EDR bypasses techniques written in Rust for Windows 10
#rust #malware_development #maldev
https://github.com/Arasimnida/EDR-bypass-rs
#rust #malware_development #maldev
@ZwLowLevel
https://github.com/Arasimnida/EDR-bypass-rs
GitHub
GitHub - Arasimnida/EDR-bypass-rs: EDR bypasses techniques written in Rust for Windows 10
EDR bypasses techniques written in Rust for Windows 10 - Arasimnida/EDR-bypass-rs
Moufilrr
Moufiltr is a Windows kernel filter driver which will attach to your mouse driver stack pipeline and allows you to filter or modify your mouse input.
#minifilter_driver #minidriver #windows_kernel
Moufiltr is a Windows kernel filter driver which will attach to your mouse driver stack pipeline and allows you to filter or modify your mouse input.
#minifilter_driver #minidriver #windows_kernel
@ZwLowLevel
GitHub
GitHub - Devilasa/Moufiltr: Moufiltr is a Windows kernel filter driver which will attach to your mouse driver stack pipeline and…
Moufiltr is a Windows kernel filter driver which will attach to your mouse driver stack pipeline and allows you to filter or modify your mouse input. - Devilasa/Moufiltr
Proxy: Next Generation Polymorphism in C++
#polymorphic #obfuscation
https://github.com/microsoft/proxy
#polymorphic #obfuscation
@ZwLowLevel
https://github.com/microsoft/proxy
GitHub
GitHub - microsoft/proxy: Proxy: Next Generation Polymorphism in C++
Proxy: Next Generation Polymorphism in C++. Contribute to microsoft/proxy development by creating an account on GitHub.
Low Level CO 🇨🇴 pinned «Proxy: Next Generation Polymorphism in C++ #polymorphic #obfuscation @ZwLowLevel https://github.com/microsoft/proxy»
A novel technique to instantly retrieve Windows kernel base address with a single instruction
#windows_internals #windows_kernel #ntoskrln #ring0
#include <ntddk.h>
#include <intrin.h>
NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING pRegistryPath)
{
UNREFERENCED_PARAMETER(pRegistryPath);
// Get kernel base address
uintptr_t kernel_base = __readmsr(0xC0000082) & ~0xFFFFFF;
DbgPrint("[+] ntoskrnl.exe base: 0x%llx\n", kernel_base);
// Verify it's a valid PE
PIMAGE_DOS_HEADER dos = (PIMAGE_DOS_HEADER)kernel_base;
PIMAGE_NT_HEADERS nt = (PIMAGE_NT_HEADERS)(kernel_base + dos->e_lfanew);
DbgPrint("[+] Image size: 0x%x (%u MB)\n",
nt->OptionalHeader.SizeOfImage,
nt->OptionalHeader.SizeOfImage / (1024 * 1024));
pDriverObject->DriverUnload = DriverUnload;
return STATUS_SUCCESS;
}
void DriverUnload(PDRIVER_OBJECT pDriverObject)
{
UNREFERENCED_PARAMETER(pDriverObject);
DbgPrint("[-] Driver unloaded\n");
}
#windows_internals #windows_kernel #ntoskrln #ring0
@ZwLowLevel
UnKnoWnCheaTs
Fast ntoskrnl Base Address Resolution via 16MB LSTAR Masking
A novel O(1) technique to instantly retrieve Windows kernel base address with a single instruction。 Code: #include <ntddk.h> #include <
Multi-Brand themed Phishing Campaign Harvests Credentials via Telegram Bot API
#phishing_campaing #phishing
https://cyble.com/blog/multi-brand-phishing-campaign-harvests-credentials/
#phishing_campaing #phishing
@ZwLowLevel
https://cyble.com/blog/multi-brand-phishing-campaign-harvests-credentials/
Advanced Game Hacking Library (C/C++/Rust/Python)
#game_hacking #libmem #cheat_sheet
https://github.com/rdbo/libmem
#game_hacking #libmem #cheat_sheet
@ZwLowLevel
https://github.com/rdbo/libmem
GitHub
GitHub - rdbo/libmem: Advanced Game Hacking Library for C, Modern C++, Rust and Python (Windows/Linux/FreeBSD) (Process/Memory…
Advanced Game Hacking Library for C, Modern C++, Rust and Python (Windows/Linux/FreeBSD) (Process/Memory Hacking) (Hooking/Detouring) (Cross Platform) (x86/x64) (DLL/SO Injection) (Internal/Externa...
