CVE-2025-38352 - In-the-wild Android Kernel Vulnerability Analysis + PoC
#android_internals
#android_security
#ring_0
#ring0
@ZwLowLevel
faith2dxy.xyz
CVE-2025-38352 (Part 1) - In-the-wild Android Kernel Vulnerability Analysis + PoC
Part 1 (This blog post) - In-the-wild Android Kernel Vulnerability Analysis + PoC Part 2 - Extending The Race Window Without a Kernel Patch CVE-2025-38352 was a…
DynamoRIO
Dynamic Instrumentation Tool Platform
Dynamic Instrumentation Tool Platform
#binary_analysis
@ZwLowLevel
https://github.com/DynamoRIO/dynamorio
GitHub
GitHub - DynamoRIO/dynamorio: Dynamic Instrumentation Tool Platform
Dynamic Instrumentation Tool Platform. Contribute to DynamoRIO/dynamorio development by creating an account on GitHub.
Callback hell: abusing callbacks, tail-calls, and proxy frames to obfuscate the stack
#malwaredev
#maldev
#malware_development
@ZwLowLevel
https://klezvirus.github.io/posts/Callback-Hell/
klezVirus
Callback hell: abusing callbacks, tail-calls, and proxy frames to obfuscate the stack
Foreword
Is Unsafe the Original Sin? A Deep Dive into the First CVE After Rust Entered the Linux Kernel
#rust
#linux_kernel
@ZwLowLevel
DEV Community
Is Unsafe the Original Sin? A Deep Dive into the First CVE After Rust Entered the Linux Kernel
Prelude: A Predictable Controversy On December 16, 2025, a peculiar entry appeared in the...
Stealthy Windows audio-capture tool with UDP exfiltration and randomized transmission intervals, designed for evasion-focused Red Team operations.
#offensive_tool
#windows_security
@ZwLowLevel
https://github.com/Drew-Alleman/wiretap
🤯1
How I Reverse Engineered a Rust Botnet and Built a C2 Honeypot to Monitor Its Targets
#malware_analysis
@ZwLowLevel
Medium
How I Reverse Engineered a Rust Botnet and Built a C2 Honeypot to Monitor Its Targets
During routine threat hunting on my Beelzebub honeypot, I captured something unusual: a Rust-based DDoS bot with zero detections across all…
Privacy-Preserving Vaccination Checks: A Proof of Concept MPC Deployment with the Frankfurt Health Department
#security
#cryptography
@ZwLowLevel
https://sine.foundation/library/mpc-vaccination-check
Function Identification in ESP32 Firmware Using Ghidra FIDB
#reverse_engineering
#reversing
#firmware_analysis
@ZwLowLevel
https://www.tarlogic.com/blog/esp32-firmware-using-ghidra-fidb/
Tarlogic Security
Function Identification in ESP32 Firmware Using Ghidra FIDB
Learn how to reverse engineer ESP32 firmware faster using Ghidra FIDB and ESP-IDF to automate function identification
The Linux kernel is just a program
#linux_kernel
#linux_internals
#ring_0
@ZwLowLevel
https://serversfor.dev/linux-inside-out/the-linux-kernel-is-just-a-program/
serversfor.dev
The Linux kernel is just a program
Most books and courses introduce Linux through shell commands, leaving the kernel as a mysterious black box doing magic behind the scenes. In this post, we will run some experiments to demystify it: the Linux kernel is just a binary that you can build and…
Silver Fox Targeting India Using Tax Themed Phishing Lures
#malware_analysis
#malware_spreading
#malware_campaing
@ZwLowLevel
Cloudsek
Silver Fox Targeting India Using Tax Themed Phishing Lures | CloudSEK
CloudSEK's TRIAD reveals a critical campaign by the Chinese "Silver Fox" APT targeting Indian entities with authentic-looking Income Tax phishing lures. While previously misattributed to SideWinder, this sophisticated attack leverages a complex kill chain…
The COM: Anatomy of an English-Speaking Cybercriminal Ecosystem And The Origins of Scattered Lapsus$ Hunters
#cyber_threat_intelligence
#cti
#threat_hunting
@ZwLowLevel
Cloudsek
The COM: Anatomy of an English-Speaking Cybercriminal Ecosystem And The Origins of Scattered Lapsus$ Hunters | CloudSEK
Over the past decade, the English-speaking cybercriminal ecosystem commonly referred to as “The COM” has undergone a profound transformation. What began as a niche subculture centered on the trading of what is called “OG Usernames (original gangster)”