AV/EDR Killer
AV/EDR Killer by exploiting Signed Microsoft driver.
AV/EDR Killer by exploiting Signed Microsoft driver.
#offensive_tool
@ZwLowLevel
https://github.com/SaadAhla/Killer
💯 We're starting another new week. I hope everyone achieves their goals.
SuperTinyKernel (STK)
Minimalistic C/C++ thread scheduling kernel for Embedded Systems - SuperTinyKernel (STK).
Minimalistic C/C++ thread scheduling kernel for Embedded Systems - SuperTinyKernel (STK).
#ring0
#ring_0
@ZwLowLevel
https://github.com/dmitrykos/stk
GitHub
GitHub - dmitrykos/stk: Minimalistic C++ thread scheduling kernel for Embedded systems - SuperTinyKernel (STK). Supports ARM Cortex…
Minimalistic C++ thread scheduling kernel for Embedded systems - SuperTinyKernel (STK). Supports ARM Cortex-M and RISC-V MCUs with debugging possibility on conventional x86. Compiles with GCC. Come...
SheepCrypter - Ghostly Hollowing Crypter
Advanced in-memory process injection using transient SEC_IMAGE sections, custom crypter, and ADS payload delivery no disk traces, maximum stealth.
Advanced in-memory process injection using transient SEC_IMAGE sections, custom crypter, and ADS payload delivery no disk traces, maximum stealth.
#malwaredev
#maldev
#malware_development
@ZwLowLevel
https://github.com/TheDarkMythos/SheepCrypter
GitHub
GitHub - TheDarkMythos/SheepCrypter: Advanced in-memory process injection using transient SEC_IMAGE sections, custom crypter, and…
Advanced in-memory process injection using transient SEC_IMAGE sections, custom crypter, and ADS payload delivery no disk traces, maximum stealth. - TheDarkMythos/SheepCrypter
Low Level CO 🇨🇴
EP20 Windows Under the Hood: Kernel Design, EDR, and the Transition to VBS with Pavel Yosifovich #windows_internals #windows_kernel @ZwLowLevel
Behind the Binary EP20: Windows Under the Hood: Kernel Design, EDRs, and the Shift to VBS with Pavel Yosifovich
Googlecloudcommunity
Behind the Binary EP20: Windows Under the Hood: Kernel Design, EDRs, and the Shift to VBS with Pavel Yosifovich | Community
In this episode, we get a unique look at the history of Windows through the eyes of one of its leading experts, Pavel Yosifovich. We delve into his fascinating origin story, including the "fluke" that led him to become the author of the legendary Windows…
Low Level CO 🇨🇴 pinned «SheepCrypter - Ghostly Hollowing Crypter Advanced in-memory process injection using transient SEC_IMAGE sections, custom crypter, and ADS payload delivery no disk traces, maximum stealth. #malwaredev #maldev #malware_development @ZwLowLevel https://git…»
WinAPI Hooking: Taking Control of Any Windows Application
#windows_internals
#api_hooking
#inline_hooking
@ZwLowLevel
https://hackmag.com/security/winapi-hooks
HackMag
WinAPI Hooking: Taking Control of Any Windows Application
Tech magazine for cybersecurity specialists
API Hooking – Tales from a Hacker’s Hook Book
This is called Hooking—the process by which an application intercepts an API call between two other applications. In the example above, the intercepting function (called a hook procedure) altered the data passed onto the recipient (the text editor), but that is not always the case.
#windows_internals
#api_hooking
#inline_hooking
@ZwLowLevel
https://www.cynet.com/attack-techniques-hands-on/api-hooking/
All-in-One Cybersecurity Platform - Cynet
API Hooking - Tales from a Hacker’s Hook Book
API hooking is an integral part of the Windows operating system, has legitimate uses, and can be implemented in numerous ways. Therefore, complete mitigation and prevention are difficult to accomplish.
Malware Just Got Its Free Passes Back!
Moonwalk++ Bypasses EDR by Spoofing Windows Call Stacks
#malware_development
#edr_bypass
#edr_evasion
#maldev
#malwaredev
@ZwLowLevel
https://klezvirus.github.io/posts/Moonwalk-plus-plus/
klezVirus
Malware Just Got Its Free Passes Back!
TL;DR
CVE-2025-64669: Uncovering Local Privilege Escalation Vulnerability in Windows Admin Center
#exploit
#cve
@ZwLowLevel
Cymulate
CVE-2025-64669: Uncovering Local Privilege Escalation Vulnerability in Windows Admin Center
Cymulate Research Labs discovered CVE-2025-64669, a local privilege escalation flaw in Windows Admin Center enabling SYSTEM-level compromise.
Forwarded from Infosec Fortress (Amir M. Jahangirzad)
Synacktiv
Breaking the BeeStation: Inside Our Pwn2Own 2025 Exploit Journey
Breaking the BeeStation: Inside Our Pwn2Own 2025 Exploit Journey
🔗 Link
#exploitation
#synology
#pwn2own
———
🆔 @Infosec_Fortress
🔗 Link
#exploitation
#synology
#pwn2own
———
🆔 @Infosec_Fortress
Modern iOS Security Features – A Deep Dive into SPTM, TXM, and Exclaves
#os_internals
@ZwLowLevel
https://arxiv.org/pdf/2510.09272
No Alloc, No Problem: Leveraging Program Entry Points for Process Injection
#malwaredev
#malware_development
#maldev
@ZwLowLevel
bohops
No Alloc, No Problem: Leveraging Program Entry Points for Process Injection
Introduction Process Injection is a popular technique used by Red Teams and threat actors for defense evasion, privilege escalation, and other interesting use cases. At the time of this publishing,…
Low Level CO 🇨🇴 pinned «Malware Just Got Its Free Passes Back! Moonwalk++ Bypasses EDR by Spoofing Windows Call Stacks #malware_development #edr_bypass #edr_evasion #maldev #malwaredev @ZwLowLevel https://klezvirus.github.io/posts/Moonwalk-plus-plus/»