Inside WMI: Tracing Windows Management from Consumers to COM Providers
Original text by Jonathan Johnson
The two-part article explores the internal architecture of Windows Management Instrumentation (WMI) and explains how management queries and actions are executed inside Windows. WMI is Microsoft’s implementation of WBEM (Web-Based Enterprise Management) and provides a standardized way for applications and administrators to query system information or manage resources such as…
https://core-jmp.org/2026/03/inside-wmi-tracing-windows-management-from-consumers-to-com-providers/
Original text by Jonathan Johnson
The two-part article explores the internal architecture of Windows Management Instrumentation (WMI) and explains how management queries and actions are executed inside Windows. WMI is Microsoft’s implementation of WBEM (Web-Based Enterprise Management) and provides a standardized way for applications and administrators to query system information or manage resources such as…
https://core-jmp.org/2026/03/inside-wmi-tracing-windows-management-from-consumers-to-com-providers/
👍4
Hidden Bugs in Plain Sight: Hunting Vulnerabilities Inside Shared Libraries
Original text by Grzegorz Wypych (h0rac)
The article explains how security researchers can discover vulnerabilities that hide not in the main application binary but inside the shared libraries it depends on. The author presents the concept behind the ByteRay vulnerability hunting engine, which focuses on tracking how input data flows across program boundaries—from the main…
https://core-jmp.org/2026/03/hidden-bugs-in-plain-sight-hunting-vulnerabilities-inside-shared-libraries/
Original text by Grzegorz Wypych (h0rac)
The article explains how security researchers can discover vulnerabilities that hide not in the main application binary but inside the shared libraries it depends on. The author presents the concept behind the ByteRay vulnerability hunting engine, which focuses on tracking how input data flows across program boundaries—from the main…
https://core-jmp.org/2026/03/hidden-bugs-in-plain-sight-hunting-vulnerabilities-inside-shared-libraries/
👍2
Bypassing Code Integrity Using BYOVD for Kernel R/W Primitives
Original text by S12 – 0x12Dark Development
The article demonstrates how attackers can bypass Windows Kernel Code Integrity protections by abusing the BYOVD (Bring Your Own Vulnerable Driver) technique to obtain powerful kernel read/write primitives. Instead of loading a malicious unsigned driver, the attacker loads a legitimate but vulnerable signed driver that contains exploitable IOCTL…
https://core-jmp.org/2026/03/bypassing-code-integrity-using-byovd-for-kernel-r-w-primitives/
Original text by S12 – 0x12Dark Development
The article demonstrates how attackers can bypass Windows Kernel Code Integrity protections by abusing the BYOVD (Bring Your Own Vulnerable Driver) technique to obtain powerful kernel read/write primitives. Instead of loading a malicious unsigned driver, the attacker loads a legitimate but vulnerable signed driver that contains exploitable IOCTL…
https://core-jmp.org/2026/03/bypassing-code-integrity-using-byovd-for-kernel-r-w-primitives/
😱3👍1
This media is not supported in your browser
VIEW IN TELEGRAM
Kali Linux New Tools 2026
• AdaptixC2 — Post-exploitation
• Atomic-Operator — Atomic tests
• Fluxion — Social engineering
• GEF — GDB debugger
• MetasploitMCP — Metasploit MCP
• SSTImap — SSTI scanner
• WPProbe — WP plugin enum
• XSStrike — XSS scanner
👍38
Reflecting on Your Tier Model: CVE-2025-33073 and the One-Hop Problem
Original text by Rahul Saranjame
The False Sense of Security
SMB signing on domain controllers has become standard practice across most Active Directory environments. But this hardening may have created a false sense of security. CVE-2025-33073 changes the calculus by removing the prerequisite of admin access, enabling NTLM relay attack Active Directory exploitation through unconstrained…
https://core-jmp.org/2026/03/reflecting-on-your-tier-model-cve-2025-33073-and-the-one-hop-problem/
Original text by Rahul Saranjame
The False Sense of Security
SMB signing on domain controllers has become standard practice across most Active Directory environments. But this hardening may have created a false sense of security. CVE-2025-33073 changes the calculus by removing the prerequisite of admin access, enabling NTLM relay attack Active Directory exploitation through unconstrained…
https://core-jmp.org/2026/03/reflecting-on-your-tier-model-cve-2025-33073-and-the-one-hop-problem/
👍5🔥4
From RCU Double Free to Root: Exploiting a Linux Kernel Race in cornelslop
Original text by ptr-yudai 14日前 読者になる
The article is a detailed write-up of the “cornelslop” Linux kernel exploitation challenge from DiceCTF 2026. It explains how a race condition in a kernel module leads to a double free vulnerability involving RCU callbacks. The module manages entries stored in an XArray and exposes several IOCTL operations for…
https://core-jmp.org/2026/03/from-rcu-double-free-to-root-exploiting-a-linux-kernel-race-in-cornelslop/
Original text by ptr-yudai 14日前 読者になる
The article is a detailed write-up of the “cornelslop” Linux kernel exploitation challenge from DiceCTF 2026. It explains how a race condition in a kernel module leads to a double free vulnerability involving RCU callbacks. The module manages entries stored in an XArray and exposes several IOCTL operations for…
