Polymorphic Obfuscation
This example demonstrates basic polymorphic obfuscation techniques, including encryption, variable code structure, and behavioral adaptation.
#obfuscate #polymorphic #edr_bypass
This example demonstrates basic polymorphic obfuscation techniques, including encryption, variable code structure, and behavioral adaptation.
#obfuscate #polymorphic #edr_bypass
@ZwLowLevel
Gist
This example demonstrates basic polymorphic obfuscation techniques, including encryption, variable code structure, and behavioral…
This example demonstrates basic polymorphic obfuscation techniques, including encryption, variable code structure, and behavioral adaptation. - polymorphic-obfuscation.md
EDR bypasses techniques written in Rust for Windows 10
#rust #malware_development #maldev
https://github.com/Arasimnida/EDR-bypass-rs
#rust #malware_development #maldev
@ZwLowLevel
https://github.com/Arasimnida/EDR-bypass-rs
GitHub
GitHub - Arasimnida/EDR-bypass-rs: EDR bypasses techniques written in Rust for Windows 10
EDR bypasses techniques written in Rust for Windows 10 - Arasimnida/EDR-bypass-rs
Moufilrr
Moufiltr is a Windows kernel filter driver which will attach to your mouse driver stack pipeline and allows you to filter or modify your mouse input.
#minifilter_driver #minidriver #windows_kernel
Moufiltr is a Windows kernel filter driver which will attach to your mouse driver stack pipeline and allows you to filter or modify your mouse input.
#minifilter_driver #minidriver #windows_kernel
@ZwLowLevel
GitHub
GitHub - Devilasa/Moufiltr: Moufiltr is a Windows kernel filter driver which will attach to your mouse driver stack pipeline and…
Moufiltr is a Windows kernel filter driver which will attach to your mouse driver stack pipeline and allows you to filter or modify your mouse input. - Devilasa/Moufiltr
Proxy: Next Generation Polymorphism in C++
#polymorphic #obfuscation
https://github.com/microsoft/proxy
#polymorphic #obfuscation
@ZwLowLevel
https://github.com/microsoft/proxy
GitHub
GitHub - microsoft/proxy: Proxy: Next Generation Polymorphism in C++
Proxy: Next Generation Polymorphism in C++. Contribute to microsoft/proxy development by creating an account on GitHub.
Low Level CO 🇨🇴 pinned «Proxy: Next Generation Polymorphism in C++ #polymorphic #obfuscation @ZwLowLevel https://github.com/microsoft/proxy»
A novel technique to instantly retrieve Windows kernel base address with a single instruction
#windows_internals #windows_kernel #ntoskrln #ring0
#include <ntddk.h>
#include <intrin.h>
NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING pRegistryPath)
{
UNREFERENCED_PARAMETER(pRegistryPath);
// Get kernel base address
uintptr_t kernel_base = __readmsr(0xC0000082) & ~0xFFFFFF;
DbgPrint("[+] ntoskrnl.exe base: 0x%llx\n", kernel_base);
// Verify it's a valid PE
PIMAGE_DOS_HEADER dos = (PIMAGE_DOS_HEADER)kernel_base;
PIMAGE_NT_HEADERS nt = (PIMAGE_NT_HEADERS)(kernel_base + dos->e_lfanew);
DbgPrint("[+] Image size: 0x%x (%u MB)\n",
nt->OptionalHeader.SizeOfImage,
nt->OptionalHeader.SizeOfImage / (1024 * 1024));
pDriverObject->DriverUnload = DriverUnload;
return STATUS_SUCCESS;
}
void DriverUnload(PDRIVER_OBJECT pDriverObject)
{
UNREFERENCED_PARAMETER(pDriverObject);
DbgPrint("[-] Driver unloaded\n");
}
#windows_internals #windows_kernel #ntoskrln #ring0
@ZwLowLevel
UnKnoWnCheaTs
Fast ntoskrnl Base Address Resolution via 16MB LSTAR Masking
A novel O(1) technique to instantly retrieve Windows kernel base address with a single instruction。 Code: #include <ntddk.h> #include <
Multi-Brand themed Phishing Campaign Harvests Credentials via Telegram Bot API
#phishing_campaing #phishing
https://cyble.com/blog/multi-brand-phishing-campaign-harvests-credentials/
#phishing_campaing #phishing
@ZwLowLevel
https://cyble.com/blog/multi-brand-phishing-campaign-harvests-credentials/
Advanced Game Hacking Library (C/C++/Rust/Python)
#game_hacking #libmem #cheat_sheet
https://github.com/rdbo/libmem
#game_hacking #libmem #cheat_sheet
@ZwLowLevel
https://github.com/rdbo/libmem
GitHub
GitHub - rdbo/libmem: Advanced Game Hacking Library for C, Modern C++, Rust and Python (Windows/Linux/FreeBSD) (Process/Memory…
Advanced Game Hacking Library for C, Modern C++, Rust and Python (Windows/Linux/FreeBSD) (Process/Memory Hacking) (Hooking/Detouring) (Cross Platform) (x86/x64) (DLL/SO Injection) (Internal/Externa...
