Fun-reliable side-channels for cross-container communication
https://h4x0r.org/funreliable/
#linux_hacking #kernel #linux_kernel
@ZwLowLevel
https://h4x0r.org/funreliable/
#edr_bypass #edr_evasion
#malware_development #maldev
@ZwLowLevel
https://github.com/m-shahzaib5911/Cerberus
Please open Telegram to view this post
VIEW IN TELEGRAM
CVE-2025-54110
Windows Kernel Integer Overflow Privilege Escalation
Windows Kernel Integer Overflow Privilege Escalation
#exploit #windows_kernel
@ZwLowLevel
#carding #black_box_attack #fraud #jackpotting
@ZwLowLevel
https://hackmag.com/security/carding
Please open Telegram to view this post
VIEW IN TELEGRAM
HalPrivateDispatchTableHook
Hook syscalls from ring0 without triggering PatchGuard
Hook syscalls from ring0 without triggering PatchGuard
#patchguard #api_hooking #hooking_dll #ring_0
#windows_kernel #syscall
@ZwLowLevel
https://github.com/asteria121/HalPrivateDispatchTableHook
GitHub
GitHub - asteria121/HalPrivateDispatchTableHook: Hook syscalls from ring0 without triggering PatchGuard
Hook syscalls from ring0 without triggering PatchGuard - asteria121/HalPrivateDispatchTableHook
Syscall proxing framework
Trace and control syscalls to accelerate exploit development, reverse engineering, and malware analysis. Intercept, log, and optionally modify system calls.
Trace and control syscalls to accelerate exploit development, reverse engineering, and malware analysis. Intercept, log, and optionally modify system calls.
#syscall #malware_analysis #reverse_engineering
@ZwLowLevel
https://github.com/t1b4n3/pwntrace
GitHub
GitHub - t1b4n3/pwntrace: Trace and control syscalls to accelerate exploit development, reverse engineering, and malware analysis.…
Trace and control syscalls to accelerate exploit development, reverse engineering, and malware analysis. Intercept, log, and optionally modify system calls so you can safely emulate environments, s...
A lightweight, heuristic-based PE file analyzer for Windows
#pe #windows_internals #malware_analysis
@ZwLowLevel
https://github.com/haunted-zeroday/PE-XRay-EDR
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - haunted-zeroday/PE-XRay-EDR
Contribute to haunted-zeroday/PE-XRay-EDR development by creating an account on GitHub.
Writing a Bin2Bin Obfuscator from Scratch for Windows PE x64 and Fully Deobfuscating It
#obfuscate #pe #windows_internals
#maldev #malware_development
@ZwLowLevel
keowu.re
Keowu Blog's
Security Researcher | i like All OS Internals, Malware & Reverse Engineering, C++, Intel/ARM Assembly and cool things.
Windows Instrumentation Callbacks
#kernel_callbacks #windows_internals #windows_kernel
@ZwLowLevel
https://cirosec.de/en/news/windows-instrumentation-callbacks/
cirosec
Windows Instrumentation Callbacks - cirosec
November 5, 2025 - This multi-part blog series will be discussing an undocumented feature of Windows: instrumentation callbacks (ICs). Author: Lino Facco
#windbg #malware_analysis #process_hollowing
@ZwLowLevel
https://cloud.google.com/blog/topics/threat-intelligence/time-travel-debugging-using-net-process-hollowing
Please open Telegram to view this post
VIEW IN TELEGRAM
Google Cloud Blog
Time Travel Triage: An Introduction to Time Travel Debugging using a .NET Process Hollowing Case Study | Google Cloud Blog
The basics of WinDbg and Time Travel Debugging necessary to start incorporating it into your analysis.
GuLoader: Evolving Tactics in Latest Campaign Targeting European Industry
#guloader #malware_analysis #malware_campaing
@ZwLowLevel
Darktrace
Guloader: Evolving Tactics in Latest Campaign Targeting European Industry
Cado Security Labs (now part of Darktrace) identified a GuLoader campaign targeting European industrial companies via spearphishing emails.
Forwarded from 1N73LL1G3NC3
This media is not supported in your browser
VIEW IN TELEGRAM
Fortinet 0day
An auth bypass + path traversal in Fortinet FortiWeb to create new administrative users on exposed devices without requiring authentication.
Blog: https://www.rapid7.com/blog/post/etr-critical-vulnerability-in-fortinet-fortiweb-exploited-in-the-wild/
Tweet: https://x.com/defusedcyber/status/1975242250373517373?s=46
Dork:
ZoomEye Dork: app="FortiWeb"
HUNTER: product.name="FortiWeb"
Shodan: http.noscript:FortiWeb
Affected versions: below 8.0.2
An auth bypass + path traversal in Fortinet FortiWeb to create new administrative users on exposed devices without requiring authentication.
Blog: https://www.rapid7.com/blog/post/etr-critical-vulnerability-in-fortinet-fortiweb-exploited-in-the-wild/
Tweet: https://x.com/defusedcyber/status/1975242250373517373?s=46
Dork:
ZoomEye Dork: app="FortiWeb"
HUNTER: product.name="FortiWeb"
Shodan: http.noscript:FortiWeb
Affected versions: below 8.0.2
🔥1
#malware_development #maldev #hooking
@ZwLowLevel
https://github.com/kas-sec/version.dll-sideloading.git
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - kas-sec/version.dll-sideloading: sideloading PoC using onedrive.exe & version.dll
sideloading PoC using onedrive.exe & version.dll. Contribute to kas-sec/version.dll-sideloading development by creating an account on GitHub.
Forwarded from Golden Byte
#kernel_exploit #ps5 #binary_exploitation
@ZwLowLevel
https://github.com/MeisterLone/no_ctrl
Please open Telegram to view this post
VIEW IN TELEGRAM
#rootkit #linux_kernel #evasive_malware
@ZwLowLevel
https://www.synacktiv.com/en/publications/linkpro-ebpf-rootkit-analysis
Please open Telegram to view this post
VIEW IN TELEGRAM
Synacktiv
LinkPro: eBPF rootkit analysis
#apple_exploit #macos #malware
@ZwLowLevel
https://pberba.github.io/security/2025/11/11/macos-infection-vector-applenoscript-bypass-gatekeeper/
Please open Telegram to view this post
VIEW IN TELEGRAM
pepe berba
MacOS Infection Vector: Using AppleScripts to bypass Gatekeeper
A look at how threat actors are abusing AppleScript .scpt files to deliver macOS malware, from fake documents to browser update lures, and how these noscripts ...
#hardware_hacking #iot
@ZwLowLevel
https://hackmag.com/security/gadgets-howto-3
Please open Telegram to view this post
VIEW IN TELEGRAM
HackMag
Home IoT Device Teardown and Analysis: A Complete Guide to Hardware Hacking
Tech magazine for cybersecurity specialists