Registry Writes Without Registry Callbacks
This post explores a technique for establishing registry persistence and registry writes against HKCU at medium integrity without triggering registry callbacks.
This post explores a technique for establishing registry persistence and registry writes against HKCU at medium integrity without triggering registry callbacks.
#malware_development
#maldev
@ZwLowLevel
DeceptIQ
Registry Writes Without Registry Callbacks
Explore NTUSER.MAN, an overlooked Windows profile mechanism that allows registry persistence without triggering CmRegisterCallback EDR monitoring.
10,000 Lines of C, Real x86-64 Assembly for Critical Paths: Building Kernel-Level AI Security
#os_internals
#ai
@ZwLowLevel
DEV Community
10,000 Lines of C, Real x86-64 Assembly for Critical Paths: Building Kernel-Level AI Security
SENTINEL IMMUNE: syscall hooks in assembly, AVX2 SIMD pattern matching, DragonFlyBSD kernel module. Pure C/ASM, zero Python.
Machine Learning-Based Cybersecurity Solutions for Cloud Computing
Traditional signature-based security solutions detect known threats through pattern matching against databases of malware signatures and attack indicators. This approach fails against zero-day exploits, polymorphic malware employing code obfuscation, and advanced persistent threats (APTs) utilizing novel attack techniques.
Traditional signature-based security solutions detect known threats through pattern matching against databases of malware signatures and attack indicators. This approach fails against zero-day exploits, polymorphic malware employing code obfuscation, and advanced persistent threats (APTs) utilizing novel attack techniques.
#machine_learning
#llm
#reinforcement_learning
#ai
@ZwLowLevel
https://eudoxuspress.com/index.php/pub/article/view/4595/3409
Windows ARM64 Internals: Pardon The Interruption! Interrupts on Windows for ARM
#windows_internals
#windows_kernel
#arm64
#ring0
https://connormcgarr.github.io/windows-arm64-interrupts/
Out Of Control: How KCFG and KCET Redefine Control Flow Integrity in the Windows Kernel
#windows_kernel
#windows_internals
#ring_0
@ZwLowLevel
https://www.youtube.com/watch?v=LflYlvJ4vSU
YouTube
Out Of Control: How KCFG and KCET Redefine Control Flow Integrity in the Windows Kernel
Virtual Secure Mode, or VSM, on Windows marked the most significant leap in security innovation in quite some time, allowing the hypervisor to provide unprecedented protection to the Windows OS. With VSM features like Credential Guard, preventing in-memory…
US Invasion Plans Against Venezuela Explained
#venezuela
#maduro
@ZwLowLevel
https://www.youtube.com/watch?v=3n0HulTEDYI
YouTube
US Invasion Plans Against Venezuela Explained
#venezuela #caracas #usattackvenezuela
Why is the United States actively preparing for war in the Southern Caribbean
To answer that, we have to look at the massive reactivation of Cold War infrastructure that has been dormant for decades.
What is happening…
Why is the United States actively preparing for war in the Southern Caribbean
To answer that, we have to look at the massive reactivation of Cold War infrastructure that has been dormant for decades.
What is happening…
Forwarded from ARVIN
0day speedrun? OpenFlagr <= 1.1.18 Authentication Bypass
https://dreyand.rs/code%20review/golang/2026/01/03/0day-speedrun-openflagr-less-1118-authentication-bypass?x
https://dreyand.rs/code%20review/golang/2026/01/03/0day-speedrun-openflagr-less-1118-authentication-bypass?x
DreyAnd’s Web Security Blog
0day speedrun? OpenFlagr <= 1.1.18 Authentication Bypass
A detailed 0day speedrun uncovering an authentication bypass in OpenFlagr ≤ 1.1.18. Root cause analysis, exploitation path, impact assessment, and remediation.
Sliver C2 — Comprehensive Cyber Threat Intelligence Brief
#cyber_threat_intelligence
#cti
#malware_analysis
@ZwLowLevel
0Xadroit
Sliver C2 — Comprehensive Cyber Threat Intelligence Brief
A comprehensive threat intelligence analysis of Sliver C2 framework, including MITRE ATT&CK mapping, indicators of compromise, detection rules, and defensive recommendations for security teams.
Sleak Crypter
Sleak Crypter is a simple obfuscate tool that allows you to encrypt and obfuscate your files.
Sleak Crypter is a simple obfuscate tool that allows you to encrypt and obfuscate your files.
#malware_development
#malwaredev
#maldev
@ZwLowLevel
FsquirtCPLPoC
Fsquirt.exe is a windows binary attempts to load a Control Panel applet (CPL) called bthprops.cpl from its current working directory. When bthprops.cpl is present alongside fsquirt.exe, the binary loads it and executes a MessageBox from DLLMain.#malware_development
#malwaredev
#maldev
@ZwLowLevel
https://github.com/mhaskar/FsquirtCPLPoC
Android Kernel Exploit CVE-2025-38352
1. In-the-wild Android Kernel Vulnerability Analysis + PoC
2. Extending The Race Window Without a Kernel Patch
3. Uncovering Chronomaly
1. In-the-wild Android Kernel Vulnerability Analysis + PoC
2. Extending The Race Window Without a Kernel Patch
3. Uncovering Chronomaly
#android_internals
#exploit_development
@ZwLowLevel
faith2dxy.xyz
CVE-2025-38352 (Part 1) - In-the-wild Android Kernel Vulnerability Analysis + PoC
Part 1 (This blog post) - In-the-wild Android Kernel Vulnerability Analysis + PoC Part 2 - Extending The Race Window Without a Kernel Patch CVE-2025-38352 was a…
Forwarded from Order of Six Angles
deep dive into an electronic detection and response system deployed by China’s security agencies
https://netaskari.substack.com/p/chinas-guardian-of-secrets
https://netaskari.substack.com/p/chinas-guardian-of-secrets
Substack
China's guardian of secrets: 保密管理系统
NetAskari got exclusive access to internal software used by Chinese security agencies to control data leakage from the internal government network.