Building Own MCP - Augmented LLM for Threat Hunting
https://tierzerosecurity.co.nz/2025/04/29/mcp-llm.html
https://tierzerosecurity.co.nz/2025/04/29/mcp-llm.html
Tier Zero Security
Information Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team
GRUB2-based Bootkit: New Malware Threat Suspected to be Linked to the NSA's Equation Group
https://mp.weixin.qq.com/s/TgSWYEbkV0dq-ukNDUESOA?poc_token=HGTYEWijnsqGF-W1hh98Ok6OCoyWOjx7MnHYbUMp
https://mp.weixin.qq.com/s/TgSWYEbkV0dq-ukNDUESOA?poc_token=HGTYEWijnsqGF-W1hh98Ok6OCoyWOjx7MnHYbUMp
Tracing and Manipulating Anti-Analysis Techniques with DynamoRIO
https://0xreverse.com/tracing-and-manipulating-anti-analysis-techniques-with-dynamorio
https://0xreverse.com/tracing-and-manipulating-anti-analysis-techniques-with-dynamorio
0xReverse
Tracing and Manipulating Anti-Analysis Techniques with DynamoRIO
This is a post of mine from an old blog (vx.zone). It has been revised again just for 0xReverse.
Introduction
In this blog post, I’ll explain how to trace and manipulate a program with DynamoRIO. I’ll use a simple program to explain the concepts (Sou...
Introduction
In this blog post, I’ll explain how to trace and manipulate a program with DynamoRIO. I’ll use a simple program to explain the concepts (Sou...
iOS 18.5 Beta 4(and below) MobileCoreService persistence exploit
https://github.com/seanistethered/EvilWorkspace
https://github.com/seanistethered/EvilWorkspace
GitHub
GitHub - cr4zyengineer/EvilWorkspace: iOS 18.5 Beta 4(and below) MobileCoreService persistence exploit. Discovered by me!
iOS 18.5 Beta 4(and below) MobileCoreService persistence exploit. Discovered by me! - cr4zyengineer/EvilWorkspace
Breaking the Sound Barrier Part I: Fuzzing CoreAudio with Mach Messages
https://googleprojectzero.blogspot.com/2025/05/breaking-sound-barrier-part-i-fuzzing.html
https://googleprojectzero.blogspot.com/2025/05/breaking-sound-barrier-part-i-fuzzing.html
Blogspot
Breaking the Sound Barrier Part I: Fuzzing CoreAudio with Mach Messages
Guest post by Dillon Franke, Senior Security Engineer , 20% time on Project Zero Every second, highly-privileged MacOS system daemons...
Malware Development Tutorial: Bypassing Windows Defender With This EASY Technique
https://www.youtube.com/watch?v=CSt5wcvNjBU
https://www.youtube.com/watch?v=CSt5wcvNjBU
YouTube
Malware Development Tutorial: Bypassing Windows Defender With This EASY Technique
Malware Development Tutorial: Bypassing Windows Defender with SMB Staging
In this step-by-step malware development tutorial, you’ll discover how to bypass Windows Defender using a powerful technique called SMB staging. By delivering shellcode over a remote…
In this step-by-step malware development tutorial, you’ll discover how to bypass Windows Defender using a powerful technique called SMB staging. By delivering shellcode over a remote…
ManuFuzzer is an LLVM-based binary, coverage-guided fuzzing framework for macOS
https://github.com/ant4g0nist/ManuFuzzer
https://github.com/ant4g0nist/ManuFuzzer
GitHub
GitHub - ant4g0nist/ManuFuzzer: Binary code-coverage fuzzer for macOS, based on libFuzzer and LLVM
Binary code-coverage fuzzer for macOS, based on libFuzzer and LLVM - ant4g0nist/ManuFuzzer
1day practice - Escape macOS sandbox (partial) using RemoteViewServices
https://github.com/wh1te4ever/CVE-2025-31258-PoC
https://www.youtube.com/watch?v=GlReVUh_4W4
https://github.com/wh1te4ever/CVE-2025-31258-PoC
https://www.youtube.com/watch?v=GlReVUh_4W4
GitHub
GitHub - wh1te4ever/CVE-2025-31258-PoC: 1day practice - Escape macOS sandbox (partial) using RemoteViewServices
1day practice - Escape macOS sandbox (partial) using RemoteViewServices - wh1te4ever/CVE-2025-31258-PoC
XINTRA Writeup.
This lab emulates a targeted intrusion aligned with Mustang Panda’s TTPs — leveraging spear-phishing, DLL sideloading, and C2 over Dropbox to steal sensitive diplomatic data.
https://cham1ndux.github.io/posts/Mustand-Panda-APT-Analysis/
This lab emulates a targeted intrusion aligned with Mustang Panda’s TTPs — leveraging spear-phishing, DLL sideloading, and C2 over Dropbox to steal sensitive diplomatic data.
https://cham1ndux.github.io/posts/Mustand-Panda-APT-Analysis/
ChamX
Council of Tropical Affairs APT-Inspired Threat Hunting Walkthrough
The Threat Actor in focus is Mustang Panda a.k.a. Stately Taurus, a well-documented Chinese APT group known for cyber-espionage campaigns targeting governments, NGOs, and political entities across Southeast Asia. This lab emulates a targeted intrusion aligned…
Fuzzing Windows Defender with loadlibrary in 2025
https://scrapco.de/blog/fuzzing-windows-defender-with-loadlibrary-in-2025.html
https://scrapco.de/blog/fuzzing-windows-defender-with-loadlibrary-in-2025.html
scrapco.de
Lingua Diabolis | Fuzzing Windows Defender with loadlibrary in 2025
Improving AFD Socket Visibility for Windows Forensics & Troubleshooting
https://www.huntandhackett.com/blog/improving_afd_socket_visibility
https://www.huntandhackett.com/blog/improving_afd_socket_visibility
Huntandhackett
Improving AFD Socket Visibility for Windows Forensics & Troubleshooting
This blog post explains the basics of Ancillary Function Driver API and how it can help explore networking activity on Windows systems.
Eclipse on Next.js: Conditioned exploitation of an intended race-condition
https://zhero-web-sec.github.io/research-and-things/eclipse-on-nextjs-conditioned-exploitation-of-an-intended-race-condition
https://zhero-web-sec.github.io/research-and-things/eclipse-on-nextjs-conditioned-exploitation-of-an-intended-race-condition
zhero_web_security
Eclipse on Next.js: Conditioned exploitation of an intended race-condition
CVE-2025-32421