Windows Early Boot DSE Bypass Solution
Loading Unsigned Drivers on Windows 11 25H2: Boot-Time DSE Bypass via SeCiCallbacks Manipulation.
#bootloader #driver_signature_enforcement #windows_kernel #dse_bypass
https://github.com/wesmar/KernelResearchKit
Loading Unsigned Drivers on Windows 11 25H2: Boot-Time DSE Bypass via SeCiCallbacks Manipulation.
#bootloader #driver_signature_enforcement #windows_kernel #dse_bypass
@ZwLoWLevel
https://github.com/wesmar/KernelResearchKit
GitHub
GitHub - wesmar/KernelResearchKit: Windows 11 kernel research framework demonstrating DSE bypass on Windows 11 25H2 through boot…
Windows 11 kernel research framework demonstrating DSE bypass on Windows 11 25H2 through boot-time execution. Loads unsigned drivers by surgically patching SeCiCallbacks via native subsystem. Inclu...
Inside the Rise of AI-Powered Pharmaceutical Scams
#scam #ai #scampages
https://blog.checkpoint.com/healthcare/inside-the-rise-of-ai-powered-pharmaceutical-scams/
#scam #ai #scampages
@ZwLowLevel
https://blog.checkpoint.com/healthcare/inside-the-rise-of-ai-powered-pharmaceutical-scams/
Check Point Blog
Inside the Rise of AI-Powered Pharmaceutical Scams - Check Point Blog
Introduction Over the past few months, we identified an emerging online threat that combines fraud, social engineering, and genuine health risks. Scammers
PromptJacking: Critical RCEs in Claude Desktop That Turn Questions Into Exploits
#rce #exploit
#rce #exploit
@ZwLowLevel
www.koi.ai
PromptJacking: The Critical RCEs in Claude Desktop That Turn Questions Into Exploits
Critical RCE flaws in Claude Desktop (“PromptJacking”) let attackers turn simple user questions into dangerous exploits, risking data security.
Windows Memory Introspection with IceBox
#windows_internals #windows_kernel #virtual_memory #virtual_machine_introspection #page_table
https://blog.thalium.re/posts/windows-full-memory-introspection-with-icebox/
#windows_internals #windows_kernel #virtual_memory #virtual_machine_introspection #page_table
@ZwLowLevel
https://blog.thalium.re/posts/windows-full-memory-introspection-with-icebox/
THALIUM
Windows Memory Introspection with IceBox
Virtual Machine Introspection (VMI) is an extremely powerful technique to explore a guest OS. Directly acting on the hypervisor allows a stealth and precise control of the guest state, which means its CPU context as well as its memory.
Basically, a common…
Basically, a common…
BlackPill
BlackPill is a stealthy Linux rootkit made in Rust
#roorkit #linux_kernel #ring0 #ring_0
https://github.com/rce-3/blackpill
BlackPill is a stealthy Linux rootkit made in Rust
#roorkit #linux_kernel #ring0 #ring_0
@ZwLowLevel
https://github.com/rce-3/blackpill
Reverse engineering Codex CLI to get GPT-5-Codex-Mini to draw me a pelican
#gpt_5 #codex_mini #chatgpt #reverse_engineering
https://simonwillison.net/2025/Nov/9/gpt-5-codex-mini/
#gpt_5 #codex_mini #chatgpt #reverse_engineering
@ZwLowLevel
https://simonwillison.net/2025/Nov/9/gpt-5-codex-mini/
Simon Willison’s Weblog
Reverse engineering Codex CLI to get GPT-5-Codex-Mini to draw me a pelican
OpenAI partially released a new model yesterday called GPT-5-Codex-Mini, which they describe as "a more compact and cost-efficient version of GPT-5-Codex". It’s currently only available via their Codex CLI tool …
🛡 NoMoreStealer
A Windows kernel-mode minifilter driver that monitors file system access to protect against information-stealing malware
#minidriver #windows_kernel #defensive_tool #minifilter #ring0
https://github.com/EvilBytecode/NoMoreStealers
A Windows kernel-mode minifilter driver that monitors file system access to protect against information-stealing malware
