BYOVD to the next level (part 2) Rootkit
https://blog.quarkslab.com/exploiting-lenovo-driver-cve-2025-8061_part2.html
@reverseengine
https://blog.quarkslab.com/exploiting-lenovo-driver-cve-2025-8061_part2.html
@reverseengine
Quarkslab
BYOVD to the next level (part 2) — rootkit like it's 2025 - Quarkslab's blog
Bring Your Own Vulnerable Driver (BYOVD) is a well-known post-exploitation technique used by adversaries. This blog post is part of a series. In part one we saw how to abuse a vulnerable driver to gain access to Ring-0 capabilities. In this second and final…
❤1
Microsoft Windows Cloud Files Minifilter TOCTOU Privilege Escalation
https://blog.exodusintel.com/2025/10/20/microsoft-windows-cloud-files-minifilter-toctou-privilege-escalation
@reverseengine
https://blog.exodusintel.com/2025/10/20/microsoft-windows-cloud-files-minifilter-toctou-privilege-escalation
@reverseengine
Exodus Intelligence
Microsoft Windows Cloud Files Minifilter TOCTOU Privilege Escalation - Exodus Intelligence
By Michele Campa Overview In this blog post we take a look at a race condition we found in Microsoft Windows Cloud Minifilter (i.e. cldflt.sys ) in March 2024. This vulnerability was patched in October 2025 and assigned CVE-2025-55680 . The vulnerability…
❤1
Let's Create Some Polymorphic PIC Shellcode
https://g3tsyst3m.com/shellcode/pic/Let's-Create-Some-Polymorphic-PIC-Shellcode!/
@reverseengine
https://g3tsyst3m.com/shellcode/pic/Let's-Create-Some-Polymorphic-PIC-Shellcode!/
@reverseengine
❤1
A Collection of incredible Malware Analysis and Reverse Engineering
https://x.com/embee_research/status/1674001545476861954
@reverseengine
https://x.com/embee_research/status/1674001545476861954
@reverseengine
X (formerly Twitter)
Matthew (@embee_research) on X
A collection of incredible (non-corporate) malware analysis and reverse engineering blogs that I have personally enjoyed over the years.
All focused on education and knowledge sharing of malware/RE topics.
[1/14] 🧵
(In no particular order)
#malware #education
All focused on education and knowledge sharing of malware/RE topics.
[1/14] 🧵
(In no particular order)
#malware #education
❤1
MuddyWater’s DarkBit ransomware cracked for free data recovery 😂🫵
https://www.bleepingcomputer.com/news/security/muddywaters-darkbit-ransomware-cracked-for-free-data-recovery
@FUZZ0x
https://www.bleepingcomputer.com/news/security/muddywaters-darkbit-ransomware-cracked-for-free-data-recovery
@FUZZ0x
BleepingComputer
MuddyWater’s DarkBit ransomware cracked for free data recovery
Cybersecurity firm Profero cracked the encryption of the DarkBit ransomware gang's encryptors, allowing them to recover a victim's files for free without paying a ransom.
❤1
Adaptix C2
https://github.com/Adaptix-Framework/Extension-Kit
Blogs:
https://adaptix-framework.gitbook.io/adaptix-framework/blogs
https://github.com/Adaptix-Framework/AdaptixC2
Document:
https://adaptix-framework.gitbook.io/adaptix-framework
@reverseengine
https://github.com/Adaptix-Framework/Extension-Kit
Blogs:
https://adaptix-framework.gitbook.io/adaptix-framework/blogs
https://github.com/Adaptix-Framework/AdaptixC2
sudo apt install mingw-w64 make
wget https://go.dev/dl/go1.24.4.linux-amd64.tar.gz -O /tmp/go1.24.4.linux-amd64.tar.gz
sudo rm -rf /usr/local/go /usr/local/bin/go
sudo tar -C /usr/local -xzf /tmp/go1.24.4.linux-amd64.tar.gz
sudo ln -s /usr/local/go/bin/go /usr/local/bin/go
sudo apt install gcc g++ build-essential cmake libssl-dev qt6-base-dev qt6-websockets-dev qt6-declarative-dev
git clone https://github.com/Adaptix-Framework/AdaptixC2.git
cd AdaptixC2
make server
make extenders
make client
cd dist
chmod +x ssl_gen.sh
./ssl_gen.sh
./adaptixserver -profile profile.json
./AdaptixClient
Document:
https://adaptix-framework.gitbook.io/adaptix-framework
@reverseengine
GitHub
GitHub - Adaptix-Framework/Extension-Kit: AdaptixFramework Extension Kit
AdaptixFramework Extension Kit. Contribute to Adaptix-Framework/Extension-Kit development by creating an account on GitHub.
❤1
Linux Rootkit Malware
https://www.fortinet.com/blog/threat-research/deep-dive-into-a-linux-rootkit-malware?utm_source=chatgpt.com
@reverseengine
https://www.fortinet.com/blog/threat-research/deep-dive-into-a-linux-rootkit-malware?utm_source=chatgpt.com
@reverseengine
Fortinet Blog
Deep Dive Into a Linux Rootkit Malware
An in-depth analysis of how a remote attacker deployed a rootkit and a user-space binary file by executing a shell noscript.…
❤1
Rootkit Technique to Hook the SSDT via Alt Syscalls
https://fluxsec.red/hells-hollow-a-new-SSDT-hooking-technique-with-alt-syscalls-rootkit
Poc: https://github.com/0xflux/Hells-Hollow
@reverseengine
https://fluxsec.red/hells-hollow-a-new-SSDT-hooking-technique-with-alt-syscalls-rootkit
Poc: https://github.com/0xflux/Hells-Hollow
@reverseengine
fluxsec.red
SSDT Hooking via Alt Syscalls for ETW Evasion
Discover how Hells Hollow introduces a novel SSDT hook primitive in Rust by manipulating the kernel’s Alt Syscalls mechanism—enabling ETW bypass, return-value patching, and PatchGuard-resistant rootkit capabilities on Windows 11. Deep dive with POC code and…
❤1
This media is not supported in your browser
VIEW IN TELEGRAM
Kill EDR Processes Permanently
User-Mode Code and Its Rootkit
https://github.com/SaadAhla/dark-kill
@reverseengine
User-Mode Code and Its Rootkit
https://github.com/SaadAhla/dark-kill
@reverseengine
❤1
Root Shell on Credit Card Terminal
Reverse Engineer Payment card Terminals
https://stefan-gloor.ch/yomani-hack
@reverseengine
Reverse Engineer Payment card Terminals
https://stefan-gloor.ch/yomani-hack
@reverseengine
👍7
تمام اموزشات جنبه ی آموزشی دارن و هرگونه استفاده نادرست مسئولیتش با خودتونه لطفا درست استفاده کنید
All training is for educational purposes only and any misuse is your responsibility. Please use it correctly.
All training is for educational purposes only and any misuse is your responsibility. Please use it correctly.
❤6
A .NET Assembly Tracer Using Harmony for Runtime Method Interception
https://github.com/eversinc33/NetRunner
@reverseengine
https://github.com/eversinc33/NetRunner
@reverseengine
GitHub
GitHub - eversinc33/NetRunner: A .NET assembly tracer using Harmony for runtime method interception.
A .NET assembly tracer using Harmony for runtime method interception. - eversinc33/NetRunner
❤1
❤1