Forwarded from Proxy Bar
From Automation to Infection (Part II):
*
Reverse Shells, Semantic Worms, and Cognitive Rootkits in OpenClaw Skills
*
Reverse Shells, Semantic Worms, and Cognitive Rootkits in OpenClaw Skills
They Got In Through SonicWall. Then They Tried to Kill Every Security Tool
#cyber_threat_intelligence
#cti
#malware_analysis
#cyber_threat_intelligence
#cti
#malware_analysis
🆔 @ZwLowLevel
Huntress
They Got In Through SonicWall. Then They Tried to Kill Every Security Tool | Huntress
Huntress responded to a 2026 intrusion using compromised SonicWall VPN credentials and a revoked EnCase forensic driver to terminate EDR processes via BYOVD.
Forwarded from W1R3L355
Kernel-Level Stealthy Observation of TTY Streams
https://blog.cybervelia.com/p/kernel-level-stealthy-observation-of-tty-streams
https://blog.cybervelia.com/p/kernel-level-stealthy-observation-of-tty-streams
Cybervelia
Kernel-Level Stealthy Observation of TTY Streams
TTY Subsystem Interposition for Covert Operations
nono: OS-Level
Isolation for AI Agents.
OS-enforced sandboxing for untrusted AI agents and processes.
#llm
#ai_agent
#ai_security
Isolation for AI Agents.
OS-enforced sandboxing for untrusted AI agents and processes.
#llm
#ai_agent
#ai_security
🆔 @ZwLowLevel
nono.sh
NONO - Secure Shell for AI Agents
OS-enforced capability sandbox for running untrusted AI agents. No escape hatch. Works with Claude, GPT, and any AI agent.
Low Level CO 🇨🇴 pinned «nono: OS-Level Isolation for AI Agents. OS-enforced sandboxing for untrusted AI agents and processes. #llm #ai_agent #ai_security 🆔 @ZwLowLevel»
GhostKatz
Dump LSASS via physical memory read primitives in vulnerable kernel drivers
#malwaredev
#malware_development
#maldev
Dump LSASS via physical memory read primitives in vulnerable kernel drivers
#malwaredev
#malware_development
#maldev
🆔 @ZwLowLevel
GitHub
GitHub - RainbowDynamix/GhostKatz: Dump LSASS via physical memory read primitives in vulnerable kernel drivers
Dump LSASS via physical memory read primitives in vulnerable kernel drivers - RainbowDynamix/GhostKatz
CustomDpapi
Calling the undocumented DPAPI RPC interface directly, no more calling public CryptUnprotectData!
#maldev
#malwaredev
#malware_development
Calling the undocumented DPAPI RPC interface directly, no more calling public CryptUnprotectData!
#maldev
#malwaredev
#malware_development
🆔 @ZwLowLevel
GitHub
GitHub - EvilBytecode/CustomDpapi: Calling the undocumented DPAPI RPC interface directly, no more calling public CryptUnprotectData!
Calling the undocumented DPAPI RPC interface directly, no more calling public CryptUnprotectData! - EvilBytecode/CustomDpapi
AI-assisted cloud intrusion achieves admin access in 8 minutes
Researchers demonstrated how an attacker could gain full AWS administrative access in just 8 minutes using AI-assisted automation. The attack began with credentials accidentally exposed in a public S3 bucket. An LLM was then used to rapidly analyze the environment, generate attack noscripts, and plan next steps in real time.
#cloud_hacking
#ai_powered
#cyber_threat_intelligence
#cti
Researchers demonstrated how an attacker could gain full AWS administrative access in just 8 minutes using AI-assisted automation. The attack began with credentials accidentally exposed in a public S3 bucket. An LLM was then used to rapidly analyze the environment, generate attack noscripts, and plan next steps in real time.
#cloud_hacking
#ai_powered
#cyber_threat_intelligence
#cti
🆔 @ZwLowLevel
Sysdig
AI-assisted cloud intrusion achieves admin access in 8 minutes | Sysdig
Sysdig TRT details a lightning-fast AWS attack where an AI-assisted threat actor gained admin access in under 10 minutes, abusing Lambda, IAM, Bedrock, and GPU instances.
APT28’s Stealthy Multi-Stage Campaign Leveraging CVE‑2026‑21509 and Cloud C2 Infrastructure
#malware_analysis
#binary_analysis
#cyber_threat_intelligence
#cti
#malware_analysis
#binary_analysis
#cyber_threat_intelligence
#cti
🆔 @ZwLowLevel
Trellix
APT28’s Stealthy Multi-Stage Campaign Leveraging CVE‑2026‑21509 and Cloud C2 Infrastructure
Russian state-sponsored threat group APT28 (aka Fancy Bear or UAC-0001) has launched a sophisticated espionage campaign targeting European military and government entities, specifically targeting maritime and transport organizations across Poland, Slovenia…
Understanding and Experimenting with Apple's PAC on iOS
#binary_exploitation
#reverse_engineering
#reversing
#mac_internals
#ios_internals
#binary_exploitation
#reverse_engineering
#reversing
#mac_internals
#ios_internals
🆔 @ZwLowLevel
blog.reversesociety.co
Understanding and Experimenting with Apple's PAC on iOS | Reverse Society
A hands-on exploration of Pointer Authentication Codes (PAC) on iOS. We'll understand how PAC works at a deep level, explore how PAC signing can be triggered programmatically.
Knife Cutting the Edge: Disclosing a China-nexus gateway-monitoring AitM framework
#malware_analysis
#binary_analysis
#cyber_threat_intelligence
#cti
#malware_analysis
#binary_analysis
#cyber_threat_intelligence
#cti
🆔 @ZwLowLevel
Cisco Talos
Knife Cutting the Edge: Disclosing a China-nexus gateway-monitoring AitM framework
Cisco Talos uncovered “DKnife,” a fully featured gateway-monitoring and adversary-in-the-middle (AitM) framework comprising seven Linux-based implants.
Bypassing KPP on Windows 11 25H2
KPP bypass with alternative syscall pipeline
#windows_internals
#windows_kernel
#kernel_patch_protection
KPP bypass with alternative syscall pipeline
#windows_internals
#windows_kernel
#kernel_patch_protection
🆔 @ZwLowLevel
GitHub
GitHub - HexilionLabs/AltSys: KPP bypass with alternative syscall pipeline
KPP bypass with alternative syscall pipeline. Contribute to HexilionLabs/AltSys development by creating an account on GitHub.