#minidriver #windows_kernel #defensive_tool #minifilter #ring0
@ZwLowLevel
https://github.com/EvilBytecode/NoMoreStealers
GitHub
GitHub - EvilBytecode/NoMoreStealers: NoMoreStealers is a Windows file system minifilter driver that protects sensitive user data…
NoMoreStealers is a Windows file system minifilter driver that protects sensitive user data from untrusted processes. - EvilBytecode/NoMoreStealers
🔥1
Low Level CO 🇨🇴
🛡 NoMoreStealer A Windows kernel-mode minifilter driver that monitors file system access to protect against information-stealing malware #minidriver #windows_kernel #defensive_tool #minifilter #ring0 @ZwLowLevel https://github.com/EvilBytecode/NoMoreStealers
Understanding Mini-Filter Drivers for Windows Vulnerability Research & Exploit Development
#minifilter_driver #minidriver #windows_internals #windows_kernel
#minifilter_driver #minidriver #windows_internals #windows_kernel
@ZwLowLevel
Medium
Understanding Mini-Filter Drivers for Windows Vulnerability Research & Exploit Development
Hey everyone! Hope you’re all doing well. As always, I was looking for an interesting Windows internals topic to blog about. I google-d…
Media is too big
VIEW IN TELEGRAM
⚙️ Como crear un live memory dump de System usando Task Manager!
#memory_dump #task_manager #windbg
https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/task-manager-live-dump
#memory_dump #task_manager #windbg
@ZwLowLevel
https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/task-manager-live-dump
🔥2
Kid-cam firmware modding
#firmware_hacking #hardware_hacking
https://spritesmods.com/?art=kid_cam
#firmware_hacking #hardware_hacking
@ZwLowLevel
https://spritesmods.com/?art=kid_cam
Forwarded from Android Security & Malware
Runtime Android Object Instrumentation
https://knifecoat.com/Posts/Runtime+Android+Object+Instrumentation
https://knifecoat.com/Posts/Runtime+Android+Object+Instrumentation
KnifeCoat
Runtime Android Object Instrumentation - KnifeCoat
Intro This year I have been doing quite a bit Android userland analysis. Android is a wonderful platform to work on, great decompiler support (JEB), easy access to rooted devices (unless you buy NA l…
Evading Elastic EDR's call stack signatures with call gadgets
#call_stack #call_gadgets #edr_bypass #edr_evasion #maldev
https://offsec.almond.consulting/evading-elastic-callstack-signatures.html
#call_stack #call_gadgets #edr_bypass #edr_evasion #maldev
@ZwLowLevel
https://offsec.almond.consulting/evading-elastic-callstack-signatures.html
Polymorphic Obfuscation
This example demonstrates basic polymorphic obfuscation techniques, including encryption, variable code structure, and behavioral adaptation.
#obfuscate #polymorphic #edr_bypass
This example demonstrates basic polymorphic obfuscation techniques, including encryption, variable code structure, and behavioral adaptation.
#obfuscate #polymorphic #edr_bypass
@ZwLowLevel
Gist
This example demonstrates basic polymorphic obfuscation techniques, including encryption, variable code structure, and behavioral…
This example demonstrates basic polymorphic obfuscation techniques, including encryption, variable code structure, and behavioral adaptation. - polymorphic-obfuscation.md
EDR bypasses techniques written in Rust for Windows 10
#rust #malware_development #maldev
https://github.com/Arasimnida/EDR-bypass-rs
#rust #malware_development #maldev
@ZwLowLevel
https://github.com/Arasimnida/EDR-bypass-rs
GitHub
GitHub - Arasimnida/EDR-bypass-rs: EDR bypasses techniques written in Rust for Windows 10
EDR bypasses techniques written in Rust for Windows 10 - Arasimnida/EDR-bypass-rs