Rehabilitating Registry Tradecraft with RegRestoreKey
Next Generation
Endpoint Security
Next Generation
Endpoint Security
#edr_evasion
#edr_bypass
@ZwLowLevel
https://www.originhq.com/blog/rehabilitating-registry-tradecraft-with-regrestorekey
Origin
Origin | Next Generation Endpoint Security
Enabling you to safely give AI agents the permissions they need, so they can give you the productivity you demand.
Low Level CO 🇨🇴 pinned «Rehabilitating Registry Tradecraft with RegRestoreKey Next Generation Endpoint Security #edr_evasion #edr_bypass @ZwLowLevel https://www.originhq.com/blog/rehabilitating-registry-tradecraft-with-regrestorekey»
macOS Internals Explained: A Dive into the Operating System’s Architecture
#macos_internals
#os_internals
@ZwLowLevel
https://hackmag.com/security/macos-tech-overview
In-depth analysis of Windows VTL mechanism & IUM process
#windows_internals
#windows_security
@ZwLowLevel
https://research.qianxin.com/archives/2556
Thinking Outside The Box [dusted off draft from 2017]
#exploitation
#reverse_engineering
@ZwLowLevel
https://projectzero.google/2025/12/thinking-outside-the-box.html
Buffer Overflows Explained (Hacking Memory)!
#exploitation
#binary_exploitation
@ZwLowLevel
https://www.youtube.com/watch?v=4jHmvs3kWSo
YouTube
Buffer Overflows Explained (Hacking Memory)!
Buffer Overflows Explained: The Visual Guide (No BS)
Sorry for long intro!
Hello Hackers
Welcome To Hacker Joe Channel. Joe is here, I'm all about helping you to know the best and most amazing things about hacking.
it's not just about video creation...…
Sorry for long intro!
Hello Hackers
Welcome To Hacker Joe Channel. Joe is here, I'm all about helping you to know the best and most amazing things about hacking.
it's not just about video creation...…
Forwarded from 🎅FSEC INTEL ES 2.0 📡 🏴☠️🎄
Banda criminal venezolana "Tren de Aragua" ataca cajeros automáticos usando Malware 🇺🇸🇻🇪
Según un informe del Departamento de Justicia de EEUU la banda criminal transnacional venezolana se encuentra pirateando cajeros automaticos dentro de los EEUU.
El Departamento de Justicia anunció el jueves dos acusaciones del gran jurado federal que acusan a 54 personas por su presunto papel en una campaña para desarrollar e implementar una variante del malware Ploutus, lo que les permite robar cientos de miles de dólares de cajeros automáticos en todo Estados Unidos.
Ploutus es un Malware desarrollado en C# y altamente obfuscado que apareció por primera vez en el año 2013 en México y desde entonces se fueron encontrando varias variantes, su ultima actividad se registro en el estado de Nebraska, EEUU en donde los miembros de la banda sustrajeron $79,200 de un cajero automático.
FUENTE:
https://therecord.media/doj-charges-gang-malware-ploutus
#mexico #eeuu #malware
Según un informe del Departamento de Justicia de EEUU la banda criminal transnacional venezolana se encuentra pirateando cajeros automaticos dentro de los EEUU.
El Departamento de Justicia anunció el jueves dos acusaciones del gran jurado federal que acusan a 54 personas por su presunto papel en una campaña para desarrollar e implementar una variante del malware Ploutus, lo que les permite robar cientos de miles de dólares de cajeros automáticos en todo Estados Unidos.
Ploutus es un Malware desarrollado en C# y altamente obfuscado que apareció por primera vez en el año 2013 en México y desde entonces se fueron encontrando varias variantes, su ultima actividad se registro en el estado de Nebraska, EEUU en donde los miembros de la banda sustrajeron $79,200 de un cajero automático.
