CrossC2 Expanding Cobalt Strike Beacon to Cross-Platform Attacks
#cobalt_strike #c2 #beacon #red_team
https://blogs.jpcert.or.jp/en/2025/08/crossc2.html
#cobalt_strike #c2 #beacon #red_team
@ZwLowLevel
https://blogs.jpcert.or.jp/en/2025/08/crossc2.html
JPCERT/CC Eyes
CrossC2 Expanding Cobalt Strike Beacon to Cross-Platform Attacks - JPCERT/CC Eyes
From September to December 2024, JPCERT/CC has confirmed incidents involving CrossC2, the extension tool to create Cobalt Strike Beacon for Linux OS. The attacker employed CrossC2 as well as other tools such as PsExec, Plink, and Cobalt Strike in attempts...
The Kernel Explained: The Hidden Heartbeat of Your Operating System
#kernel #os_internals #ring_0 #ring3
#kernel #os_internals #ring_0 #ring3
@ZwLowLevel
Medium
The Kernel Explained: The Hidden Heartbeat of Your Operating System
When you power on your computer, there’s one unsung hero that comes alive before anything else — the kernel. It’s the very first program…
EtwLeakKernel
Leaking kernel addresses from ETW consumers
#etw #windows_kernel #memory_keak #memory_corruption
https://github.com/Idov31/EtwLeakKernel/tree/master
Leaking kernel addresses from ETW consumers
#etw #windows_kernel #memory_keak #memory_corruption
@ZwLowLevel
https://github.com/Idov31/EtwLeakKernel/tree/master
GitHub
GitHub - Idov31/EtwLeakKernel: Leaking kernel addresses from ETW consumers. Required Administrator privileges.
Leaking kernel addresses from ETW consumers. Required Administrator privileges. - Idov31/EtwLeakKernel
Windows Early Boot DSE Bypass Solution
Loading Unsigned Drivers on Windows 11 25H2: Boot-Time DSE Bypass via SeCiCallbacks Manipulation.
#bootloader #driver_signature_enforcement #windows_kernel #dse_bypass
https://github.com/wesmar/KernelResearchKit
Loading Unsigned Drivers on Windows 11 25H2: Boot-Time DSE Bypass via SeCiCallbacks Manipulation.
#bootloader #driver_signature_enforcement #windows_kernel #dse_bypass
@ZwLoWLevel
https://github.com/wesmar/KernelResearchKit
GitHub
GitHub - wesmar/KernelResearchKit: Windows 11 kernel research framework demonstrating DSE bypass on Windows 11 25H2 through boot…
Windows 11 kernel research framework demonstrating DSE bypass on Windows 11 25H2 through boot-time execution. Loads unsigned drivers by surgically patching SeCiCallbacks via native subsystem. Inclu...
Inside the Rise of AI-Powered Pharmaceutical Scams
#scam #ai #scampages
https://blog.checkpoint.com/healthcare/inside-the-rise-of-ai-powered-pharmaceutical-scams/
#scam #ai #scampages
@ZwLowLevel
https://blog.checkpoint.com/healthcare/inside-the-rise-of-ai-powered-pharmaceutical-scams/
Check Point Blog
Inside the Rise of AI-Powered Pharmaceutical Scams - Check Point Blog
Introduction Over the past few months, we identified an emerging online threat that combines fraud, social engineering, and genuine health risks. Scammers
PromptJacking: Critical RCEs in Claude Desktop That Turn Questions Into Exploits
#rce #exploit
#rce #exploit
@ZwLowLevel
www.koi.ai
PromptJacking: The Critical RCEs in Claude Desktop That Turn Questions Into Exploits
Critical RCE flaws in Claude Desktop (“PromptJacking”) let attackers turn simple user questions into dangerous exploits, risking data security.
