Knife Cutting the Edge: Disclosing a China-nexus gateway-monitoring AitM framework
#malware_analysis
#binary_analysis
#cyber_threat_intelligence
#cti
#malware_analysis
#binary_analysis
#cyber_threat_intelligence
#cti
🆔 @ZwLowLevel
Cisco Talos
Knife Cutting the Edge: Disclosing a China-nexus gateway-monitoring AitM framework
Cisco Talos uncovered “DKnife,” a fully featured gateway-monitoring and adversary-in-the-middle (AitM) framework comprising seven Linux-based implants.
Bypassing KPP on Windows 11 25H2
KPP bypass with alternative syscall pipeline
#windows_internals
#windows_kernel
#kernel_patch_protection
KPP bypass with alternative syscall pipeline
#windows_internals
#windows_kernel
#kernel_patch_protection
🆔 @ZwLowLevel
GitHub
GitHub - HexilionLabs/AltSys: KPP bypass with alternative syscall pipeline
KPP bypass with alternative syscall pipeline. Contribute to HexilionLabs/AltSys development by creating an account on GitHub.
Bypassing Kernel Code Execution: A Data-Only SSDT Hijack Under VBS/HVCI, but how?
#windows_internals
#windows_kernel
#windows_exploitation
#windows_internals
#windows_kernel
#windows_exploitation
🆔 @ZwLowLevel
Exploit Pack
Bypassing Kernel Code Execution: A Data-Only SSDT Hijack Under VBS/HVC
By Juan Sacco (Linkedin) founder of https://exploitpack.com I have always been interested in Windows Kernel Exploitation, but this one was indeed a challenge! VBS/HVCI protections, are without doubts an awesome piece of technology by itself. First, let's…
We hid backdoors in binaries — Opus 4.6 found 49% of them
#reverse_engineering
#reversing
#binary_analysis
#reverse_engineering
#reversing
#binary_analysis
🆔 @ZwLowLevel
Quesma
We hid backdoors in binaries — Opus 4.6 found 49% of them - Quesma Blog
BinaryAudit benchmarks AI agents using Ghidra to find backdoors in compiled binaries of real open-source servers, proxies, and network infrastructure.
PANIX Persistence against *NIX
Customizable Linux Persistence Tool for Security Research and Detection Engineering.
#malwaredev
#malware_development
#linux_malware
Customizable Linux Persistence Tool for Security Research and Detection Engineering.
#malwaredev
#malware_development
#linux_malware
🆔 @ZwLowLevel
🥶 ColdWer
Cobalt Strike BOF to freeze EDR/AV processes and dump LSASS using WerFaultSecure.exe PPL bypass
#edr_bypass
#edr_evasion
Cobalt Strike BOF to freeze EDR/AV processes and dump LSASS using WerFaultSecure.exe PPL bypass
#edr_bypass
#edr_evasion
🆔 @ZwLowLevel
GitHub
GitHub - 0xsh3llf1r3/ColdWer: Cobalt Strike BOF to freeze EDR/AV processes and dump LSASS using WerFaultSecure.exe PPL bypass
Cobalt Strike BOF to freeze EDR/AV processes and dump LSASS using WerFaultSecure.exe PPL bypass - 0xsh3llf1r3/ColdWer
Forwarded from Proxy Bar
Inside Gunra RaaS: From Affiliate Recruitment on the Dark Web to Full Technical Dissection of their Locker
#malware_analysis
#binary_analysis
#cyber_threat_intelligence
#cti
#malware_analysis
#binary_analysis
#cyber_threat_intelligence
#cti
🆔 @ZwLowLevel
Cloudsek
Inside Gunra RaaS: From Affiliate Recruitment on the Dark Web to Full Technical Dissection of their Locker | CloudSEK
CloudSEK researchers infiltrated Gunra’s newly launched RaaS affiliate program, gaining access to its live panel and ransomware locker. Our analysis reveals a highly optimized ChaCha20 + RSA-4096 hybrid encryption engine, multi-threaded execution, surgical…
Intego X9: When your macOS antivirus becomes your enemy
#macos_internals
#os_internals
#cyber_threat_intelligence
#macos_internals
#os_internals
#cyber_threat_intelligence
🆔 @ZwLowLevel
Quarkslab
Intego X9: When your macOS antivirus becomes your enemy - Quarkslab's blog
This blog post dives into the most common classes of macOS Local Privilege Escalation vulnerabilities, from time-of-check to time-of-use (TOCTOU) Race Conditions and insecure XPC communications to a range of implementation and configuration oversights. We…