Reverse engineering Codex CLI to get GPT-5-Codex-Mini to draw me a pelican
#gpt_5 #codex_mini #chatgpt #reverse_engineering
https://simonwillison.net/2025/Nov/9/gpt-5-codex-mini/
#gpt_5 #codex_mini #chatgpt #reverse_engineering
@ZwLowLevel
https://simonwillison.net/2025/Nov/9/gpt-5-codex-mini/
Simon Willison’s Weblog
Reverse engineering Codex CLI to get GPT-5-Codex-Mini to draw me a pelican
OpenAI partially released a new model yesterday called GPT-5-Codex-Mini, which they describe as "a more compact and cost-efficient version of GPT-5-Codex". It’s currently only available via their Codex CLI tool …
🛡 NoMoreStealer
A Windows kernel-mode minifilter driver that monitors file system access to protect against information-stealing malware
#minidriver #windows_kernel #defensive_tool #minifilter #ring0
https://github.com/EvilBytecode/NoMoreStealers
A Windows kernel-mode minifilter driver that monitors file system access to protect against information-stealing malware
#minidriver #windows_kernel #defensive_tool #minifilter #ring0
@ZwLowLevel
https://github.com/EvilBytecode/NoMoreStealers
GitHub
GitHub - EvilBytecode/NoMoreStealers: NoMoreStealers is a Windows file system minifilter driver that protects sensitive user data…
NoMoreStealers is a Windows file system minifilter driver that protects sensitive user data from untrusted processes. - EvilBytecode/NoMoreStealers
🔥1
Low Level CO 🇨🇴
🛡 NoMoreStealer A Windows kernel-mode minifilter driver that monitors file system access to protect against information-stealing malware #minidriver #windows_kernel #defensive_tool #minifilter #ring0 @ZwLowLevel https://github.com/EvilBytecode/NoMoreStealers
Understanding Mini-Filter Drivers for Windows Vulnerability Research & Exploit Development
#minifilter_driver #minidriver #windows_internals #windows_kernel
#minifilter_driver #minidriver #windows_internals #windows_kernel
@ZwLowLevel
Medium
Understanding Mini-Filter Drivers for Windows Vulnerability Research & Exploit Development
Hey everyone! Hope you’re all doing well. As always, I was looking for an interesting Windows internals topic to blog about. I google-d…
Media is too big
VIEW IN TELEGRAM
⚙️ Como crear un live memory dump de System usando Task Manager!
#memory_dump #task_manager #windbg
https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/task-manager-live-dump
#memory_dump #task_manager #windbg
@ZwLowLevel
https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/task-manager-live-dump
🔥2
Kid-cam firmware modding
#firmware_hacking #hardware_hacking
https://spritesmods.com/?art=kid_cam
#firmware_hacking #hardware_hacking
@ZwLowLevel
https://spritesmods.com/?art=kid_cam
Forwarded from Android Security & Malware
Runtime Android Object Instrumentation
https://knifecoat.com/Posts/Runtime+Android+Object+Instrumentation
https://knifecoat.com/Posts/Runtime+Android+Object+Instrumentation
KnifeCoat
Runtime Android Object Instrumentation - KnifeCoat
Intro This year I have been doing quite a bit Android userland analysis. Android is a wonderful platform to work on, great decompiler support (JEB), easy access to rooted devices (unless you buy NA l…
Evading Elastic EDR's call stack signatures with call gadgets
#call_stack #call_gadgets #edr_bypass #edr_evasion #maldev
https://offsec.almond.consulting/evading-elastic-callstack-signatures.html
#call_stack #call_gadgets #edr_bypass #edr_evasion #maldev
@ZwLowLevel
https://offsec.almond.consulting/evading-elastic-callstack-signatures.html
Polymorphic Obfuscation
This example demonstrates basic polymorphic obfuscation techniques, including encryption, variable code structure, and behavioral adaptation.
#obfuscate #polymorphic #edr_bypass
This example demonstrates basic polymorphic obfuscation techniques, including encryption, variable code structure, and behavioral adaptation.
#obfuscate #polymorphic #edr_bypass
@ZwLowLevel
Gist
This example demonstrates basic polymorphic obfuscation techniques, including encryption, variable code structure, and behavioral…
This example demonstrates basic polymorphic obfuscation techniques, including encryption, variable code structure, and behavioral adaptation. - polymorphic-obfuscation.md
EDR bypasses techniques written in Rust for Windows 10
#rust #malware_development #maldev
https://github.com/Arasimnida/EDR-bypass-rs
#rust #malware_development #maldev
@ZwLowLevel
https://github.com/Arasimnida/EDR-bypass-rs
GitHub
GitHub - Arasimnida/EDR-bypass-rs: EDR bypasses techniques written in Rust for Windows 10
EDR bypasses techniques written in Rust for Windows 10 - Arasimnida/EDR-bypass-rs
Moufilrr
Moufiltr is a Windows kernel filter driver which will attach to your mouse driver stack pipeline and allows you to filter or modify your mouse input.