FUENTE:
https://therecord.media/doj-charges-gang-malware-ploutus
#mexico #eeuu #malware
😁1
Forwarded from 1N73LL1G3NC3
boflink
Boflink is a tool designed to act as a sort of fill-in for the missing linking stage that comes with the BOF development process. It is a linker that takes unmodified object files generated by a compiler and links them together into a Beacon Object File capable of being loaded by a BOF loader.
Its main goal is to act as a bridge between the BOF development and the BOF loading process to help simplify them.
Blog: Boflink: A Linker For Beacon Object Files
Boflink is a tool designed to act as a sort of fill-in for the missing linking stage that comes with the BOF development process. It is a linker that takes unmodified object files generated by a compiler and links them together into a Beacon Object File capable of being loaded by a BOF loader.
Its main goal is to act as a bridge between the BOF development and the BOF loading process to help simplify them.
Blog: Boflink: A Linker For Beacon Object Files
Task Injection – Exploiting agency of autonomous AI agents
#exploitation
#llm_exploitation
@ZwLowLevel
https://bughunters.google.com/blog/4823857172971520/task-injection-exploiting-agency-of-autonomous-ai-agents
Google
Blog: Task Injection – Exploiting agency of autonomous AI agents
Check this post to find out what a Task Injection attack is, how this type of attack differs from Prompt Injection, and how it is particularly relevant to AI agents designed for a wide range of actions and tasks.
Windows_instrumentation_callback - Simple Tool for Observing System Calls
Implement the undocumented Process Instrumentation Callback in Windows x64 to intercept kernel-to-user mode transitions for enhanced execution integrity.
Implement the undocumented Process Instrumentation Callback in Windows x64 to intercept kernel-to-user mode transitions for enhanced execution integrity.
#windows_internals
#windows_kernel
@ZwLowLevel
https://github.com/dadde2006/windows_instrumentation_callback
GitHub
GitHub - dadde2006/windows_instrumentation_callback: 🛠️ Implement the undocumented Process Instrumentation Callback in Windows…
🛠️ Implement the undocumented Process Instrumentation Callback in Windows x64 to intercept kernel-to-user mode transitions for enhanced execution integrity. - dadde2006/windows_instrumentation_call...
CVE-2025-38352 - In-the-wild Android Kernel Vulnerability Analysis + PoC
#android_internals
#android_security
#ring_0
#ring0
@ZwLowLevel
faith2dxy.xyz
CVE-2025-38352 (Part 1) - In-the-wild Android Kernel Vulnerability Analysis + PoC
Part 1 (This blog post) - In-the-wild Android Kernel Vulnerability Analysis + PoC Part 2 - Extending The Race Window Without a Kernel Patch CVE-2025-38352 was a…
DynamoRIO
Dynamic Instrumentation Tool Platform
Dynamic Instrumentation Tool Platform
#binary_analysis
@ZwLowLevel
https://github.com/DynamoRIO/dynamorio
GitHub
GitHub - DynamoRIO/dynamorio: Dynamic Instrumentation Tool Platform
Dynamic Instrumentation Tool Platform. Contribute to DynamoRIO/dynamorio development by creating an account on GitHub.
Callback hell: abusing callbacks, tail-calls, and proxy frames to obfuscate the stack
#malwaredev
#maldev
#malware_development
@ZwLowLevel
https://klezvirus.github.io/posts/Callback-Hell/
klezVirus
Callback hell: abusing callbacks, tail-calls, and proxy frames to obfuscate the stack
Foreword
Is Unsafe the Original Sin? A Deep Dive into the First CVE After Rust Entered the Linux Kernel
#rust
#linux_kernel
@ZwLowLevel
DEV Community
Is Unsafe the Original Sin? A Deep Dive into the First CVE After Rust Entered the Linux Kernel
Prelude: A Predictable Controversy On December 16, 2025, a peculiar entry appeared in the...
Stealthy Windows audio-capture tool with UDP exfiltration and randomized transmission intervals, designed for evasion-focused Red Team operations.
#offensive_tool
#windows_security
@ZwLowLevel
https://github.com/Drew-Alleman/wiretap
🤯1