#windows_internals #windows_telemetry
#os_internals #etw
@ZwLowLevel
https://blog.trailofbits.com/2023/11/22/etw-internals-for-security-research-and-forensics
Please open Telegram to view this post
VIEW IN TELEGRAM
The Trail of Bits Blog
ETW internals for security research and forensics
Why has Event Tracing for Windows (ETW) become so pivotal for endpoint detection and response (EDR) solutions in Windows 10 and 11? The answer lies in the value of the intelligence it provides to security tools through secure ETW channels, which are now also…
BOF to run PE in Cobalt Strike Beacon without console creation
#cobalt_strike #pe
#c2 #offensive_tool
@ZwLowLevel
https://github.com/NtDallas/BOF_RunPe
Please open Telegram to view this post
VIEW IN TELEGRAM
Unusual circuits in the Intel 386's standard cell logic
#hardware_hacking #hardware_analysis
#intel_386 #low_level
@ZwLowLevel
https://www.righto.com/2025/11/unusual-386-standard-cell-circuits.html
Righto
Unusual circuits in the Intel 386's standard cell logic
I've been studying the standard cell circuitry in the Intel 386 processor recently. The 386, introduced in 1985, was Intel's most complex pr...
Forwarded from Golden Byte
#windows_internals #vtl2
#windows_kernel #reversing
@ZwLowLevel
https://howknows.github.io/roooot.github.io/VTL2/Windows_VTL2_Technical_Exploration.html
Please open Telegram to view this post
VIEW IN TELEGRAM
Low Level CO 🇨🇴 pinned «👌 ETW internals for security research and forensics #windows_internals #windows_telemetry #os_internals #etw @ZwLowLevel https://blog.trailofbits.com/2023/11/22/etw-internals-for-security-research-and-forensics»
Please open Telegram to view this post
VIEW IN TELEGRAM
/dev/stack
A Reverse Engineer’s Anatomy of the macOS Boot Chain & Security Architecture
1.0 The Silicon Root of Trust: Pre-Boot & Hardware Primitives
The security of the macOS platform on Apple Silicon is not defined by the kernel; it is defined by the physics of the die. Before the first instruction of kernelcache is fetched, a complex, cryptographic…
The security of the macOS platform on Apple Silicon is not defined by the kernel; it is defined by the physics of the die. Before the first instruction of kernelcache is fetched, a complex, cryptographic…
Please open Telegram to view this post
VIEW IN TELEGRAM
Medium
Passcode Writeup (Pwnable.kr)
About Pwnable.kr
Forwarded from Android Security & Malware
GhostAd: Hidden Google Play Adware Drains Devices and Disrupts Millions of Users
https://blog.checkpoint.com/research/ghostad-hidden-google-play-adware-drains-devices-and-disrupts-millions-of-users/
https://blog.checkpoint.com/research/ghostad-hidden-google-play-adware-drains-devices-and-disrupts-millions-of-users/
ClickFix Gets Creative: Malware Buried in Images
#malware_analysis #malware_campaing
#malware
@ZwLowLevel
https://www.huntress.com/blog/clickfix-malware-buried-in-images
Huntress
ClickFix Gets Creative: Malware Buried in Images | Huntress
Huntress uncovered an attack utilizing a ClickFix lure to initiate a multi-stage malware execution chain. This analysis reveals how threat actors use steganography to conceal infostealers like LummaC2 and Rhadamanthys within seemingly harmless PNGs.
Forwarded from Sec Note
#llm #ai
@ZwLowLevel
https://unit42.paloaltonetworks.com/dilemma-of-ai-malicious-llms/
Please open Telegram to view this post
VIEW IN TELEGRAM
Unit 42
The Dual-Use Dilemma of AI: Malicious LLMs
The line between research tool and threat creation engine is thin. We examine the capabilities of WormGPT 4 and KawaiiGPT, two malicious LLMs.
Forwarded from Fuzzing ZONE (0x0F1)
Analysis of Encryption Structure of Yurei Ransomware Go-based Builder
https://asec.ahnlab.com/en/90975/
@FUZZ0x
https://asec.ahnlab.com/en/90975/
@FUZZ0x
ASEC
Analysis of Encryption Structure of Yurei Ransomware Go-based Builder - ASEC
Analysis of Encryption Structure of Yurei Ransomware Go-based Builder ASEC
Low Level CO 🇨🇴 pinned «🤨 Windows VTL2 Technical Exploration #windows_internals #vtl2 #windows_kernel #reversing @ZwLowLevel https://howknows.github.io/roooot.github.io/VTL2/Windows_VTL2_Technical_Exploration.html»
Low Level CO 🇨🇴
Let's Create Some Polymorphic PIC Shellcode #malware #maldev #PIC #shellcode #polymorphic @ZwLowLevel https://g3tsyst3m.com/shellcode/pic/Let's-Create-Some-Polymorphic-PIC-Shellcode!/
Please open Telegram to view this post
VIEW IN TELEGRAM
G3tSyst3m's Infosec Blog
PIC Shellcode from the Ground up - Part 2
Let’s PIC back up where we left off shall we? 😸 I gave you the framework for developing PIC friendly shellcode back in Part 1. We went from the original code written in a high level language (C++), down to a pseudo low level representation of that C++ code.…