AMD64 Architecture Programmer’s Manual Volume 1:
Application Programming
#os_internals #amd64
https://docs.amd.com/v/u/en-US/24592_3.24
Application Programming
#os_internals #amd64
@ZwLowLevel
https://docs.amd.com/v/u/en-US/24592_3.24
Hypervisors for Memory Introspection and Reverse Engineering
#hypervisor #virtual_machine_introspection
#windows_internals
#uefi
https://secret.club/2025/06/02/hypervisors-for-memory-introspection-and-reverse-engineering.html
#hypervisor #virtual_machine_introspection
#windows_internals
#uefi
@ZwLowLevel
https://secret.club/2025/06/02/hypervisors-for-memory-introspection-and-reverse-engineering.html
SharpParty: Process Injection in C#
#process_injection #maldev #edr_bypass #edr_evasion
#process_injection #maldev #edr_bypass #edr_evasion
@ZwLowLevel
https://github.com/strozfriedberg/SharpParty
https://levelblue.com/blogs/security-essentials/sharpparty
GitHub
GitHub - strozfriedberg/SharpParty: C# implementation of the process injection techniques dubbed "PoolParty"
C# implementation of the process injection techniques dubbed "PoolParty" - strozfriedberg/SharpParty
Stack Obfuscator
High performance anti-analysis header for Windows (Kernel & User) and Linux systems
#ring_0 #windows_kerner
#stack_obfuscator #anti_debugging
#anti_analysis
https://github.com/Arty3/Stack-Obfuscator
High performance anti-analysis header for Windows (Kernel & User) and Linux systems
#ring_0 #windows_kerner
#stack_obfuscator #anti_debugging
#anti_analysis
@ZwLowLevel
https://github.com/Arty3/Stack-Obfuscator
GitHub
GitHub - Arty3/Stack-Obfuscator: High performance anti-analysis header for Windows (Kernel & User) and Linux systems
High performance anti-analysis header for Windows (Kernel & User) and Linux systems - Arty3/Stack-Obfuscator
#windows_internals #windows_kerner
#kernel_structure
@ZwLowLevel
https://github.com/I3r1h0n/eprocess_offsets
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - I3r1h0n/eprocess_offsets: Windows kernel _EPROCESS offsets list
Windows kernel _EPROCESS offsets list. Contribute to I3r1h0n/eprocess_offsets development by creating an account on GitHub.
#cloud_hacking #kurbenetes #cloud_security
@ZwLowLevel
https://www.rbtsec.com/blog/kubernetes-pentesting-part-five-full-etcd-secrets-dump/
Please open Telegram to view this post
VIEW IN TELEGRAM
RBT Security | Reinventing The Security
Kubernetes Pentesting – Part Five: Full etcd Secrets Dump | RBT Security
Exploit etcd to exfiltrate cluster secrets. In Part Five we escalate from master access to dumping etcd and extracting tokens and credentials.
#hardware
@ZwLowLevel
https://www.stavros.io/posts/i-converted-a-rotary-phone-into-a-meeting-handset/
Please open Telegram to view this post
VIEW IN TELEGRAM
www.stavros.io
I converted a rotary phone into a meeting handset - Stavros' Stuff
Fun-reliable side-channels for cross-container communication
https://h4x0r.org/funreliable/
#linux_hacking #kernel #linux_kernel
@ZwLowLevel
https://h4x0r.org/funreliable/
#edr_bypass #edr_evasion
#malware_development #maldev
@ZwLowLevel
https://github.com/m-shahzaib5911/Cerberus
Please open Telegram to view this post
VIEW IN TELEGRAM