ring_0
@ZwLowLevel
https://github.com/rce-3/blackpill