The COM: Anatomy of an English-Speaking Cybercriminal Ecosystem And The Origins of Scattered Lapsus$ Hunters
#cyber_threat_intelligence
#cti
#threat_hunting
@ZwLowLevel
Cloudsek
The COM: Anatomy of an English-Speaking Cybercriminal Ecosystem And The Origins of Scattered Lapsus$ Hunters | CloudSEK
Over the past decade, the English-speaking cybercriminal ecosystem commonly referred to as “The COM” has undergone a profound transformation. What began as a niche subculture centered on the trading of what is called “OG Usernames (original gangster)”
DumpChromeSecrets
Extract data from modern Chrome versions, including refresh tokens, cookies, saved credentials, autofill data, browsing history, and bookmarks.
Extract data from modern Chrome versions, including refresh tokens, cookies, saved credentials, autofill data, browsing history, and bookmarks.
#offensive_tool
#red_team
@ZwLowLevel
Fake Leonardo DiCaprio Movie Torrent Drops Agent Tesla Through Layered PowerShell Chain
#malware_spreading
#malware_campaing
#malware_analysis
@ZwLowLevel
https://www.bitdefender.com/en-us/blog/labs/fake-leonardo-dicaprio-movie-torrent-agent-tesla-powershell
Bitdefender Labs
Fake Leonardo DiCaprio Movie Torrent Drops Agent Tesla Through Layered PowerShell Chain
Bitdefender researchers investigate a complex infection chain embedded in a fake movie torrent for One Battle After Another.
Reverse Engineering a TP-Link Router: Getting Root Access via UART Protocol
#firmware_analysis
#firmware_hacking
#reverse_engineering
@ZwLowLevel
Medium
Reverse Engineering a TP-Link Router: Getting Root Access via UART Protocol
UART, this is the main topic for today. UART protocol stands for Universal Asynchronous Receiver/Transmitter (UART). This is the protocol…
Battling The Eye: Exploring the Anti-Cheat Techniques of BattlEye
#windows_internals
#kernel_callbacks
#reverse_engineering
#anti_cheat
@ZwLowLevel
https://dl.acm.org/doi/epdf/10.1145/3733817.3762701
Indirect Syscall + Google Gemini AI = Bypass Microsoft Defender.
#edr_bypass
#edr_evasion
#malware_development
#maldev
@ZwLowLevel
https://youtu.be/Qhk2JEuWj2k?si=sZcJu6MLIInWVRTc
YouTube
Indirect Syscall + Google Gemini AI = Windows Defender Bypass (Merry Christmas)
Be better than yesterday -
Revisiting an old video published approximately 8 months ago and it was being picked up by Windows Defender. This video demonstrates a quick and straight-forward XOR encryption/decryption routine to supplement the shellcode loader…
Revisiting an old video published approximately 8 months ago and it was being picked up by Windows Defender. This video demonstrates a quick and straight-forward XOR encryption/decryption routine to supplement the shellcode loader…
VectoredOverloading in Rust
It works by manipulating the load of a legitimate DLL using Hardware Breakpoints (HWBP) and Vectored Exception Handling (VEH) to change the DLL section object on-the-fly.
It works by manipulating the load of a legitimate DLL using Hardware Breakpoints (HWBP) and Vectored Exception Handling (VEH) to change the DLL section object on-the-fly.
#malware_development
#maldev
#malwaredev
@ZwLowLevel
https://github.com/Whitecat18/Rust-for-Malware-Development/tree/main/VectoredOverloading
GitHub
Rust-for-Malware-Development/VectoredOverloading at main · Whitecat18/Rust-for-Malware-Development
Rust for malware Development is a repository for advanced Red Team techniques and offensive malwares & Ransomwares, focused on Rust 🦀 - Whitecat18/Rust-for-Malware-Development
How phishing spreads malware against Ukraine
This article looks at a new wave of threats linked to a service-based model for distributing malware, which is already being used against Ukrainian organizations.
