#shadow_copy #vss
#malware_development #maldev
@ZwLowLevel
https://github.com/Extenedi/DeleteShadowCopies
Please open Telegram to view this post
VIEW IN TELEGRAM
Hoy sábado presento algunas estructuras del Kernel de Windows para refrescar la cabeza.
👀
Catalog of key Windows kernel data structures
Catalog of key Windows kernel data structures
#windows_internals #windows_kernel
#EPROCESS
@ZwLowLevel
https://codemachine.com/articles/kernel_structures.html
Please open Telegram to view this post
VIEW IN TELEGRAM
Codemachine
CodeMachine - Article - Catalog of key Windows kernel data structures
Explanation of key data structures used by device drivers, kernel and HAL.
Forwarded from cKure Red
https://github.com/hackersatyamrastogi/react2shell-ultimate
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from Sec Note
React2Shell (CVE-2025-55182) Exploitation: Real-World Incident Response to XMRig Cryptominer Attack
#cryptojacking #miner
#malware_analysis
@ZwLowLevel
React2Shell (CVE-2025-55182) Exploitation: Real-World Incident Response to XMRig Cryptominer Attack
Complete incident response writeup of a React2Shell (CVE-2025-55182) vulnerability exploitation leading to XMRig cryptominer installation. Learn detection, analysis, remediation, and prevention strategies for this critical RCE vulnerability.
How I discovered a hidden microphone on a Chinese NanoKVM
#reverse_engineering #reversing
#cyber_espionage
@ZwLowLevel
https://telefoncek.si/2025/02/2025-02-10-hidden-microphone-on-nanokvm/
telefoncek.si
Telefoncek.si • How I discovered a hidden microphone on a Chinese NanoKVM
NanoKVM is a hardware KVM switch developed by the Chinese company Sipeed. Released last year, it enables remote control of a computer or server using a virtu...
CVE-2023-20078 technical analysis: Identifying and triggering a command injection vulnerability in Cisco IP phones.
#reverse_engineering #reversing
@ZwLowLevel
https://www.ibm.com/think/x-force/cve-2023-20078-technical-analysis
Ibm
CVE-2023-20078 technical analysis: Identifying and triggering a command injection vulnerability in Cisco IP phones | IBM
Cisco released a security advisory detailing an unauthenticated command injection vulnerability in the web-based management interface of several Cisco IP phones. Learn more now.
Please open Telegram to view this post
VIEW IN TELEGRAM
Ibm
Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers | IBM
IBM Security X-Force Red offensive hackers analyze how attackers, with elevated privileges, can use their access to stage Windows Kernel post-exploitation capabilities.
Low Level CO 🇨🇴 pinned «💀 Direct kernel object manipulation (DKOM) attacks on ETW providers #windows_kernel #windows_internals #etw #dkom @ZwLowLevel»
#cryptominig #cryptojacking
#malware_spreading #malware_campaing
@ZwLowLevel
https://cyble.com/blog/v3g4-mirai-botnet-evolves/
Please open Telegram to view this post
VIEW IN TELEGRAM
Cyble
V3G4 Mirai Botnet Evolves
CRIL has uncovered an active V3G4 campaign using a Mirai-derived botnet alongside a fileless, runtime-configured cryptominer.
#offensive_tool #windows
#powershell
@ZwLowLevel
https://hackmag.com/security/powershell-secrets-2
Please open Telegram to view this post
VIEW IN TELEGRAM
HackMag
PowerShell Secrets: Building a Graphical User Interface (GUI) for Your Scripts
Tech magazine for cybersecurity specialists
A sophisticated proof-of-concept demonstrating advanced in-memory evasion techniques that cyclically encrypts and decrypts shellcode while fluctuating between different memory protection states to evade detection by memory scanners.
#malware_development #maldev
@ZwLowLevel
Please open Telegram to view this post
VIEW IN TELEGRAM
Advanced Anti-Sandboxing virtual machine
#anti_debugging
#anti_analysis
#hypervisor
@ZwLowLevel
https://github.com/Laeteth/advanced-anti-sandbox-Virtual-Machine
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - Laeteth/advanced-anti-sandbox-Virtual-Machine: Anti Virtulization, Anti Debugging, AntiVM, Anti Virtual Machine, Anti…
Anti Virtulization, Anti Debugging, AntiVM, Anti Virtual Machine, Anti Debug, Anti Sandboxie, Anti Sandbox - Laeteth/advanced-anti-sandbox-Virtual-Machine
Singular Access
A kernel-mode syscall wrapper that enables privileged process operations without requiring handles. Uses
A kernel-mode syscall wrapper that enables privileged process operations without requiring handles. Uses
xKdEnumerateDebuggingDevices pointer hooking for kernel-usermode communication.#windows_kernel #windows_internals
#ring0 #ring_0
#syscall #system_call
@ZwLowLevel
https://github.com/bromoket/access_updated
GitHub
GitHub - bromoket/access_updated: Kernel-mode syscall wrapper with Zydis-based dynamic pattern finding for Windows 10/11
Kernel-mode syscall wrapper with Zydis-based dynamic pattern finding for Windows 10/11 - bromoket/access_updated
LOLRMM
LOLRMM is a curated list of Remote Monitoring and Management (RMM) tools that could potentially be abused by threat actors. #windows_internals #sysmon
@ZwLowLevel
https://lolrmm.io/