#minifilter_driver #minidriver #windows_kernel
Moufiltr is a Windows kernel filter driver which will attach to your mouse driver stack pipeline and allows you to filter or modify your mouse input.
#minifilter_driver #minidriver #windows_kernel
@ZwLowLevel
GitHub
GitHub - Devilasa/Moufiltr: Moufiltr is a Windows kernel filter driver which will attach to your mouse driver stack pipeline and…
Moufiltr is a Windows kernel filter driver which will attach to your mouse driver stack pipeline and allows you to filter or modify your mouse input. - Devilasa/Moufiltr
Proxy: Next Generation Polymorphism in C++
#polymorphic #obfuscation
https://github.com/microsoft/proxy
#polymorphic #obfuscation
@ZwLowLevel
https://github.com/microsoft/proxy
GitHub
GitHub - microsoft/proxy: Proxy: Next Generation Polymorphism in C++
Proxy: Next Generation Polymorphism in C++. Contribute to microsoft/proxy development by creating an account on GitHub.
Low Level CO 🇨🇴 pinned «Proxy: Next Generation Polymorphism in C++ #polymorphic #obfuscation @ZwLowLevel https://github.com/microsoft/proxy»
A novel technique to instantly retrieve Windows kernel base address with a single instruction
#windows_internals #windows_kernel #ntoskrln #ring0
#include <ntddk.h>
#include <intrin.h>
NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING pRegistryPath)
{
UNREFERENCED_PARAMETER(pRegistryPath);
// Get kernel base address
uintptr_t kernel_base = __readmsr(0xC0000082) & ~0xFFFFFF;
DbgPrint("[+] ntoskrnl.exe base: 0x%llx\n", kernel_base);
// Verify it's a valid PE
PIMAGE_DOS_HEADER dos = (PIMAGE_DOS_HEADER)kernel_base;
PIMAGE_NT_HEADERS nt = (PIMAGE_NT_HEADERS)(kernel_base + dos->e_lfanew);
DbgPrint("[+] Image size: 0x%x (%u MB)\n",
nt->OptionalHeader.SizeOfImage,
nt->OptionalHeader.SizeOfImage / (1024 * 1024));
pDriverObject->DriverUnload = DriverUnload;
return STATUS_SUCCESS;
}
void DriverUnload(PDRIVER_OBJECT pDriverObject)
{
UNREFERENCED_PARAMETER(pDriverObject);
DbgPrint("[-] Driver unloaded\n");
}
#windows_internals #windows_kernel #ntoskrln #ring0
@ZwLowLevel
UnKnoWnCheaTs
Fast ntoskrnl Base Address Resolution via 16MB LSTAR Masking
A novel O(1) technique to instantly retrieve Windows kernel base address with a single instruction。 Code: #include <ntddk.h> #include <
Multi-Brand themed Phishing Campaign Harvests Credentials via Telegram Bot API
#phishing_campaing #phishing
https://cyble.com/blog/multi-brand-phishing-campaign-harvests-credentials/
#phishing_campaing #phishing
@ZwLowLevel
https://cyble.com/blog/multi-brand-phishing-campaign-harvests-credentials/
Advanced Game Hacking Library (C/C++/Rust/Python)
#game_hacking #libmem #cheat_sheet
https://github.com/rdbo/libmem
#game_hacking #libmem #cheat_sheet
@ZwLowLevel
https://github.com/rdbo/libmem
GitHub
GitHub - rdbo/libmem: Advanced Game Hacking Library for C, Modern C++, Rust and Python (Windows/Linux/FreeBSD) (Process/Memory…
Advanced Game Hacking Library for C, Modern C++, Rust and Python (Windows/Linux/FreeBSD) (Process/Memory Hacking) (Hooking/Detouring) (Cross Platform) (x86/x64) (DLL/SO Injection) (Internal/Externa...
AMD64 Architecture Programmer’s Manual Volume 1:
Application Programming
#os_internals #amd64
https://docs.amd.com/v/u/en-US/24592_3.24
Application Programming
#os_internals #amd64
@ZwLowLevel
https://docs.amd.com/v/u/en-US/24592_3.24
Hypervisors for Memory Introspection and Reverse Engineering
#hypervisor #virtual_machine_introspection
#windows_internals
#uefi
https://secret.club/2025/06/02/hypervisors-for-memory-introspection-and-reverse-engineering.html
#hypervisor #virtual_machine_introspection
#windows_internals
#uefi
@ZwLowLevel
https://secret.club/2025/06/02/hypervisors-for-memory-introspection-and-reverse-engineering.html
SharpParty: Process Injection in C#
#process_injection #maldev #edr_bypass #edr_evasion
#process_injection #maldev #edr_bypass #edr_evasion
@ZwLowLevel
https://github.com/strozfriedberg/SharpParty
https://levelblue.com/blogs/security-essentials/sharpparty
GitHub
GitHub - strozfriedberg/SharpParty: C# implementation of the process injection techniques dubbed "PoolParty"
C# implementation of the process injection techniques dubbed "PoolParty" - strozfriedberg/SharpParty