Windows Memory Introspection with IceBox
#windows_internals #windows_kernel #virtual_memory #virtual_machine_introspection #page_table
https://blog.thalium.re/posts/windows-full-memory-introspection-with-icebox/
#windows_internals #windows_kernel #virtual_memory #virtual_machine_introspection #page_table
@ZwLowLevel
https://blog.thalium.re/posts/windows-full-memory-introspection-with-icebox/
THALIUM
Windows Memory Introspection with IceBox
Virtual Machine Introspection (VMI) is an extremely powerful technique to explore a guest OS. Directly acting on the hypervisor allows a stealth and precise control of the guest state, which means its CPU context as well as its memory.
Basically, a common…
Basically, a common…
BlackPill
BlackPill is a stealthy Linux rootkit made in Rust
#roorkit #linux_kernel #ring0 #ring_0
https://github.com/rce-3/blackpill
BlackPill is a stealthy Linux rootkit made in Rust
#roorkit #linux_kernel #ring0 #ring_0
@ZwLowLevel
https://github.com/rce-3/blackpill
Reverse engineering Codex CLI to get GPT-5-Codex-Mini to draw me a pelican
#gpt_5 #codex_mini #chatgpt #reverse_engineering
https://simonwillison.net/2025/Nov/9/gpt-5-codex-mini/
#gpt_5 #codex_mini #chatgpt #reverse_engineering
@ZwLowLevel
https://simonwillison.net/2025/Nov/9/gpt-5-codex-mini/
Simon Willison’s Weblog
Reverse engineering Codex CLI to get GPT-5-Codex-Mini to draw me a pelican
OpenAI partially released a new model yesterday called GPT-5-Codex-Mini, which they describe as "a more compact and cost-efficient version of GPT-5-Codex". It’s currently only available via their Codex CLI tool …
🛡 NoMoreStealer
A Windows kernel-mode minifilter driver that monitors file system access to protect against information-stealing malware
#minidriver #windows_kernel #defensive_tool #minifilter #ring0
https://github.com/EvilBytecode/NoMoreStealers
A Windows kernel-mode minifilter driver that monitors file system access to protect against information-stealing malware
#minidriver #windows_kernel #defensive_tool #minifilter #ring0
@ZwLowLevel
https://github.com/EvilBytecode/NoMoreStealers
GitHub
GitHub - EvilBytecode/NoMoreStealers: NoMoreStealers is a Windows file system minifilter driver that protects sensitive user data…
NoMoreStealers is a Windows file system minifilter driver that protects sensitive user data from untrusted processes. - EvilBytecode/NoMoreStealers
🔥1
Low Level CO 🇨🇴
🛡 NoMoreStealer A Windows kernel-mode minifilter driver that monitors file system access to protect against information-stealing malware #minidriver #windows_kernel #defensive_tool #minifilter #ring0 @ZwLowLevel https://github.com/EvilBytecode/NoMoreStealers
Understanding Mini-Filter Drivers for Windows Vulnerability Research & Exploit Development
#minifilter_driver #minidriver #windows_internals #windows_kernel
#minifilter_driver #minidriver #windows_internals #windows_kernel
@ZwLowLevel
Medium
Understanding Mini-Filter Drivers for Windows Vulnerability Research & Exploit Development
Hey everyone! Hope you’re all doing well. As always, I was looking for an interesting Windows internals topic to blog about. I google-d…
Media is too big
VIEW IN TELEGRAM
⚙️ Como crear un live memory dump de System usando Task Manager!
#memory_dump #task_manager #windbg
https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/task-manager-live-dump
#memory_dump #task_manager #windbg
@ZwLowLevel
https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/task-manager-live-dump
🔥2
Kid-cam firmware modding
#firmware_hacking #hardware_hacking
https://spritesmods.com/?art=kid_cam
#firmware_hacking #hardware_hacking
@ZwLowLevel
https://spritesmods.com/?art=kid_cam
Forwarded from Android Security & Malware
Runtime Android Object Instrumentation
https://knifecoat.com/Posts/Runtime+Android+Object+Instrumentation
https://knifecoat.com/Posts/Runtime+Android+Object+Instrumentation
KnifeCoat
Runtime Android Object Instrumentation - KnifeCoat
Intro This year I have been doing quite a bit Android userland analysis. Android is a wonderful platform to work on, great decompiler support (JEB), easy access to rooted devices (unless you buy NA l…