https://core-jmp.org/2026/03/from-rcu-double-free-to-root-exploiting-a-linux-kernel-race-in-cornelslop/
👍8
Inside the Payload: Manual Shellcode Analysis with Ghidra
Original text by Matthew
The article explains a practical workflow for manually analyzing malicious Windows shellcode using Ghidra and a debugger such as x32dbg. Instead of relying on automated emulators, the author demonstrates how to perform manual reverse engineering to understand the behavior of shellcode used by frameworks like Cobalt Strike. The tutorial begins with…
https://core-jmp.org/2026/03/inside-the-payload-manual-shellcode-analysis-with-ghidra/
Original text by Matthew
The article explains a practical workflow for manually analyzing malicious Windows shellcode using Ghidra and a debugger such as x32dbg. Instead of relying on automated emulators, the author demonstrates how to perform manual reverse engineering to understand the behavior of shellcode used by frameworks like Cobalt Strike. The tutorial begins with…
https://core-jmp.org/2026/03/inside-the-payload-manual-shellcode-analysis-with-ghidra/
🔥6👍4
Breaking the JIT: Exploiting a SpiderMonkey Type Confusion Bug
Original text by @qriousec
The article analyzes CVE-2025-14325, a vulnerability in the SpiderMonkey JavaScript engine used by Mozilla Firefox. The bug originates in the Baseline JIT compiler, specifically in the implementation of inline caches (ICs) that optimize property access operations in JavaScript. Inline caches speed up execution by remembering object layouts and reusing cached assumptions…
https://core-jmp.org/2026/03/breaking-the-jit-exploiting-a-spidermonkey-type-confusion-bug/
Original text by @qriousec
The article analyzes CVE-2025-14325, a vulnerability in the SpiderMonkey JavaScript engine used by Mozilla Firefox. The bug originates in the Baseline JIT compiler, specifically in the implementation of inline caches (ICs) that optimize property access operations in JavaScript. Inline caches speed up execution by remembering object layouts and reusing cached assumptions…
https://core-jmp.org/2026/03/breaking-the-jit-exploiting-a-spidermonkey-type-confusion-bug/
🔥6
Async Windows Gone Wrong: Exploiting a Win32k Type Confusion Bug
Original text by s4dbrd
The article analyzes a Windows kernel vulnerability in win32kfull.sys involving a type confusion bug in the asynchronous window action processing path. The vulnerability occurs in logic responsible for handling window-related operations when certain internal features are enabled through Microsoft’s feature-flag system. Because of inconsistent object handling, the kernel may treat one…
https://core-jmp.org/2026/03/async-windows-gone-wrong-exploiting-a-win32k-type-confusion-bug/
Original text by s4dbrd
The article analyzes a Windows kernel vulnerability in win32kfull.sys involving a type confusion bug in the asynchronous window action processing path. The vulnerability occurs in logic responsible for handling window-related operations when certain internal features are enabled through Microsoft’s feature-flag system. Because of inconsistent object handling, the kernel may treat one…
https://core-jmp.org/2026/03/async-windows-gone-wrong-exploiting-a-win32k-type-confusion-bug/
🔥11👍3
MAD Bugs: Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747)
Original text by CALIF
The article “MAD Bugs: Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell” describes an experiment demonstrating how a modern large language model can assist in advanced vulnerability research and exploit development. Researchers tested the AI model Claude against CVE-2026-4747, a vulnerability in FreeBSD’s RPCSEC_GSS implementation. Starting only with…
https://core-jmp.org/2026/04/mad-bugs-claude-wrote-a-full-freebsd-remote-kernel-rce-with-root-shell-cve-2026-4747/
Original text by CALIF
The article “MAD Bugs: Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell” describes an experiment demonstrating how a modern large language model can assist in advanced vulnerability research and exploit development. Researchers tested the AI model Claude against CVE-2026-4747, a vulnerability in FreeBSD’s RPCSEC_GSS implementation. Starting only with…
https://core-jmp.org/2026/04/mad-bugs-claude-wrote-a-full-freebsd-remote-kernel-rce-with-root-shell-cve-2026-4747/
👍7🔥2
Understanding Out-Of-Bounds in Windows Kernel Driver
Original text by Jay Pandya
The article “Understanding Out-of-Bounds in Windows Kernel Driver” explains how out-of-bounds (OOB) vulnerabilities occur in Windows kernel drivers and why they are dangerous from a security perspective. Out-of-bounds bugs appear when code reads or writes memory outside the boundaries of a valid buffer or structure, often due to incorrect index…
https://core-jmp.org/2026/04/understanding-out-of-bounds-in-windows-kernel-driver/
Original text by Jay Pandya
The article “Understanding Out-of-Bounds in Windows Kernel Driver” explains how out-of-bounds (OOB) vulnerabilities occur in Windows kernel drivers and why they are dangerous from a security perspective. Out-of-bounds bugs appear when code reads or writes memory outside the boundaries of a valid buffer or structure, often due to incorrect index…
https://core-jmp.org/2026/04/understanding-out-of-bounds-in-windows-kernel-driver/
👍8