MemProcFS
MemProcFS is an easy and convenient way of viewing physical memory as files in a virtual file system.
MemProcFS is an easy and convenient way of viewing physical memory as files in a virtual file system.
#os_internals
#ram
@ZwLowLevel
https://github.com/ufrisk/MemProcFS
GitHub
GitHub - ufrisk/MemProcFS: MemProcFS
MemProcFS. Contribute to ufrisk/MemProcFS development by creating an account on GitHub.
A look at an Android ITW DNG exploit
#android_malware
#android_analysis
#arm64
@ZwLowLevel
https://googleprojectzero.blogspot.com/2025/12/a-look-at-android-itw-dng-exploit.html
projectzero.google
A look at an Android ITW DNG exploit - Project Zero
IntroductionBetween July 2024 and February 2025, 6 suspicious image files were uploaded to VirusTotal. Thanks to a lead from Meta, these samples came to the ...
Forwarded from Golden Byte
Rethinking sudo with object capabilities
#linux_internals
#linux_security
@ZwLowLevel
https://ariadne.space/2025/12/12/rethinking-sudo-with-object-capabilities.html
ariadne.space
Rethinking sudo with object capabilities
I hate sudo with a passion. It represents everything I find offensive about the modern Unix security model:
like su, it must be a SUID binary to work it is monolithic: everything sudo does runs as root, there is no privilege separation it uses a non-declarative…
like su, it must be a SUID binary to work it is monolithic: everything sudo does runs as root, there is no privilege separation it uses a non-declarative…
Syscaller - Easily Invoke Windows Syscalls With Confidence
#windows_internals
#syscall
#system_call
@ZwLwoLevel
https://github.com/Tayssirx71/Syscaller
GitHub
GitHub - Tayssirx71/Syscaller: 🛠️ Invoke Windows Native API syscalls directly with Syscaller, a header-only C++ library that ensures…
🛠️ Invoke Windows Native API syscalls directly with Syscaller, a header-only C++ library that ensures compatibility and avoids breaking updates. - Tayssirx71/Syscaller
Exploiting a 13-years old bug on QEMU
#reverse_engineering
#reversing
@ZwLowLevel
https://kqx.io/post/qemu-nday/
VB2019 paper: Rich Headers: leveraging this mysterious artifact of the PE format
#windows_internals
#pe_format
#reverse_engineering
#reversing
@ZwLowLevel
Virusbulletin
Virus Bulletin :: VB2019 paper: Rich Headers: leveraging this mysterious artifact of the PE format
Ever since the release of Visual Studio 97 SP3, Microsoft has placed an undocumented chunk of data between the DOS and PE headers of every native Portable Executable (PE) binary produced by its linker without any possibility to opt out. The data contains…
BreakFAST - Kerberos FAST Armoring Abuse
Proof of concept for Kerberos Armoring abuse.
Proof of concept for Kerberos Armoring abuse.
#offensive_tool
#active_directory
#ad
#kerberos
@ZwLowLevel
https://github.com/monsieurPale/BreakFAST
The Typeframe PX-88 Portable Computing System
The Typeframe PX-88 is an integrated system that has been perfectly arranged to guarantee a superior outcome for the operator. Leave it to Typeframe to integrate these critical elements into one commanding machine.
#hardware
@ZwLowLevel
https://www.typeframe.net/
The Typeframe PX-88 is an integrated system that has been perfectly arranged to guarantee a superior outcome for the operator. Leave it to Typeframe to integrate these critical elements into one commanding machine.
#hardware
@ZwLowLevel
https://www.typeframe.net/
www.typeframe.net
A collection of open-source hardware and software for building writerdecks/cyberdecks.
How we got hit by Shai-Hulud: A complete post-mortem
We had been compromised by
We had been compromised by
Shai-Hulud 2.0, a sophisticated npm supply chain worm that compromised over 500 packages, affected 25,000+ repositories, and spread across the JavaScript ecosystem. We weren't alone: PostHog, Zapier, AsyncAPI, Postman, and ENS were among those hit.#malware_analysis
#malware_spreading
#supply_chain
@ZwLowLevel
https://trigger.dev/blog/shai-hulud-postmortem
trigger.dev
How we got hit by Shai-Hulud: A complete post-mortem | Trigger.dev
On November 25th, one of our engineers was compromised by the Shai-Hulud npm supply chain worm. Here's what happened, how we responded, and what we've changed.
AV/EDR Killer
AV/EDR Killer by exploiting Signed Microsoft driver.
AV/EDR Killer by exploiting Signed Microsoft driver.
#offensive_tool
@ZwLowLevel
https://github.com/SaadAhla/Killer