No Alloc, No Problem: Leveraging Program Entry Points for Process Injection
#malwaredev
#malware_development
#maldev
@ZwLowLevel
bohops
No Alloc, No Problem: Leveraging Program Entry Points for Process Injection
Introduction Process Injection is a popular technique used by Red Teams and threat actors for defense evasion, privilege escalation, and other interesting use cases. At the time of this publishing,…
Low Level CO 🇨🇴 pinned «Malware Just Got Its Free Passes Back! Moonwalk++ Bypasses EDR by Spoofing Windows Call Stacks #malware_development #edr_bypass #edr_evasion #maldev #malwaredev @ZwLowLevel https://klezvirus.github.io/posts/Moonwalk-plus-plus/»
COM BypassUAC - Reflective DLL Injection
Windows UAC bypass tool using the DLL injection technique. It loads the DLL entirely from memory without touching the disk.
Windows UAC bypass tool using the DLL injection technique. It loads the DLL entirely from memory without touching the disk.
#maldev
#malware_development
#malwaredev
@ZwLowLevel
GitHub
GitHub - Masteryxy/CMSTPLua-Reflective-UAC-Bypass: Windows UAC bypass tool using the DLL injection technique. It loads the DLL…
Windows UAC bypass tool using the DLL injection technique. It loads the DLL entirely from memory without touching the disk. - Masteryxy/CMSTPLua-Reflective-UAC-Bypass
Forwarded from 1N73LL1G3NC3
ESC1-unPAC (BOF)
A Beacon Object File (BOF) that performs the complete ESC1 attack chain in a single execution: certificate request with arbitrary SAN (+SID), PKINIT authentication, and NT hash extraction via UnPAC-the-hash.
A Beacon Object File (BOF) that performs the complete ESC1 attack chain in a single execution: certificate request with arbitrary SAN (+SID), PKINIT authentication, and NT hash extraction via UnPAC-the-hash.
Forwarded from HyperDbg News & Updates
We'll be at #FOSDEM 2026 in Brussels (January 31-February 1) with talks in the Security, Virtualization, and Cloud Infrastructure rooms about the HyperDbg debugger.
More info:
- https://fosdem.org/2026/schedule/event/mbec_slat_and_hyperdbg_hypervisor-based_kernel-_and_user-mode_debugging/
- https://fosdem.org/2026/schedule/event/invisible_hypervisors_debugging_with_hyperdbg/
#FOSDEM2026
More info:
- https://fosdem.org/2026/schedule/event/mbec_slat_and_hyperdbg_hypervisor-based_kernel-_and_user-mode_debugging/
- https://fosdem.org/2026/schedule/event/invisible_hypervisors_debugging_with_hyperdbg/
#FOSDEM2026
Choose Your Fighter: A New Stage in the Evolution of Android SMS Stealers in Uzbekistan
#malware_analysis
@ZwLowLevel
Group-IB
Choose Your Fighter: A New Stage in the Evolution of Android SMS Stealers in Uzbekistan
Group-IB analyzes the evolution of Android malware in Uzbekistan, revealing advanced droppers, encrypted payload delivery, anti-analysis techniques, and Wonderland’s bidirectional SMS-stealing capabilities driving large-scale financial fraud.
Rehabilitating Registry Tradecraft with RegRestoreKey
Next Generation
Endpoint Security
Next Generation
Endpoint Security
#edr_evasion
#edr_bypass
@ZwLowLevel
https://www.originhq.com/blog/rehabilitating-registry-tradecraft-with-regrestorekey
Origin
Origin | Next Generation Endpoint Security
Enabling you to safely give AI agents the permissions they need, so they can give you the productivity you demand.
Low Level CO 🇨🇴 pinned «Rehabilitating Registry Tradecraft with RegRestoreKey Next Generation Endpoint Security #edr_evasion #edr_bypass @ZwLowLevel https://www.originhq.com/blog/rehabilitating-registry-tradecraft-with-regrestorekey»
macOS Internals Explained: A Dive into the Operating System’s Architecture
#macos_internals
#os_internals
@ZwLowLevel
https://hackmag.com/security/macos-tech-overview
In-depth analysis of Windows VTL mechanism & IUM process
#windows_internals
#windows_security
@ZwLowLevel
https://research.qianxin.com/archives/2556
Thinking Outside The Box [dusted off draft from 2017]
#exploitation
#reverse_engineering
@ZwLowLevel
https://projectzero.google/2025/12/thinking-outside-the-box.html
Buffer Overflows Explained (Hacking Memory)!
