Low Level CO 🇨🇴
EP20 Windows Under the Hood: Kernel Design, EDR, and the Transition to VBS with Pavel Yosifovich #windows_internals #windows_kernel @ZwLowLevel
Behind the Binary EP20: Windows Under the Hood: Kernel Design, EDRs, and the Shift to VBS with Pavel Yosifovich
Googlecloudcommunity
Behind the Binary EP20: Windows Under the Hood: Kernel Design, EDRs, and the Shift to VBS with Pavel Yosifovich | Community
In this episode, we get a unique look at the history of Windows through the eyes of one of its leading experts, Pavel Yosifovich. We delve into his fascinating origin story, including the "fluke" that led him to become the author of the legendary Windows…
Low Level CO 🇨🇴 pinned «SheepCrypter - Ghostly Hollowing Crypter Advanced in-memory process injection using transient SEC_IMAGE sections, custom crypter, and ADS payload delivery no disk traces, maximum stealth. #malwaredev #maldev #malware_development @ZwLowLevel https://git…»
WinAPI Hooking: Taking Control of Any Windows Application
#windows_internals
#api_hooking
#inline_hooking
@ZwLowLevel
https://hackmag.com/security/winapi-hooks
HackMag
WinAPI Hooking: Taking Control of Any Windows Application
Tech magazine for cybersecurity specialists
API Hooking – Tales from a Hacker’s Hook Book
This is called Hooking—the process by which an application intercepts an API call between two other applications. In the example above, the intercepting function (called a hook procedure) altered the data passed onto the recipient (the text editor), but that is not always the case.
#windows_internals
#api_hooking
#inline_hooking
@ZwLowLevel
https://www.cynet.com/attack-techniques-hands-on/api-hooking/
All-in-One Cybersecurity Platform - Cynet
API Hooking - Tales from a Hacker’s Hook Book
API hooking is an integral part of the Windows operating system, has legitimate uses, and can be implemented in numerous ways. Therefore, complete mitigation and prevention are difficult to accomplish.
Malware Just Got Its Free Passes Back!
Moonwalk++ Bypasses EDR by Spoofing Windows Call Stacks
#malware_development
#edr_bypass
#edr_evasion
#maldev
#malwaredev
@ZwLowLevel
https://klezvirus.github.io/posts/Moonwalk-plus-plus/
klezVirus
Malware Just Got Its Free Passes Back!
TL;DR
CVE-2025-64669: Uncovering Local Privilege Escalation Vulnerability in Windows Admin Center
#exploit
#cve
@ZwLowLevel
Cymulate
CVE-2025-64669: Uncovering Local Privilege Escalation Vulnerability in Windows Admin Center
Cymulate Research Labs discovered CVE-2025-64669, a local privilege escalation flaw in Windows Admin Center enabling SYSTEM-level compromise.
Forwarded from Infosec Fortress (Amir M. Jahangirzad)
Synacktiv
Breaking the BeeStation: Inside Our Pwn2Own 2025 Exploit Journey
Breaking the BeeStation: Inside Our Pwn2Own 2025 Exploit Journey
🔗 Link
#exploitation
#synology
#pwn2own
———
🆔 @Infosec_Fortress
🔗 Link
#exploitation
#synology
#pwn2own
———
🆔 @Infosec_Fortress
Modern iOS Security Features – A Deep Dive into SPTM, TXM, and Exclaves
#os_internals
@ZwLowLevel
https://arxiv.org/pdf/2510.09272
No Alloc, No Problem: Leveraging Program Entry Points for Process Injection
#malwaredev
#malware_development
#maldev
@ZwLowLevel
bohops
No Alloc, No Problem: Leveraging Program Entry Points for Process Injection
Introduction Process Injection is a popular technique used by Red Teams and threat actors for defense evasion, privilege escalation, and other interesting use cases. At the time of this publishing,…
Low Level CO 🇨🇴 pinned «Malware Just Got Its Free Passes Back! Moonwalk++ Bypasses EDR by Spoofing Windows Call Stacks #malware_development #edr_bypass #edr_evasion #maldev #malwaredev @ZwLowLevel https://klezvirus.github.io/posts/Moonwalk-plus-plus/»
COM BypassUAC - Reflective DLL Injection
Windows UAC bypass tool using the DLL injection technique. It loads the DLL entirely from memory without touching the disk.
Windows UAC bypass tool using the DLL injection technique. It loads the DLL entirely from memory without touching the disk.
#maldev
#malware_development
#malwaredev
@ZwLowLevel
GitHub
GitHub - Masteryxy/CMSTPLua-Reflective-UAC-Bypass: Windows UAC bypass tool using the DLL injection technique. It loads the DLL…
Windows UAC bypass tool using the DLL injection technique. It loads the DLL entirely from memory without touching the disk. - Masteryxy/CMSTPLua-Reflective-UAC-Bypass
Forwarded from 1N73LL1G3NC3
ESC1-unPAC (BOF)
A Beacon Object File (BOF) that performs the complete ESC1 attack chain in a single execution: certificate request with arbitrary SAN (+SID), PKINIT authentication, and NT hash extraction via UnPAC-the-hash.
A Beacon Object File (BOF) that performs the complete ESC1 attack chain in a single execution: certificate request with arbitrary SAN (+SID), PKINIT authentication, and NT hash extraction via UnPAC-the-hash.
Forwarded from HyperDbg News & Updates
We'll be at #FOSDEM 2026 in Brussels (January 31-February 1) with talks in the Security, Virtualization, and Cloud Infrastructure rooms about the HyperDbg debugger.
More info:
- https://fosdem.org/2026/schedule/event/mbec_slat_and_hyperdbg_hypervisor-based_kernel-_and_user-mode_debugging/
- https://fosdem.org/2026/schedule/event/invisible_hypervisors_debugging_with_hyperdbg/
#FOSDEM2026
More info:
- https://fosdem.org/2026/schedule/event/mbec_slat_and_hyperdbg_hypervisor-based_kernel-_and_user-mode_debugging/
- https://fosdem.org/2026/schedule/event/invisible_hypervisors_debugging_with_hyperdbg/
#FOSDEM2026
Choose Your Fighter: A New Stage in the Evolution of Android SMS Stealers in Uzbekistan
#malware_analysis
@ZwLowLevel
Group-IB
Choose Your Fighter: A New Stage in the Evolution of Android SMS Stealers in Uzbekistan
Group-IB analyzes the evolution of Android malware in Uzbekistan, revealing advanced droppers, encrypted payload delivery, anti-analysis techniques, and Wonderland’s bidirectional SMS-stealing capabilities driving large-scale financial fraud.
Rehabilitating Registry Tradecraft with RegRestoreKey
Next Generation
Endpoint Security
Next Generation
Endpoint Security
#edr_evasion
#edr_bypass
@ZwLowLevel
https://www.originhq.com/blog/rehabilitating-registry-tradecraft-with-regrestorekey
Origin
Origin | Next Generation Endpoint Security
Enabling you to safely give AI agents the permissions they need, so they can give you the productivity you demand.
Low Level CO 🇨🇴 pinned «Rehabilitating Registry Tradecraft with RegRestoreKey Next Generation Endpoint Security #edr_evasion #edr_bypass @ZwLowLevel https://www.originhq.com/blog/rehabilitating-registry-tradecraft-with-regrestorekey»
macOS Internals Explained: A Dive into the Operating System’s Architecture
#macos_internals
#os_internals
@ZwLowLevel
https://hackmag.com/security/macos-tech-overview