SAMDump
Extract SAM and SYSTEM using Volume Shadow Copy (VSS) API. With multiple exfiltration options and XOR obfuscation
Extract SAM and SYSTEM using Volume Shadow Copy (VSS) API. With multiple exfiltration options and XOR obfuscation
#malwaredev
#malware_development
#maldev
@ZwLowLevel
https://github.com/ricardojoserf/SAMDump
GitHub
GitHub - ricardojoserf/SAMDump: Extract SAM and SYSTEM using Volume Shadow Copy (VSS) API. With multiple exfiltration options and…
Extract SAM and SYSTEM using Volume Shadow Copy (VSS) API. With multiple exfiltration options and XOR obfuscation - ricardojoserf/SAMDump
Sanctioned but Still Spying: Intellexa’s Prolific Zero-Day Exploits Continue
#malware_analysis
@ZwLowLevel
https://cloud.google.com/blog/topics/threat-intelligence/intellexa-zero-day-exploits-continue
Google Cloud Blog
Intellexa’s Prolific Zero-Day Exploits Continue | Google Cloud Blog
Commercial surveillance vendor Intellexa continues to thrive and exploit mobile zero-day vulnerabilities.
Cooolis-ms
Cooolis-ms is a tool that incorporates the Metasploit Payload Loader, Cobalt Strike External C2 Loader, and Reflective DLL injection.
Cooolis-ms is a tool that incorporates the Metasploit Payload Loader, Cobalt Strike External C2 Loader, and Reflective DLL injection.
#malware_development
#maldev
#malwaredev
@ZwLowLevel
https://github.com/otuhsgcasg/Cooolis-ms-C2-Loader-Metasploit
The stack circuitry of the Intel 8087 floating point chip, reverse-engineered
#reverse_engineering
#reversing
@ZwLowLevel
Righto
The stack circuitry of the Intel 8087 floating point chip, reverse-engineered
Early microprocessors were very slow when operating with floating-point numbers. But in 1980, Intel introduced the 8087 floating-point copro...
New BYOVD loader behind DeadLock ransomware attack
#windows_kernel
#windows_driver
#windows_internals
@ZwLowLevel
Cisco Talos Blog
New BYOVD loader behind DeadLock ransomware attack
Cisco Talos has uncovered a new DeadLock ransomware campaign using a previously unknown BYOVD loader to exploit a Baidu Antivirus driver vulnerability, letting threat actors disable EDR defenses and escalate attacks.
Malware Development
A collection of blogs about Malware Development and Analysis from talented researchers.
A collection of blogs about Malware Development and Analysis from talented researchers.
#malware_development
#malwaredev
#maldev
@ZwLowLevel
https://github.com/t1Sh1n4/mlwr_blogs
GitHub
GitHub - t1Sh1n4/mlwr_blogs: collection of blogs about malware development and analysis
collection of blogs about malware development and analysis - t1Sh1n4/mlwr_blogs
svc-hook: System Call Hook for ARM64
svc-hook is a system call hook mechanism for ARM64. It is designed to be low performance overhead, independent of the target source code, without relying on kernel features.
svc-hook is a system call hook mechanism for ARM64. It is designed to be low performance overhead, independent of the target source code, without relying on kernel features.
#arm64
#arm64_internals
#syscall
#system_call
@ZwLowLevel
https://github.com/retrage/svc-hook
GitHub
GitHub - retrage/svc-hook: System Call Hook for ARM64
System Call Hook for ARM64. Contribute to retrage/svc-hook development by creating an account on GitHub.
Please open Telegram to view this post
VIEW IN TELEGRAM
Check Point Research
Cracking ValleyRAT: From Builder Secrets to Kernel Rootkits - Check Point Research
Highlights: Introduction Throughout 2025, we conducted and published several reports related to our research on the Silver Fox APT. In some of them (for example, here), the threat actor delivered the well-known ValleyRAT backdoor, also referred to as Winos or Winos4.0…
Forwarded from RME-DisCo @ UNIZAR [www.reversea.me]
When Defenders Become the Attackers: The Elastic EDR 0-Day (RCE + DoS) #ElasticEDR #0Day #KernelDriver #RCE #DenialOfService https://ashes-cybersecurity.com/0-day-research/
#red_team
#offensive_tool
@ZwLowLevel
https://github.com/yuhaiin/yuhaiin
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - yuhaiin/yuhaiin: proxy kit for Linux/Windows/MacOS
proxy kit for Linux/Windows/MacOS. Contribute to yuhaiin/yuhaiin development by creating an account on GitHub.
#malware_analysis
#malware
@ZwLowLevel
https://hackmag.com/security/win-link-rce
Please open Telegram to view this post
VIEW IN TELEGRAM
HackMag
Poisoned Shortcut: Exploiting a Critical Microsoft Windows LNK Vulnerability
Tech magazine for cybersecurity specialists
ShadowUser
Tool for creating a hidden administrator account through SAM registry manipulation and identity information cloning
Tool for creating a hidden administrator account through SAM registry manipulation and identity information cloning
#windows_security
#offensive_tool
@ZwLowLevel
https://github.com/Caidoam/Windows-Shadow-User-SAM-Manipulator
GitHub
GitHub - Caidoam/Windows-Shadow-User-SAM-Manipulator: Tool for creating a hidden administrator account through SAM registry manipulation…
Tool for creating a hidden administrator account through SAM registry manipulation and identity information cloning. - Caidoam/Windows-Shadow-User-SAM-Manipulator