Please open Telegram to view this post
VIEW IN TELEGRAM
HackMag
Evil Routing: Pulling Off a Sophisticated Wi‑Fi Man‑in‑the‑Middle (MITM) Attack
Tech magazine for cybersecurity specialists
Please open Telegram to view this post
VIEW IN TELEGRAM
colinfinck.de
nt-load-order Part 1: WinDbg'ing our way into the Windows bootloader - ColinFinck.de
There are close to zero reasons to reverse-engineer the Windows driver load order. Which is exactly why I’m doing it. And if you are as crazy as me and want to write a Windows bootloader in Rust, you inevitably need to deal with this topic. Likewise, if you…
Forwarded from S.E.Reborn
• Lateral movement in red teaming is all about moving between targets in the environment to reach the objective.
- Password;
- WinRM;
- RDP;
- MSSQL;
- SMB;
- Interactive-shell;
- NTHash;
- Pass-the-Hash;
- Overpass-the-Hash;
- Pass-the-Key;
- MSSQL;
- Execute OS Commands;
- Trusted Link Abuse in MS SQL;
- SCCM (MECM);
- Credential Harvest;
- Network Access Account;
- Client Push Credentials;
- Application & Script Deployment;
- Security Research.
#AD #Пентест
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - JungliBro/obfuscator: The strongest header-only C++ string obfuscator • 100% compile-time encryption • Keys change every…
The strongest header-only C++ string obfuscator • 100% compile-time encryption • Keys change every single build (even 1s apart) • Thread-safe • Auto re-encryption • Zero runtime overhead - JungliBr...
AMDStackGuard
This repository implements a proof-of-concept (PoC) Windows kernel driver designed to validate the integrity of user-mode call stacks from ring 0 on AMD64 processors.
This repository implements a proof-of-concept (PoC) Windows kernel driver designed to validate the integrity of user-mode call stacks from ring 0 on AMD64 processors.
#windows_internals #call_stack
#windows_kernel
@ZwLowLevel
https://github.com/notsnakesilent/AMDStackGuard
GitHub
GitHub - notsnakesilent/AMDStackGuard: Windows Driver designed to validate the integrity of User-Mode call stacks from Ring 0 (AMD…
Windows Driver designed to validate the integrity of User-Mode call stacks from Ring 0 (AMD IBS / Instruction Based Sampling) - notsnakesilent/AMDStackGuard
🔥1
Landlock is a Linux Security Module (LSM) available since Linux 5.13. Unlike MAC frameworks such as SELinux or AppArmor, Landlock applies transient restrictions: policies are created at runtime, enforced on the current thread and its future descendants, and disappear when the process exits.
#linux_kernel #linux_internals
@ZwLowLevel
https://blog.prizrak.me/post/landlock/
Please open Telegram to view this post
VIEW IN TELEGRAM
Un tema poco relevante para la filosofía del canal, pero está vez es una excepción:
https://bfswa.substack.com/p/opsec-guide-bts
OPSEC guide BTS
https://bfswa.substack.com/p/opsec-guide-bts
Substack
OPSEC guide BTS
From Frankfurt to WIRED
#malware_development #maldev
#anti_debugging #anti_analisys
@ZwLowLevel
https://0xpat.github.io/Malware_development_part_2/
Please open Telegram to view this post
VIEW IN TELEGRAM
0xpat.github.io
Malware development part 2 - anti dynamic analysis & sandboxes
Introduction
This is the second post of a series which regards development of malicious software. In this series we will explore and try to implement multiple techniques used by malicious applications to execute code, hide from defenses and persist.
Previously…
This is the second post of a series which regards development of malicious software. In this series we will explore and try to implement multiple techniques used by malicious applications to execute code, hide from defenses and persist.
Previously…
🔥3
Bind Link – EDR Tampering
#edr_bypass #edr_evasion
@ZwLowLevel
https://ipurple.team/2025/12/01/bind-link-edr-tampering/
Purple Team
Bind Link – EDR Tampering
The Bind Link API enables Administrators to create transparent mappings from a virtual path to a backing path (local or remote). The Bind Link feature was introduced in Windows 11 and according to …
🗿1
#linux_kernel #ring_0
#linux_exploitation
#exploitation
@ZwLowLevel
https://faith2dxy.xyz/2025-11-28/extending_race_window_fallocate/
Please open Telegram to view this post
VIEW IN TELEGRAM
faith2dxy.xyz
Extending Kernel Race Windows Using '/dev/shm'
Showcasing an alternative technique to userfaultfd for extending race windows in the Linux kernel.
Please open Telegram to view this post
VIEW IN TELEGRAM
Withsecure
TangleCrypt: a sophisticated but buggy malware packer
WithSecure's STINGR Group is releasing a detailed technical analysis of TangleCrypt, a previously undocumented packer for Windows malware. The packer was found on two executables of the STONESTOP EDR killer used in a recent ransomware attack. The blogpost…
#reverse_engineering
#firmware_analysis
@ZwLowLevel
https://stefan-gloor.ch/pulseoximeter-hack
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
HackMag
Building a Windows Kernel-Mode Driver for Process Hiding (Rootkit Techniques)
Tech magazine for cybersecurity specialists
ReCopilot: A Reverse Engineering Copilot for Boosting Binary Analysis with Decompiler
#reverse_engineering #reversing #copilot
@ZwLowLevel
https://github.com/XingTuLab/recopilot
GitHub
GitHub - XingTuLab/recopilot: ReCopilot: Reverse Engineering Copilot in Binary Analysis
ReCopilot: Reverse Engineering Copilot in Binary Analysis - XingTuLab/recopilot
Please open Telegram to view this post
VIEW IN TELEGRAM