#exploitation
#binary_exploitation
@ZwLowLevel
https://www.youtube.com/watch?v=4jHmvs3kWSo
YouTube
Buffer Overflows Explained (Hacking Memory)!
Buffer Overflows Explained: The Visual Guide (No BS)
Sorry for long intro!
Hello Hackers
Welcome To Hacker Joe Channel. Joe is here, I'm all about helping you to know the best and most amazing things about hacking.
it's not just about video creation...…
Sorry for long intro!
Hello Hackers
Welcome To Hacker Joe Channel. Joe is here, I'm all about helping you to know the best and most amazing things about hacking.
it's not just about video creation...…
Forwarded from 🎅FSEC INTEL ES 2.0 📡 🏴☠️🎄
Banda criminal venezolana "Tren de Aragua" ataca cajeros automáticos usando Malware 🇺🇸🇻🇪
Según un informe del Departamento de Justicia de EEUU la banda criminal transnacional venezolana se encuentra pirateando cajeros automaticos dentro de los EEUU.
El Departamento de Justicia anunció el jueves dos acusaciones del gran jurado federal que acusan a 54 personas por su presunto papel en una campaña para desarrollar e implementar una variante del malware Ploutus, lo que les permite robar cientos de miles de dólares de cajeros automáticos en todo Estados Unidos.
Ploutus es un Malware desarrollado en C# y altamente obfuscado que apareció por primera vez en el año 2013 en México y desde entonces se fueron encontrando varias variantes, su ultima actividad se registro en el estado de Nebraska, EEUU en donde los miembros de la banda sustrajeron $79,200 de un cajero automático.
FUENTE:
https://therecord.media/doj-charges-gang-malware-ploutus
#mexico #eeuu #malware
Según un informe del Departamento de Justicia de EEUU la banda criminal transnacional venezolana se encuentra pirateando cajeros automaticos dentro de los EEUU.
El Departamento de Justicia anunció el jueves dos acusaciones del gran jurado federal que acusan a 54 personas por su presunto papel en una campaña para desarrollar e implementar una variante del malware Ploutus, lo que les permite robar cientos de miles de dólares de cajeros automáticos en todo Estados Unidos.
Ploutus es un Malware desarrollado en C# y altamente obfuscado que apareció por primera vez en el año 2013 en México y desde entonces se fueron encontrando varias variantes, su ultima actividad se registro en el estado de Nebraska, EEUU en donde los miembros de la banda sustrajeron $79,200 de un cajero automático.
FUENTE:
https://therecord.media/doj-charges-gang-malware-ploutus
#mexico #eeuu #malware
😁1
Forwarded from 1N73LL1G3NC3
boflink
Boflink is a tool designed to act as a sort of fill-in for the missing linking stage that comes with the BOF development process. It is a linker that takes unmodified object files generated by a compiler and links them together into a Beacon Object File capable of being loaded by a BOF loader.
Its main goal is to act as a bridge between the BOF development and the BOF loading process to help simplify them.
Blog: Boflink: A Linker For Beacon Object Files
Boflink is a tool designed to act as a sort of fill-in for the missing linking stage that comes with the BOF development process. It is a linker that takes unmodified object files generated by a compiler and links them together into a Beacon Object File capable of being loaded by a BOF loader.
Its main goal is to act as a bridge between the BOF development and the BOF loading process to help simplify them.
Blog: Boflink: A Linker For Beacon Object Files
Task Injection – Exploiting agency of autonomous AI agents
#exploitation
#llm_exploitation
@ZwLowLevel
https://bughunters.google.com/blog/4823857172971520/task-injection-exploiting-agency-of-autonomous-ai-agents
Google
Blog: Task Injection – Exploiting agency of autonomous AI agents
Check this post to find out what a Task Injection attack is, how this type of attack differs from Prompt Injection, and how it is particularly relevant to AI agents designed for a wide range of actions and tasks.
Windows_instrumentation_callback - Simple Tool for Observing System Calls
Implement the undocumented Process Instrumentation Callback in Windows x64 to intercept kernel-to-user mode transitions for enhanced execution integrity.
Implement the undocumented Process Instrumentation Callback in Windows x64 to intercept kernel-to-user mode transitions for enhanced execution integrity.
#windows_internals
#windows_kernel
@ZwLowLevel
https://github.com/dadde2006/windows_instrumentation_callback
GitHub
GitHub - dadde2006/windows_instrumentation_callback: 🛠️ Implement the undocumented Process Instrumentation Callback in Windows…
🛠️ Implement the undocumented Process Instrumentation Callback in Windows x64 to intercept kernel-to-user mode transitions for enhanced execution integrity. - dadde2006/windows_instrumentation_call...