FunkSec – Alleged Top Ransomware Group Powered by AI
#ransomware #ai #funksec
#ransomware #ai #funksec
@ZwLowLevel
https://research.checkpoint.com/2025/funksec-alleged-top-ransomware-group-powered-by-ai/
Forwarded from ARVIN
Nation-State Actor’s Arsenal: An In-Depth Look at Lazarus’ ScoringMathTea
https://0x0d4y.blog/arsenal-analysis-of-a-nation-state-actor-an-in-depth-look-at-lazarus-scoringmathtea
https://0x0d4y.blog/arsenal-analysis-of-a-nation-state-actor-an-in-depth-look-at-lazarus-scoringmathtea
https://github.com/abrewer251/CVE-2025-62215_Windows_Kernel_PE
CVE-2025-62215 Exploit PoC
CVE-2025-62215 Exploit PoC
@ZwLowLevel
cl.exe poc.cpp /Od /ZI /RTC1 /MDd /link /OUT:unicorn.exe
[*] Starting CVE-2025-62215 exploitation...
[*] Performing heap spray...
[+] Allocated 100 heap chunks
[*] Spawning 8 threads to trigger race condition...
[*] Waiting for race condition...
[+] SUCCESS: Privilege escalation detected!
[+] EXPLOITATION SUCCESSFUL!
[+] Privileges escalated to SYSTEM
GitHub
GitHub - abrewer251/CVE-2025-62215_Windows_Kernel_PE: This PoC demonstrates a race condition in the Windows kernel leading to a…
This PoC demonstrates a race condition in the Windows kernel leading to a double-free vulnerability, allowing local privilege escalation to SYSTEM. The exploit uses multithreaded handle manipulatio...
Un artículo de hace aproximadamente dos años, pero que aún sigue siendo atractivo!
#irp #windows_kernel
#windows_internals #ring0
@ZwLowLevel
https://idov31.github.io/posts/lord-of-the-ring0-p5
Please open Telegram to view this post
VIEW IN TELEGRAM
Ryūjin Protector is an open-source Bin2Bin obfuscation, protection, and DRM tool for Windows PE binaries targeting the Intel x64 architecture (x86_64 only).
#obfuscation #pe #anti_debugging
#anti_analysis
@ZwLowLevel
GitHub
GitHub - keowu/Ryujin: Ryūjin Protector - Is a Intel Arch - BIN2BIN - PE Obfuscation/Protection/DRM tool
Ryūjin Protector - Is a Intel Arch - BIN2BIN - PE Obfuscation/Protection/DRM tool - keowu/Ryujin
Forwarded from Sec Note
Please open Telegram to view this post
VIEW IN TELEGRAM
Ibm
You just got vectored - Using vectored exception handlers (VEH) for defense evasion and process injection | IBM
Vectored Exception Handlers (VEH) have been used in malware for over a decade, but now they're gaining attention from the offensive security industry. Let's take a closer look.
SpiderLabs IDs New Banking Trojan Distributed Through WhatsApp
#malware_spreading #malware_analysis
#malware_campaing
@ZwLowLevel
Trustwave
SpiderLabs IDs New Banking Trojan Distributed Through WhatsApp
SpiderLabs has recently identified a banking Trojan we dubbed Eternidade Stealer, which is distributed through WhatsApp hijacking and social engineering lures.
Windows User Space Emulator
#syscall #emulator #user_mode
#sandbox
@ZwLowLevel
https://github.com/momo5502/sogen
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - momo5502/sogen: 🪅 Windows User Space Emulator
🪅 Windows User Space Emulator . Contribute to momo5502/sogen development by creating an account on GitHub.
Ghost is a process injection detection tool written in Rust.
#malware_analysis #process_injection
@ZwLowLevel
Please open Telegram to view this post
VIEW IN TELEGRAM
Medium
BOF Writeup (Pwnable.kr)
About Pwnable.kr
Threat Intelligence Report: APT35 Internal Leak of Hacking Campaigns Against Lebanon, Kuwait, Turkey, Saudi Arabia, Korea, and Domestic Iranian Targets
#apt #cyber_threat_intelligence
#malware_campaing
@ZwLowLevel
DomainTools Investigations | DTI
Threat Intelligence Report: APT35 Internal Leak of Hacking Campaigns Against Lebanon, Kuwait, Turkey, Saudi Arabia, Korea, and…
Unmasking APT35 (Charming Kitten). New report analyzes leaked internal documents, revealing their operational profile, Exchange attack chains (ProxyShell, EWS), and quota-driven compromise strategies.