#windows_internals #windows_kernel
#callbacks
@ZwLowLevel
https://github.com/colby57/windows_instrumentation_callback
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - colby57/windows_instrumentation_callback: PoC demonstrating the usage of undocumented Process Instrumentation Callback…
PoC demonstrating the usage of undocumented Process Instrumentation Callback for intercepting kernel-to-user transitions (Syscalls, APCs, Exceptions). - colby57/windows_instrumentation_callback
#malware_development #maldev
#windows_internals
https://threathunters.blog/malware-development-create-a-registry-key/
@ZwLowLevel
Please open Telegram to view this post
VIEW IN TELEGRAM
Fuzzing Made Easy #1: A beginner’s guide to writing a fuzzing harness
Fuzzing Made Easy #2: Unlocking the Secrets of Effective Fuzzing Harnesses
Fuzzing Made Easy #2: Unlocking the Secrets of Effective Fuzzing Harnesses
#fuzzing #exploit_development
#exploitation
@ZwLowLevel
SRLabs
Fuzzing Made Easy #1: A beginner’s guide to writing a fuzzing harness - SRLabs Research
In this article, we focus on customizing a fuzzing harness, the key to effective fuzz testing.
Please open Telegram to view this post
VIEW IN TELEGRAM
Securelist
New Tomiris tools and techniques: multiple reverse shells, Havoc, AdaptixC2
Kaspersky discloses new tools and techniques discovered in 2025 Tomiris activities: multi-language reverse shells, Havoc and AdaptixC2 open-source frameworks, communications via Discord and Telegram.
#ebpf #linux_kernel #ring0
@ZwLowLevel
https://hackmag.com/coding/ebpf-tetragon
Please open Telegram to view this post
VIEW IN TELEGRAM
HackMag
Mature audit. Tetragon demonstrates the tremendous power of eBPF
Tech magazine for cybersecurity specialists
StyxLoaderX-EDR-Evasion is a modular framework designed for advanced evasion techniques against Endpoint Detection and Response systems on Windows x64.
#process_injection #malware_development
#maldev
@ZwLowLevel
https://github.com/spontopt/StyxLoaderX-EDR-Evasion
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - spontopt/StyxLoaderX-EDR-Evasion: 🛡️ Implement advanced EDR evasion techniques for Windows x64 systems with StyxLoaderX…
🛡️ Implement advanced EDR evasion techniques for Windows x64 systems with StyxLoaderX, featuring dynamic syscall mapping and AES-256 encryption. - spontopt/StyxLoaderX-EDR-Evasion
#windows_internals #kernel_callbacks
#windows_kernel #reverse_engineering
@ZwLowLevel
https://revers.engineering/beyond-process-and-object-callbacks-an-unconventional-method/
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
HackMag
Evil Routing: Pulling Off a Sophisticated Wi‑Fi Man‑in‑the‑Middle (MITM) Attack
Tech magazine for cybersecurity specialists
Please open Telegram to view this post
VIEW IN TELEGRAM
colinfinck.de
nt-load-order Part 1: WinDbg'ing our way into the Windows bootloader - ColinFinck.de
There are close to zero reasons to reverse-engineer the Windows driver load order. Which is exactly why I’m doing it. And if you are as crazy as me and want to write a Windows bootloader in Rust, you inevitably need to deal with this topic. Likewise, if you…
Forwarded from S.E.Reborn
• Lateral movement in red teaming is all about moving between targets in the environment to reach the objective.
- Password;
- WinRM;
- RDP;
- MSSQL;
- SMB;
- Interactive-shell;
- NTHash;
- Pass-the-Hash;
- Overpass-the-Hash;
- Pass-the-Key;
- MSSQL;
- Execute OS Commands;
- Trusted Link Abuse in MS SQL;
- SCCM (MECM);
- Credential Harvest;
- Network Access Account;
- Client Push Credentials;
- Application & Script Deployment;
- Security Research.
#AD #Пентест
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - JungliBro/obfuscator: The strongest header-only C++ string obfuscator • 100% compile-time encryption • Keys change every…
The strongest header-only C++ string obfuscator • 100% compile-time encryption • Keys change every single build (even 1s apart) • Thread-safe • Auto re-encryption • Zero runtime overhead - JungliBr...
AMDStackGuard
This repository implements a proof-of-concept (PoC) Windows kernel driver designed to validate the integrity of user-mode call stacks from ring 0 on AMD64 processors.
This repository implements a proof-of-concept (PoC) Windows kernel driver designed to validate the integrity of user-mode call stacks from ring 0 on AMD64 processors.
#windows_internals #call_stack
#windows_kernel
@ZwLowLevel
https://github.com/notsnakesilent/AMDStackGuard
GitHub
GitHub - notsnakesilent/AMDStackGuard: Windows Driver designed to validate the integrity of User-Mode call stacks from Ring 0 (AMD…
Windows Driver designed to validate the integrity of User-Mode call stacks from Ring 0 (AMD IBS / Instruction Based Sampling) - notsnakesilent/AMDStackGuard
🔥1
Landlock is a Linux Security Module (LSM) available since Linux 5.13. Unlike MAC frameworks such as SELinux or AppArmor, Landlock applies transient restrictions: policies are created at runtime, enforced on the current thread and its future descendants, and disappear when the process exits.
#linux_kernel #linux_internals
@ZwLowLevel
https://blog.prizrak.me/post/landlock/
Please open Telegram to view this post
VIEW IN TELEGRAM
Un tema poco relevante para la filosofía del canal, pero está vez es una excepción:
https://bfswa.substack.com/p/opsec-guide-bts
OPSEC guide BTS
https://bfswa.substack.com/p/opsec-guide-bts
Substack
OPSEC guide BTS
From Frankfurt to WIRED
#malware_development #maldev
#anti_debugging #anti_analisys
@ZwLowLevel
https://0xpat.github.io/Malware_development_part_2/
Please open Telegram to view this post
VIEW IN TELEGRAM
0xpat.github.io
Malware development part 2 - anti dynamic analysis & sandboxes
Introduction
This is the second post of a series which regards development of malicious software. In this series we will explore and try to implement multiple techniques used by malicious applications to execute code, hide from defenses and persist.
Previously…
This is the second post of a series which regards development of malicious software. In this series we will explore and try to implement multiple techniques used by malicious applications to execute code, hide from defenses and persist.
Previously…
🔥3