HeapHunter
A unique technique that leverages the inner working of C++, specifically Pure Virtual Functions and Abstract Classes, to hijack AMSI without patching any RX in a .text section memory.
A unique technique that leverages the inner working of C++, specifically Pure Virtual Functions and Abstract Classes, to hijack AMSI without patching any RX in a .text section memory.
#malware_development
#malwaredev
#amsi_bypass
@ZwLowLevel
https://github.com/Yair-Men/HeapHunter
GitHub
GitHub - Yair-Men/HeapHunter: Unique technique for bypassing AMSI
Unique technique for bypassing AMSI. Contribute to Yair-Men/HeapHunter development by creating an account on GitHub.
To sign or not to sign: Practical vulnerabilities in GPG & friends
#binary_exploitation
#exploitation
@ZwLowLevel
https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i#t=146
media.ccc.de
To sign or not to sign: Practical vulnerabilities in GPG & friends
Might contain zerodays. https://gpg.fail/
From secure communications to software updates: PGP implementations such as *GnuPG* ubiquitous...
From secure communications to software updates: PGP implementations such as *GnuPG* ubiquitous...
Petlibro: Your Pet Feeder Is Feeding Data To Anyone Who Asks
This is the big one. Their social login API at
This is the big one. Their social login API at
/member/auth/thirdLogin doesn't verify OAuth tokens. It just accepts an email and a Google ID directly from the client.#web_security
#pentesting_web
@ZwLowLevel
https://bobdahacker.com/blog/petlibro
Bobdahacker
Petlibro: Your Pet Feeder Is Feeding Data To Anyone Who Asks
How I found critical vulnerabilities in Petlibro smart pet feeders allowing complete account takeover via broken OAuth, access to anyone's pet data, device hijacking, and private audio recordings - and how they're still leaving the auth bypass active for…
Have you tried turning it off and on again?
The article explains why the classic advice “turn it off and on again” is still effective in modern computing. It argues that software failures are inevitable due to system complexity, and restarting often clears temporary states, bugs, or resource issues. Rather than treating this as a weakness, the author suggests that software should be designed to fail gracefully and make recovery — such as restarting or reinstalling — simple and reliable.
The article explains why the classic advice “turn it off and on again” is still effective in modern computing. It argues that software failures are inevitable due to system complexity, and restarting often clears temporary states, bugs, or resource issues. Rather than treating this as a weakness, the author suggests that software should be designed to fail gracefully and make recovery — such as restarting or reinstalling — simple and reliable.
@ZwLowLevel
https://eblog.fly.dev/onoff.html
DNGerousLINK: A Deep Dive into WhatsApp 0-Click Exploits on iOS and Samsung Devices
The spyware attack targeting WhatsApp, disclosed in August as an in-the-wild exploit, garnered significant attention. By simply knowing a victim's phone number, an attacker could launch a remote, zero-interaction attack against the WhatsApp application on Apple devices, including iPhones, iPads, and Macs. Subsequent reports indicated that WhatsApp on Samsung devices was also targeted by similar exploits.
The spyware attack targeting WhatsApp, disclosed in August as an in-the-wild exploit, garnered significant attention. By simply knowing a victim's phone number, an attacker could launch a remote, zero-interaction attack against the WhatsApp application on Apple devices, including iPhones, iPads, and Macs. Subsequent reports indicated that WhatsApp on Samsung devices was also targeted by similar exploits.
#binary_exploitation
#exploitation
#android_malware
@ZwLowLevel
https://media.ccc.de/v/39c3-dngerouslink-a-deep-dive-into-whatsapp-0-click-exploits-on-ios-and-samsung-devices
media.ccc.de
DNGerousLINK: A Deep Dive into WhatsApp 0-Click Exploits on iOS and Samsung Devices
The spyware attack targeting WhatsApp, disclosed in August as an in-the-wild exploit, garnered significant attention. By simply knowing a...
Bypassing Windows Defender during Christmas 2025 🎄 — Shellcode loader with Alternate Data Stream
#malwaredev
#malware_development
#maldev
#edr_bypass
#edr_evasion
@ZwLowLevel
Medium
Bypassing Windows Defender during Christmas 2025: Shellcode loader with Alternate Data Stream
In this article, we will demonstrate how to weaponize this native NTFS feature to build a functional and discreet shellcode loader.
Malware development trick 55: enum process via NtQuerySystemInformation. Simple C example.
#malware_development
#maldev
#malwaredev
@ZwLowlevel
https://cocomelonc.github.io/malware/2025/12/25/malware-tricks-55.html
cocomelonc
Malware development trick 55: enum process via NtQuerySystemInformation. Simple C example.
﷽
Una buena plataforma para poner a prueba tus habilidades de RE & Malware Analysis.
https://malops.io/
https://malops.io/
🥰1
Thread Name Calling Injection
This technique abuses Windows APIs originally designed for setting and retrieving thread names (denoscriptions) to inject shellcode or load DLLs into a remote process.
This technique abuses Windows APIs originally designed for setting and retrieving thread names (denoscriptions) to inject shellcode or load DLLs into a remote process.
#malware_development
#malwaredev
#maldev
@ZwLowLevel
🔥1
Forwarded from Sec Note
Analyzing Avast AV: Kernel Hooking and Driver Reverse Engineering
👾Presentation Video
Blog:
https://binary-win.github.io/2025/12/27/AVAST-Kernel-Hooks-and-AV-ANALYSIS.html
👾Presentation Video
Blog:
https://binary-win.github.io/2025/12/27/AVAST-Kernel-Hooks-and-AV-ANALYSIS.html
👏1😱1
Time Traveling Exploitation: Remote Code Execution in a 10.000 Day Old Game Protocol
#reverse_engineering
#reversing
@ZwLowLevel
https://youtu.be/7dXaGKF-73Y?si=MUMcmGFiPquAXMGw=MUMcmGFiPquAXMGw
YouTube
Time Traveling Exploitation: Remote Code Execution in a 10,000 Day Old Game Protocol - Riley Kidd
BSides Canberra 2025
Hacking washing machines
#os_internals
#reverse_engineering
#reversing
@ZwLowLevel
https://media.ccc.de/v/39c3-hacking-washing-machines
media.ccc.de
Hacking washing machines
Almost everyone has a household appliance at home, whether it's a washing machine, dishwasher, or dryer. Despite their ubiquity, little i...
EDR Jammer: Bypassing security mechanisms through the Windows Filtering Platform
#edr_bypass
#edr_evasion
@ZwLowLevel
https://hackmag.com/security/wfp-bypass
HackMag
EDR Jammer: Bypassing security mechanisms through the Windows Filtering Platform
Tech magazine for cybersecurity specialists
Prompt poaching runs rampant in extensions
Similarweb, a popular browser extensions with 1,000,000+ users, is actively monitoring and collecting data from AI tools transmitting your prompts, responses, and other metadata for web analytics. Prompt Poaching is a technique growing in popularity in which extensions capture and exfiltrate conversations you have with AI.
Similarweb, a popular browser extensions with 1,000,000+ users, is actively monitoring and collecting data from AI tools transmitting your prompts, responses, and other metadata for web analytics. Prompt Poaching is a technique growing in popularity in which extensions capture and exfiltrate conversations you have with AI.
#offtopic
@ZwLowLevel
https://secureannex.com/blog/prompt-poaching
Secure Annex
Prompt poaching runs rampant in extensions
Web analytics companies are using browser extensions to monetize your most private thoughts