Malware Development
A collection of blogs about Malware Development and Analysis from talented researchers.
A collection of blogs about Malware Development and Analysis from talented researchers.
#malware_development
#malwaredev
#maldev
@ZwLowLevel
https://github.com/t1Sh1n4/mlwr_blogs
GitHub
GitHub - t1Sh1n4/mlwr_blogs: collection of blogs about malware development and analysis
collection of blogs about malware development and analysis - t1Sh1n4/mlwr_blogs
svc-hook: System Call Hook for ARM64
svc-hook is a system call hook mechanism for ARM64. It is designed to be low performance overhead, independent of the target source code, without relying on kernel features.
svc-hook is a system call hook mechanism for ARM64. It is designed to be low performance overhead, independent of the target source code, without relying on kernel features.
#arm64
#arm64_internals
#syscall
#system_call
@ZwLowLevel
https://github.com/retrage/svc-hook
GitHub
GitHub - retrage/svc-hook: System Call Hook for ARM64
System Call Hook for ARM64. Contribute to retrage/svc-hook development by creating an account on GitHub.
Please open Telegram to view this post
VIEW IN TELEGRAM
Check Point Research
Cracking ValleyRAT: From Builder Secrets to Kernel Rootkits - Check Point Research
Highlights: Introduction Throughout 2025, we conducted and published several reports related to our research on the Silver Fox APT. In some of them (for example, here), the threat actor delivered the well-known ValleyRAT backdoor, also referred to as Winos or Winos4.0…
Forwarded from RME-DisCo @ UNIZAR [www.reversea.me]
When Defenders Become the Attackers: The Elastic EDR 0-Day (RCE + DoS) #ElasticEDR #0Day #KernelDriver #RCE #DenialOfService https://ashes-cybersecurity.com/0-day-research/
#red_team
#offensive_tool
@ZwLowLevel
https://github.com/yuhaiin/yuhaiin
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - yuhaiin/yuhaiin: proxy kit for Linux/Windows/MacOS
proxy kit for Linux/Windows/MacOS. Contribute to yuhaiin/yuhaiin development by creating an account on GitHub.
#malware_analysis
#malware
@ZwLowLevel
https://hackmag.com/security/win-link-rce
Please open Telegram to view this post
VIEW IN TELEGRAM
HackMag
Poisoned Shortcut: Exploiting a Critical Microsoft Windows LNK Vulnerability
Tech magazine for cybersecurity specialists
ShadowUser
Tool for creating a hidden administrator account through SAM registry manipulation and identity information cloning
Tool for creating a hidden administrator account through SAM registry manipulation and identity information cloning
#windows_security
#offensive_tool
@ZwLowLevel
https://github.com/Caidoam/Windows-Shadow-User-SAM-Manipulator
GitHub
GitHub - Caidoam/Windows-Shadow-User-SAM-Manipulator: Tool for creating a hidden administrator account through SAM registry manipulation…
Tool for creating a hidden administrator account through SAM registry manipulation and identity information cloning. - Caidoam/Windows-Shadow-User-SAM-Manipulator
MemProcFS
MemProcFS is an easy and convenient way of viewing physical memory as files in a virtual file system.
MemProcFS is an easy and convenient way of viewing physical memory as files in a virtual file system.
#os_internals
#ram
@ZwLowLevel
https://github.com/ufrisk/MemProcFS
GitHub
GitHub - ufrisk/MemProcFS: MemProcFS
MemProcFS. Contribute to ufrisk/MemProcFS development by creating an account on GitHub.
A look at an Android ITW DNG exploit
#android_malware
#android_analysis
#arm64
@ZwLowLevel
https://googleprojectzero.blogspot.com/2025/12/a-look-at-android-itw-dng-exploit.html
projectzero.google
A look at an Android ITW DNG exploit - Project Zero
IntroductionBetween July 2024 and February 2025, 6 suspicious image files were uploaded to VirusTotal. Thanks to a lead from Meta, these samples came to the ...
Forwarded from Golden Byte
Rethinking sudo with object capabilities
#linux_internals
#linux_security
@ZwLowLevel
https://ariadne.space/2025/12/12/rethinking-sudo-with-object-capabilities.html
ariadne.space
Rethinking sudo with object capabilities
I hate sudo with a passion. It represents everything I find offensive about the modern Unix security model:
like su, it must be a SUID binary to work it is monolithic: everything sudo does runs as root, there is no privilege separation it uses a non-declarative…
like su, it must be a SUID binary to work it is monolithic: everything sudo does runs as root, there is no privilege separation it uses a non-declarative…
Syscaller - Easily Invoke Windows Syscalls With Confidence
#windows_internals
#syscall
#system_call
@ZwLwoLevel
https://github.com/Tayssirx71/Syscaller
GitHub
GitHub - Tayssirx71/Syscaller: 🛠️ Invoke Windows Native API syscalls directly with Syscaller, a header-only C++ library that ensures…
🛠️ Invoke Windows Native API syscalls directly with Syscaller, a header-only C++ library that ensures compatibility and avoids breaking updates. - Tayssirx71/Syscaller
Exploiting a 13-years old bug on QEMU
#reverse_engineering
#reversing
@ZwLowLevel
https://kqx.io/post/qemu-nday/
VB2019 paper: Rich Headers: leveraging this mysterious artifact of the PE format
#windows_internals
#pe_format
#reverse_engineering
#reversing
@ZwLowLevel
Virusbulletin
Virus Bulletin :: VB2019 paper: Rich Headers: leveraging this mysterious artifact of the PE format
Ever since the release of Visual Studio 97 SP3, Microsoft has placed an undocumented chunk of data between the DOS and PE headers of every native Portable Executable (PE) binary produced by its linker without any possibility to opt out. The data contains…