Please open Telegram to view this post
VIEW IN TELEGRAM
Securelist
New Tomiris tools and techniques: multiple reverse shells, Havoc, AdaptixC2
Kaspersky discloses new tools and techniques discovered in 2025 Tomiris activities: multi-language reverse shells, Havoc and AdaptixC2 open-source frameworks, communications via Discord and Telegram.
#ebpf #linux_kernel #ring0
@ZwLowLevel
https://hackmag.com/coding/ebpf-tetragon
Please open Telegram to view this post
VIEW IN TELEGRAM
HackMag
Mature audit. Tetragon demonstrates the tremendous power of eBPF
Tech magazine for cybersecurity specialists
StyxLoaderX-EDR-Evasion is a modular framework designed for advanced evasion techniques against Endpoint Detection and Response systems on Windows x64.
#process_injection #malware_development
#maldev
@ZwLowLevel
https://github.com/spontopt/StyxLoaderX-EDR-Evasion
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - spontopt/StyxLoaderX-EDR-Evasion: 🛡️ Implement advanced EDR evasion techniques for Windows x64 systems with StyxLoaderX…
🛡️ Implement advanced EDR evasion techniques for Windows x64 systems with StyxLoaderX, featuring dynamic syscall mapping and AES-256 encryption. - spontopt/StyxLoaderX-EDR-Evasion
#windows_internals #kernel_callbacks
#windows_kernel #reverse_engineering
@ZwLowLevel
https://revers.engineering/beyond-process-and-object-callbacks-an-unconventional-method/
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
HackMag
Evil Routing: Pulling Off a Sophisticated Wi‑Fi Man‑in‑the‑Middle (MITM) Attack
Tech magazine for cybersecurity specialists
Please open Telegram to view this post
VIEW IN TELEGRAM
colinfinck.de
nt-load-order Part 1: WinDbg'ing our way into the Windows bootloader - ColinFinck.de
There are close to zero reasons to reverse-engineer the Windows driver load order. Which is exactly why I’m doing it. And if you are as crazy as me and want to write a Windows bootloader in Rust, you inevitably need to deal with this topic. Likewise, if you…
Forwarded from S.E.Reborn
• Lateral movement in red teaming is all about moving between targets in the environment to reach the objective.
- Password;
- WinRM;
- RDP;
- MSSQL;
- SMB;
- Interactive-shell;
- NTHash;
- Pass-the-Hash;
- Overpass-the-Hash;
- Pass-the-Key;
- MSSQL;
- Execute OS Commands;
- Trusted Link Abuse in MS SQL;
- SCCM (MECM);
- Credential Harvest;
- Network Access Account;
- Client Push Credentials;
- Application & Script Deployment;
- Security Research.
#AD #Пентест
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - JungliBro/obfuscator: The strongest header-only C++ string obfuscator • 100% compile-time encryption • Keys change every…
The strongest header-only C++ string obfuscator • 100% compile-time encryption • Keys change every single build (even 1s apart) • Thread-safe • Auto re-encryption • Zero runtime overhead - JungliBr...
AMDStackGuard
This repository implements a proof-of-concept (PoC) Windows kernel driver designed to validate the integrity of user-mode call stacks from ring 0 on AMD64 processors.
This repository implements a proof-of-concept (PoC) Windows kernel driver designed to validate the integrity of user-mode call stacks from ring 0 on AMD64 processors.
#windows_internals #call_stack
#windows_kernel
@ZwLowLevel
https://github.com/notsnakesilent/AMDStackGuard
GitHub
GitHub - notsnakesilent/AMDStackGuard: Windows Driver designed to validate the integrity of User-Mode call stacks from Ring 0 (AMD…
Windows Driver designed to validate the integrity of User-Mode call stacks from Ring 0 (AMD IBS / Instruction Based Sampling) - notsnakesilent/AMDStackGuard
🔥1
Landlock is a Linux Security Module (LSM) available since Linux 5.13. Unlike MAC frameworks such as SELinux or AppArmor, Landlock applies transient restrictions: policies are created at runtime, enforced on the current thread and its future descendants, and disappear when the process exits.
#linux_kernel #linux_internals
@ZwLowLevel
https://blog.prizrak.me/post/landlock/
Please open Telegram to view this post
VIEW IN TELEGRAM
Un tema poco relevante para la filosofía del canal, pero está vez es una excepción:
https://bfswa.substack.com/p/opsec-guide-bts
OPSEC guide BTS
https://bfswa.substack.com/p/opsec-guide-bts
Substack
OPSEC guide BTS
From Frankfurt to WIRED
#malware_development #maldev
#anti_debugging #anti_analisys
@ZwLowLevel
https://0xpat.github.io/Malware_development_part_2/
Please open Telegram to view this post
VIEW IN TELEGRAM
0xpat.github.io
Malware development part 2 - anti dynamic analysis & sandboxes
Introduction
This is the second post of a series which regards development of malicious software. In this series we will explore and try to implement multiple techniques used by malicious applications to execute code, hide from defenses and persist.
Previously…
This is the second post of a series which regards development of malicious software. In this series we will explore and try to implement multiple techniques used by malicious applications to execute code, hide from defenses and persist.
Previously…
🔥3
Bind Link – EDR Tampering
#edr_bypass #edr_evasion
@ZwLowLevel
https://ipurple.team/2025/12/01/bind-link-edr-tampering/
Purple Team
Bind Link – EDR Tampering
The Bind Link API enables Administrators to create transparent mappings from a virtual path to a backing path (local or remote). The Bind Link feature was introduced in Windows 11 and according to …
🗿1
#linux_kernel #ring_0
#linux_exploitation
#exploitation
@ZwLowLevel
https://faith2dxy.xyz/2025-11-28/extending_race_window_fallocate/
Please open Telegram to view this post
VIEW IN TELEGRAM
faith2dxy.xyz
Extending Kernel Race Windows Using '/dev/shm'
Showcasing an alternative technique to userfaultfd for extending race windows in the Linux kernel.
Please open Telegram to view this post
VIEW IN TELEGRAM
Withsecure
TangleCrypt: a sophisticated but buggy malware packer
WithSecure's STINGR Group is releasing a detailed technical analysis of TangleCrypt, a previously undocumented packer for Windows malware. The packer was found on two executables of the STONESTOP EDR killer used in a recent ransomware attack. The blogpost…