Low Level CO 🇨🇴 – Telegram
Low Level CO 🇨🇴
@ZwLowLevel
121 subscribers
178 photos
10 videos
7 files
542 links
Canal enfocado en la investigación de técnicas de seguridad ofensivas avanzadas.

Windows internals
Malware Development
Exploits & Reversing
Low level programming
kernel mode & user mode
Syscall & Hypercalls
Ring 0, 3, -1
Firmware
Download Telegram
About
Blog
Apps
Platform
Join
Low Level CO 🇨🇴
121 subscribers
Low Level CO 🇨🇴
Skeler - Tel Aviv (thewildspirit Remix)
<unknown>
45 viewsGolden Byte
Low Level CO 🇨🇴
Windows Kernel EDR Development

#windows_internals
#windows_kernel
#edr_development
@ZwLowLevel
46 viewsGolden Byte
Low Level CO 🇨🇴
AV/EDR Killer

AV/EDR Killer by exploiting Signed Microsoft driver.

#offensive_tool
@ZwLowLevel
https://github.com/SaadAhla/Killer
52 viewsGolden Byte
Low Level CO 🇨🇴
Patch Wednesday: Root Cause Analysis with LLMs

#reverse_engineering
#reversing
@ZwLowLevel
Akamai
Patch Wednesday: Root Cause Analysis with LLMs | Akamai
PatchDiff-AI is a new AI-driven multi-agent system that ingests Patch Tuesday metadata and generates a fully automated root-cause analysis report.
53 viewsGolden Byte
Low Level CO 🇨🇴
Abusing DLLs EntryPoint for the Fun

#windows_internals
#malwaredev
#malware_development
#maldev
@ZwLowLevel
53 viewsGolden Byte
Low Level CO 🇨🇴
💯 We're starting another new week. I hope everyone achieves their goals.
55 viewsGolden Byte
Low Level CO 🇨🇴
Analysis of an Autocolor Backdoor variant

#malware_analysis
@ZwLowLevel
Medium
Analysis of an Autocolor Backdoor variant
Analysis of an Autocolor Backdoor variant Summary The elf sample is an autocolor backdoor It uses a lot of different techniques to gain persistence It uses AES Extended encryption It also deploys a …
51 viewsGolden Byte
Low Level CO 🇨🇴
SuperTinyKernel (STK)

Minimalistic C/C++ thread scheduling kernel for Embedded Systems - SuperTinyKernel (STK).

#ring0
#ring_0
@ZwLowLevel
https://github.com/dmitrykos/stk
GitHub
GitHub - dmitrykos/stk: Minimalistic C++ thread scheduling kernel for Embedded systems - SuperTinyKernel (STK). Supports ARM Cortex…
Minimalistic C++ thread scheduling kernel for Embedded systems - SuperTinyKernel (STK). Supports ARM Cortex-M and RISC-V MCUs with debugging possibility on conventional x86. Compiles with GCC. Come...
47 viewsGolden Byte
Low Level CO 🇨🇴
Forwarded from ByteShield
https://www.cyberark.com/resources/threat-research-blog/fantastic-rootkits-and-where-to-find-them-part-1
Cyberark
Fantastic Rootkits: And Where to Find Them (Part 1)
Introduction In this blog series, we will cover the topic of rootkits — how they are built and the basics of kernel driver analysis — specifically on the Windows platform. In this first part, we...
49 viewsGolden Byte
Low Level CO 🇨🇴
Boris Brejcha - Nothing Seems To Be "Unreleased"
Techno Wave
52 viewsGolden Byte
Low Level CO 🇨🇴
SheepCrypter - Ghostly Hollowing Crypter

Advanced in-memory process injection using transient SEC_IMAGE sections, custom crypter, and ADS payload delivery no disk traces, maximum stealth.

