Low Level CO 🇨🇴 pinned «Proxy: Next Generation Polymorphism in C++ #polymorphic #obfuscation @ZwLowLevel https://github.com/microsoft/proxy»
A novel technique to instantly retrieve Windows kernel base address with a single instruction
#windows_internals #windows_kernel #ntoskrln #ring0
#include <ntddk.h>
#include <intrin.h>
NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING pRegistryPath)
{
UNREFERENCED_PARAMETER(pRegistryPath);
// Get kernel base address
uintptr_t kernel_base = __readmsr(0xC0000082) & ~0xFFFFFF;
DbgPrint("[+] ntoskrnl.exe base: 0x%llx\n", kernel_base);
// Verify it's a valid PE
PIMAGE_DOS_HEADER dos = (PIMAGE_DOS_HEADER)kernel_base;
PIMAGE_NT_HEADERS nt = (PIMAGE_NT_HEADERS)(kernel_base + dos->e_lfanew);
DbgPrint("[+] Image size: 0x%x (%u MB)\n",
nt->OptionalHeader.SizeOfImage,
nt->OptionalHeader.SizeOfImage / (1024 * 1024));
pDriverObject->DriverUnload = DriverUnload;
return STATUS_SUCCESS;
}
void DriverUnload(PDRIVER_OBJECT pDriverObject)
{
UNREFERENCED_PARAMETER(pDriverObject);
DbgPrint("[-] Driver unloaded\n");
}
#windows_internals #windows_kernel #ntoskrln #ring0
@ZwLowLevel
UnKnoWnCheaTs
Fast ntoskrnl Base Address Resolution via 16MB LSTAR Masking
A novel O(1) technique to instantly retrieve Windows kernel base address with a single instruction。 Code: #include <ntddk.h> #include <
Multi-Brand themed Phishing Campaign Harvests Credentials via Telegram Bot API
#phishing_campaing #phishing
https://cyble.com/blog/multi-brand-phishing-campaign-harvests-credentials/
#phishing_campaing #phishing
@ZwLowLevel
https://cyble.com/blog/multi-brand-phishing-campaign-harvests-credentials/
Advanced Game Hacking Library (C/C++/Rust/Python)
#game_hacking #libmem #cheat_sheet
https://github.com/rdbo/libmem
#game_hacking #libmem #cheat_sheet
@ZwLowLevel
https://github.com/rdbo/libmem
GitHub
GitHub - rdbo/libmem: Advanced Game Hacking Library for C, Modern C++, Rust and Python (Windows/Linux/FreeBSD) (Process/Memory…
Advanced Game Hacking Library for C, Modern C++, Rust and Python (Windows/Linux/FreeBSD) (Process/Memory Hacking) (Hooking/Detouring) (Cross Platform) (x86/x64) (DLL/SO Injection) (Internal/Externa...
AMD64 Architecture Programmer’s Manual Volume 1:
Application Programming
#os_internals #amd64
https://docs.amd.com/v/u/en-US/24592_3.24
Application Programming
#os_internals #amd64
@ZwLowLevel
https://docs.amd.com/v/u/en-US/24592_3.24
Hypervisors for Memory Introspection and Reverse Engineering
#hypervisor #virtual_machine_introspection
#windows_internals
#uefi
https://secret.club/2025/06/02/hypervisors-for-memory-introspection-and-reverse-engineering.html
#hypervisor #virtual_machine_introspection
#windows_internals
#uefi
@ZwLowLevel
https://secret.club/2025/06/02/hypervisors-for-memory-introspection-and-reverse-engineering.html
SharpParty: Process Injection in C#
#process_injection #maldev #edr_bypass #edr_evasion
#process_injection #maldev #edr_bypass #edr_evasion
@ZwLowLevel
https://github.com/strozfriedberg/SharpParty
https://levelblue.com/blogs/security-essentials/sharpparty
GitHub
GitHub - strozfriedberg/SharpParty: C# implementation of the process injection techniques dubbed "PoolParty"
C# implementation of the process injection techniques dubbed "PoolParty" - strozfriedberg/SharpParty
Stack Obfuscator
High performance anti-analysis header for Windows (Kernel & User) and Linux systems
#ring_0 #windows_kerner
#stack_obfuscator #anti_debugging
#anti_analysis
https://github.com/Arty3/Stack-Obfuscator
High performance anti-analysis header for Windows (Kernel & User) and Linux systems
#ring_0 #windows_kerner
#stack_obfuscator #anti_debugging
#anti_analysis
@ZwLowLevel
https://github.com/Arty3/Stack-Obfuscator
GitHub
GitHub - Arty3/Stack-Obfuscator: High performance anti-analysis header for Windows (Kernel & User) and Linux systems
High performance anti-analysis header for Windows (Kernel & User) and Linux systems - Arty3/Stack-Obfuscator
#windows_internals #windows_kerner
#kernel_structure
@ZwLowLevel
https://github.com/I3r1h0n/eprocess_offsets
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - I3r1h0n/eprocess_offsets: Windows kernel _EPROCESS offsets list
Windows kernel _EPROCESS offsets list. Contribute to I3r1h0n/eprocess_offsets development by creating an account on GitHub.