AMD64 Architecture Programmer’s Manual Volume 1:
Application Programming
#os_internals #amd64
https://docs.amd.com/v/u/en-US/24592_3.24
Application Programming
#os_internals #amd64
@ZwLowLevel
https://docs.amd.com/v/u/en-US/24592_3.24
Hypervisors for Memory Introspection and Reverse Engineering
#hypervisor #virtual_machine_introspection
#windows_internals
#uefi
https://secret.club/2025/06/02/hypervisors-for-memory-introspection-and-reverse-engineering.html
#hypervisor #virtual_machine_introspection
#windows_internals
#uefi
@ZwLowLevel
https://secret.club/2025/06/02/hypervisors-for-memory-introspection-and-reverse-engineering.html
SharpParty: Process Injection in C#
#process_injection #maldev #edr_bypass #edr_evasion
#process_injection #maldev #edr_bypass #edr_evasion
@ZwLowLevel
https://github.com/strozfriedberg/SharpParty
https://levelblue.com/blogs/security-essentials/sharpparty
GitHub
GitHub - strozfriedberg/SharpParty: C# implementation of the process injection techniques dubbed "PoolParty"
C# implementation of the process injection techniques dubbed "PoolParty" - strozfriedberg/SharpParty
Stack Obfuscator
High performance anti-analysis header for Windows (Kernel & User) and Linux systems
#ring_0 #windows_kerner
#stack_obfuscator #anti_debugging
#anti_analysis
https://github.com/Arty3/Stack-Obfuscator
High performance anti-analysis header for Windows (Kernel & User) and Linux systems
#ring_0 #windows_kerner
#stack_obfuscator #anti_debugging
#anti_analysis
@ZwLowLevel
https://github.com/Arty3/Stack-Obfuscator
GitHub
GitHub - Arty3/Stack-Obfuscator: High performance anti-analysis header for Windows (Kernel & User) and Linux systems
High performance anti-analysis header for Windows (Kernel & User) and Linux systems - Arty3/Stack-Obfuscator
#windows_internals #windows_kerner
#kernel_structure
@ZwLowLevel
https://github.com/I3r1h0n/eprocess_offsets
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - I3r1h0n/eprocess_offsets: Windows kernel _EPROCESS offsets list
Windows kernel _EPROCESS offsets list. Contribute to I3r1h0n/eprocess_offsets development by creating an account on GitHub.
#cloud_hacking #kurbenetes #cloud_security
@ZwLowLevel
https://www.rbtsec.com/blog/kubernetes-pentesting-part-five-full-etcd-secrets-dump/
Please open Telegram to view this post
VIEW IN TELEGRAM
RBT Security | Reinventing The Security
Kubernetes Pentesting – Part Five: Full etcd Secrets Dump | RBT Security
Exploit etcd to exfiltrate cluster secrets. In Part Five we escalate from master access to dumping etcd and extracting tokens and credentials.
#hardware
@ZwLowLevel
https://www.stavros.io/posts/i-converted-a-rotary-phone-into-a-meeting-handset/
Please open Telegram to view this post
VIEW IN TELEGRAM
www.stavros.io
I converted a rotary phone into a meeting handset - Stavros' Stuff
Fun-reliable side-channels for cross-container communication
https://h4x0r.org/funreliable/
#linux_hacking #kernel #linux_kernel
@ZwLowLevel
https://h4x0r.org/funreliable/