#malwaredev
#maldev
#malware_development

@ZwLowLevel
https://github.com/TheDarkMythos/SheepCrypter
GitHub
GitHub - TheDarkMythos/SheepCrypter: Advanced in-memory process injection using transient SEC_IMAGE sections, custom crypter, and…
Advanced in-memory process injection using transient SEC_IMAGE sections, custom crypter, and ADS payload delivery no disk traces, maximum stealth. - TheDarkMythos/SheepCrypter
176 viewsGolden Byte
Low Level CO 🇨🇴
Low Level CO 🇨🇴
EP20 Windows Under the Hood: Kernel Design, EDR, and the Transition to VBS with Pavel Yosifovich #windows_internals #windows_kernel @ZwLowLevel
Behind the Binary EP20: Windows Under the Hood: Kernel Design, EDRs, and the Shift to VBS with Pavel Yosifovich
Googlecloudcommunity
Behind the Binary EP20: Windows Under the Hood: Kernel Design, EDRs, and the Shift to VBS with Pavel Yosifovich | Community
In this episode, we get a unique look at the history of Windows through the eyes of one of its leading experts, Pavel Yosifovich. We delve into his fascinating origin story, including the "fluke" that led him to become the author of the legendary Windows…
57 viewsGolden Byte
Low Level CO 🇨🇴
Low Level CO 🇨🇴 pinned «SheepCrypter - Ghostly Hollowing Crypter Advanced in-memory process injection using transient SEC_IMAGE sections, custom crypter, and ADS payload delivery no disk traces, maximum stealth. #malwaredev #maldev #malware_development @ZwLowLevel https://git…»
Low Level CO 🇨🇴
51 viewsGolden Byte
Low Level CO 🇨🇴
BlindEagle Targets Colombian Government Agency with Caminho and DCRAT

#malware_analysis
#malware_spreading
@ZwLowLevel
Zscaler
BlindEagle Deploys Caminho and DCRAT | ThreatLabz
BlindEagle continues to target Colombian government agencies and deploying Caminho and DCRAT.
45 viewsGolden Byte
Low Level CO 🇨🇴
WinAPI Hooking: Taking Control of Any Windows Application

#windows_internals
#api_hooking
#inline_hooking

@ZwLowLevel
https://hackmag.com/security/winapi-hooks
HackMag
WinAPI Hooking: Taking Control of Any Windows Application
Tech magazine for cybersecurity specialists
46 viewsGolden Byte
Low Level CO 🇨🇴
API Hooking – Tales from a Hacker’s Hook Book

This is called Hooking—the process by which an application intercepts an API call between two other applications. In the example above, the intercepting function (called a hook procedure) altered the data passed onto the recipient (the text editor), but that is not always the case.

#windows_internals
#api_hooking
#inline_hooking

@ZwLowLevel
https://www.cynet.com/attack-techniques-hands-on/api-hooking/
All-in-One Cybersecurity Platform - Cynet
API Hooking - Tales from a Hacker’s Hook Book
API hooking is an integral part of the Windows operating system, has legitimate uses, and can be implemented in numerous ways. Therefore, complete mitigation and prevention are difficult to accomplish.
49 viewsGolden Byte
Low Level CO 🇨🇴
Malware Just Got Its Free Passes Back!

Moonwalk++ Bypasses EDR by Spoofing Windows Call Stacks

#malware_development
#edr_bypass
#edr_evasion
#maldev
#malwaredev
@ZwLowLevel
https://klezvirus.github.io/posts/Moonwalk-plus-plus/
klezVirus
Malware Just Got Its Free Passes Back!
TL;DR
120 viewsGolden Byte
Low Level CO 🇨🇴
CVE-2025-64669: Uncovering Local Privilege Escalation Vulnerability in Windows Admin Center

#exploit
#cve
@ZwLowLevel
Cymulate
CVE-2025-64669: Uncovering Local Privilege Escalation Vulnerability in Windows Admin Center 
Cymulate Research Labs discovered CVE-2025-64669, a local privilege escalation flaw in Windows Admin Center enabling SYSTEM-level compromise.
46 viewsGolden Byte
Low Level CO 🇨🇴
Forwarded from Infosec Fortress (Amir M. Jahangirzad)
Synacktiv
Breaking the BeeStation: Inside Our Pwn2Own 2025 Exploit Journey
Breaking the BeeStation: Inside Our Pwn2Own 2025 Exploit Journey

🔗 Link

#exploitation
#synology
#pwn2own
———
🆔 @Infosec_Fortress
42 viewsGolden Byte
Low Level CO 🇨🇴
Modern iOS Security Features – A Deep Dive into SPTM, TXM, and Exclaves

#os_internals
@ZwLowLevel

https://arxiv.org/pdf/2510.09272
47 viewsGolden Byte