This article looks at a new wave of threats linked to a service-based model for distributing malware, which is already being used against Ukrainian organizations.
#malware_spreading
#malware_campaing
#malware_analysis
@ZwLowLevel
HackYourMom
How phishing spreads malware against Ukraine - HackYourMom
Forwarded from Source Byte
Backdoor code found in Trust Wallet browser extension, causing theft of tens of millions of dollars in assets
A new backdoor code was added to version 2.68 of the Trust Wallet cryptocurrency wallet's browser extension, which sends users' mnemonic phrases to attacker servers. Due to the automatic update mechanism, the impact was widespread. On Christmas Day, December 25th, attackers began transferring funds, and according to current estimates, more than tens of millions of dollars in assets have been stolen. The latest version 2.69 has now removed the backdoor code.
🔥1
Microsoft Is Finally Killing RC4
https://www.schneier.com/blog/archives/2025/12/microsoft-is-finally-killing-rc4.html
https://www.microsoft.com/en-us/windows-server/blog/2025/12/03/beyond-rc4-for-windows-authentication
Schneier on Security
Microsoft Is Finally Killing RC4 - Schneier on Security
After twenty-six years, Microsoft is finally upgrading the last remaining instance of the encryption algorithm RC4 in Windows. of the most visible holdouts in supporting RC4 has been Microsoft. Eventually, Microsoft upgraded Active Directory to support the…
CVE-2025-7771: Exploiting a Signed Kernel Driver in a Red Team Operation
#exploit_development
#windows_internals
#windows_kernel
@ZwLowLevel
https://xavibel.com/2025/12/22/using-vulnerable-drivers-in-red-team-exercises/
Inyección de Shellcode en Windows: Guía Práctica Paso a Paso
Guia práctica en español para entender los fundamentos de la inyección de procesos en Windows.
Guia práctica en español para entender los fundamentos de la inyección de procesos en Windows.
#malware_development
#maldev
#malwaredev
@ZwLowLevel
MalGhost
Inyección de Shellcode en Windows: Guía Práctica Paso a Paso | MalGhost
La inyección de shellcode es una de las técnicas fundamentales en investigación de seguridad y desarrollo de malware. Esta guía te proporcionará tanto el conocimiento teórico como las habilidades prácticas necesarias para dominar esta técnica.
Forwarded from Freedom Fox 🏴☠
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from 1N73LL1G3NC3
MongoBleed (CVE-2025-14847) - Unauthenticated Memory Leak PoC
A flaw in the zlib library enables attackers to leak sensitive data from MongoDB servers, the attacker can send the payload, without authentication, as the bug is exploited on the network level.
Attackers can exploit this to extract sensitive information from MongoDB servers, including user information, passwords, API keys and more. Although the attacker might need to send a large amount of requests to gather the full database, and some data might be meaningless, the more time an attacker has the more information could be gathered.
Blog: https://www.ox.security/blog/attackers-could-exploit-zlib-to-exfiltrate-data-cve-2025-14847/
Dork:
Affected versions:
A flaw in the zlib library enables attackers to leak sensitive data from MongoDB servers, the attacker can send the payload, without authentication, as the bug is exploited on the network level.
Attackers can exploit this to extract sensitive information from MongoDB servers, including user information, passwords, API keys and more. Although the attacker might need to send a large amount of requests to gather the full database, and some data might be meaningless, the more time an attacker has the more information could be gathered.
Blog: https://www.ox.security/blog/attackers-could-exploit-zlib-to-exfiltrate-data-cve-2025-14847/
Dork:
Shodan: product:"MongoDB"
HUNTER: product.name="MongoDB"
ZoomEye Dork: app="MongoDB"
Affected versions:
8.2.0 to 8.2.2
8.0.0 to 8.0.16
7.0.0 to 7.0.27
6.0.0 to 6.0.26
5.0.0 to 5.0.31
4.4.0 to 4.4.29
4.2.0 and later
4.0.0 and later
3.6.0 and later