#cloud_hacking #kurbenetes #cloud_security
@ZwLowLevel
https://www.rbtsec.com/blog/kubernetes-pentesting-part-five-full-etcd-secrets-dump/
Please open Telegram to view this post
VIEW IN TELEGRAM
RBT Security | Reinventing The Security
Kubernetes Pentesting – Part Five: Full etcd Secrets Dump | RBT Security
Exploit etcd to exfiltrate cluster secrets. In Part Five we escalate from master access to dumping etcd and extracting tokens and credentials.
#hardware
@ZwLowLevel
https://www.stavros.io/posts/i-converted-a-rotary-phone-into-a-meeting-handset/
Please open Telegram to view this post
VIEW IN TELEGRAM
www.stavros.io
I converted a rotary phone into a meeting handset - Stavros' Stuff
Fun-reliable side-channels for cross-container communication
https://h4x0r.org/funreliable/
#linux_hacking #kernel #linux_kernel
@ZwLowLevel
https://h4x0r.org/funreliable/
#edr_bypass #edr_evasion
#malware_development #maldev
@ZwLowLevel
https://github.com/m-shahzaib5911/Cerberus
Please open Telegram to view this post
VIEW IN TELEGRAM
CVE-2025-54110
Windows Kernel Integer Overflow Privilege Escalation
Windows Kernel Integer Overflow Privilege Escalation
#exploit #windows_kernel
@ZwLowLevel
#carding #black_box_attack #fraud #jackpotting
@ZwLowLevel
https://hackmag.com/security/carding
Please open Telegram to view this post
VIEW IN TELEGRAM
HalPrivateDispatchTableHook
Hook syscalls from ring0 without triggering PatchGuard
Hook syscalls from ring0 without triggering PatchGuard
#patchguard #api_hooking #hooking_dll #ring_0
#windows_kernel #syscall
@ZwLowLevel
https://github.com/asteria121/HalPrivateDispatchTableHook
GitHub
GitHub - asteria121/HalPrivateDispatchTableHook: Hook syscalls from ring0 without triggering PatchGuard
Hook syscalls from ring0 without triggering PatchGuard - asteria121/HalPrivateDispatchTableHook
Syscall proxing framework
Trace and control syscalls to accelerate exploit development, reverse engineering, and malware analysis. Intercept, log, and optionally modify system calls.
Trace and control syscalls to accelerate exploit development, reverse engineering, and malware analysis. Intercept, log, and optionally modify system calls.
#syscall #malware_analysis #reverse_engineering
@ZwLowLevel
https://github.com/t1b4n3/pwntrace
GitHub
GitHub - t1b4n3/pwntrace: Trace and control syscalls to accelerate exploit development, reverse engineering, and malware analysis.…
Trace and control syscalls to accelerate exploit development, reverse engineering, and malware analysis. Intercept, log, and optionally modify system calls so you can safely emulate environments, s...