heavener: This is what happens when you can't afford EDR licenses by otter.
TLDR; A modular engine that runs real vendor detection logic from reverse-engineered EDR components against live or replayed Windows telemetry.
Blog:- https://t.co/onZFaO23AR
#edr#detection
Following on our series: An Introduction to Modern Malware Development for Red Teams, today's episode is all about Portable Executables.
In this blog post, I walk you through what are PEs, what known file types are, in fact, PEs, what is their structure and what are the detection opportunities security products leverage to stop your tooling from executing even before it gets a chance to start.
Up next we will be diving into Process and Threads so we can set the stage for process injection techniques. Stay tune.
You can read the article here: https://t.co/ORKHtl4Uww
Keep hacking,
Sp1d3rM_*^!
3 part series on fuzzing the GPS service daemon (psd) using LibAFL (@xchglabs)
Part 1: https://t.co/0HWr8qSWd8
Part 2: https://t.co/FMIOukQBZw
Part 3: https://t.co/yUQUB1NzrF
#infosec
We're building a small community around binary security research — RE, obfuscation, exploit dev, compilers, malware analysis, binary hardening.
GitHub → https://t.co/3EqUEqV2yO
Discord → https://t.co/eO0YbarXZM
come join us. Always happy to meet more RE people.
Free malware analysis and reverse engineering content focused entirely on IDA Pro. IDAPython scripting and automation. IDA C++ SDK. Hex-Rays decompiler internals. Microcode and CTree API. Workflow optimisation. Debugging. Type libraries. Reversing C++ programs. AI-assisted reverse engineering. Plugin development.
From someone with 20+ years of IDA experience who helped build parts of the tool.
https://t.co/BQDHJoK6eG
Author: @allthingsida
#ReverseEngineering #MalwareAnalysis #InfoSec
One of the best FREE Windows exploit development and security research blogs out there. Kernel pool exploitation. PTE overwrites. HVCI and kernel CFG bypass. XFG internals. Browser type confusion. Kernel shadow stacks. Secure kernel internals. ARM64 Pointer Authentication bypass. ETW and PPL research.
Covers everything from ROP fundamentals all the way to cutting edge ARM64 and VBS security research. Still actively publishing in 2026.
https://t.co/tyfevXiWOp
Author: @33y0re
#ExploitDevelopment #WindowsInternals #ReverseEngineering
Using Claude to reproduce an ElectroMagnetic (EM) glitch to escalate privileges from a restricted adb shell to root on Google’s TV Streamer 4K (@raelizecom)
https://t.co/XKGan3Bq50
#infosec#llm
From Windows driver to custom EDR.
A journey through building own EDR-like solution with a historical perspective - a post by Aurélien Chalot (@Defte_).
Source: https://t.co/bqxiKlwCxj
#redteam#blueteam#maldev#malwaredevelopment
Next, Next, SYSTEM: Exploiting NSIS installer bugs to escalate privileges in Zscaler Client Connector
In this blog post I show how patch gaps in Zscaler's bundled NSIS versions led to LPE..
includes PoCs and yara rule to help you find other affected s/w
https://t.co/cFiDsPFDES
The eighth article of the Exploiting Reversing Series (ERS) is now live. Titled “Exploitation Techniques | CVE-2024-30085 (Part 02)” this 91-page technical guide offers a comprehensive roadmap for vulnerability exploitation:
https://t.co/MPwYP7j8Qt
Key features of this edition:
[+] Dual Exploit Strategies: Two distinct exploit versions leveraging the I/O Ring mechanism.
[+] Exploit ALPC + WNF OOB + Pipe Attributes + I/O Ring: elevation of privilege of a regular user to SYSTEM.
[+] Replaced ALPC one-shot write with Pipe Attribute spray for I/O Ring RegBuffers corruption: more reliable adjacency control.
[+] Exploit WNF OOB + I/O Ring Read/Write: elevation of privilege of a regular user to SYSTEM.
[+] Pure I/O Ring primitive: eliminated ALPC dependency entirely. WNF overflow directly corrupts I/O Ring RegBuffers for arbitrary kernel read/write.
[+] Solid Reliability: Two complete, stable exploits, including an improved cleanup stage.
This article guides you through two additional techniques for exploiting the CVE-2024-30085 Heap Buffer Overflow. While demonstrated here, these methods can be adapted as exploitation techniques for many other kernel targets.
I would like to thank Ilfak Guilfanov (@ilfak ) and Hex-Rays SA (@HexRaysSA ) for their constant and uninterrupted support, which has been vital in helping me produce this series.
I hope this serves as a definitive resource for your research. If you find it helpful, please feel free to share it or reach out with your feedback!
Enjoy the read and have an excellent day.
#exploit #exploitdevelopment #windows #exploitation #vulnerability #minifilterdriver #kernel #heapoverflow #ioring
Reverse engineering Linux anti-RE tricks: malformed ELF headers, segment gaps, XOR layers, and RC4 encryption. By Xusheng Li
https://t.co/8q27Cvi2zL
#infosec