Escaping the VM: From Guest Code to Host Compromise in VMware Workstation
Original text by r0keb
The article presents a technical walkthrough of developing a VMware guest-to-host escape exploit, demonstrating how vulnerabilities in virtualization software can break the isolation between a virtual machine and its host system. The research focuses on flaws affecting VMware Workstation, where bugs in virtual device handling and host-side processing logic allow a…
https://core-jmp.org/2026/04/escaping-the-vm-from-guest-code-to-host-compromise-in-vmware-workstation/
Original text by r0keb
The article presents a technical walkthrough of developing a VMware guest-to-host escape exploit, demonstrating how vulnerabilities in virtualization software can break the isolation between a virtual machine and its host system. The research focuses on flaws affecting VMware Workstation, where bugs in virtual device handling and host-side processing logic allow a…
https://core-jmp.org/2026/04/escaping-the-vm-from-guest-code-to-host-compromise-in-vmware-workstation/
🔥9😱6👍3
Signed to Kill: Reverse Engineering a 0-Day Used to Disable CrowdStrike EDR
Original text by Jehad Abudagga
The article presents a reverse-engineering analysis of a kernel driver used in a BYOVD (Bring Your Own Vulnerable Driver) attack to disable security software, including CrowdStrike Falcon EDR. The researcher discovered multiple variants of a Microsoft-signed driver that expose a dangerous IOCTL interface capable of terminating arbitrary processes. Because the…
https://core-jmp.org/2026/04/signed-to-kill-reverse-engineering-a-0-day-used-to-disable-crowdstrike-edr/
Original text by Jehad Abudagga
The article presents a reverse-engineering analysis of a kernel driver used in a BYOVD (Bring Your Own Vulnerable Driver) attack to disable security software, including CrowdStrike Falcon EDR. The researcher discovered multiple variants of a Microsoft-signed driver that expose a dangerous IOCTL interface capable of terminating arbitrary processes. Because the…
https://core-jmp.org/2026/04/signed-to-kill-reverse-engineering-a-0-day-used-to-disable-crowdstrike-edr/
👍12🔥1
COMouflage: Stealthy DLL Surrogate Injection for Process Tree Evasion
Original text by S12 – 0x12Dark Development
The article introduces COMouflage, a stealthy Windows process-injection technique that abuses the legitimate COM DLL Surrogate mechanism to execute malicious code inside trusted system processes. Instead of directly injecting into a target process, the attacker registers a fake COM object in the Windows registry under HKEY_CURRENT_USER, which does…
https://core-jmp.org/2026/04/comouflage-stealthy-dll-surrogate-injection-for-process-tree-evasion/
Original text by S12 – 0x12Dark Development
The article introduces COMouflage, a stealthy Windows process-injection technique that abuses the legitimate COM DLL Surrogate mechanism to execute malicious code inside trusted system processes. Instead of directly injecting into a target process, the attacker registers a fake COM object in the Windows registry under HKEY_CURRENT_USER, which does…
https://core-jmp.org/2026/04/comouflage-stealthy-dll-surrogate-injection-for-process-tree-evasion/
😱8🔥1
Recovery Mode Breakdown: Turning macOS Recovery Safari into Root Persistence
Original text by Yaseen Ghanem
The article describes a vulnerability discovered in macOS Recovery Mode Safari that allows an attacker with physical access to gain unrestricted write access to system partitions and achieve persistent root-level execution. While exploring Safari inside the macOS Recovery environment, the researcher discovered that downloaded files could be saved to arbitrary…
https://core-jmp.org/2026/04/recovery-mode-breakdown-turning-macos-recovery-safari-into-root-persistence/
Original text by Yaseen Ghanem
The article describes a vulnerability discovered in macOS Recovery Mode Safari that allows an attacker with physical access to gain unrestricted write access to system partitions and achieve persistent root-level execution. While exploring Safari inside the macOS Recovery environment, the researcher discovered that downloaded files could be saved to arbitrary…
https://core-jmp.org/2026/04/recovery-mode-breakdown-turning-macos-recovery-safari-into-root-persistence/
🔥10😱1
Книжка хорошая, странно другое, почему вдруг латыши за нее взялись на
*
Ну да ладно, хорошая книжка PDF
kgb.arhivi.lv*
Ну да ладно, хорошая книжка PDF
👍13😱4
Tutorial: Adaptix C2 with ShellcodePack and MacroPack
Original post by Emeric
The article explains how to integrate the Adaptix C2 framework with BallisKit tools ShellcodePack and MacroPack to create stealthy payloads for red-team operations. Adaptix is an open-source command-and-control platform used for post-exploitation and adversarial emulation. The tutorial walks through setting up an Adaptix server on Linux and compiling the GUI client…
https://core-jmp.org/2026/04/tutorial-adaptix-c2-with-shellcodepack-and-macropack/
Original post by Emeric
The article explains how to integrate the Adaptix C2 framework with BallisKit tools ShellcodePack and MacroPack to create stealthy payloads for red-team operations. Adaptix is an open-source command-and-control platform used for post-exploitation and adversarial emulation. The tutorial walks through setting up an Adaptix server on Linux and compiling the GUI client…
https://core-jmp.org/2026/04/tutorial-adaptix-c2-with-shellcodepack-and-macropack/
🔥22
Ground Station
*
Полный набор open source инструментов для мониторинга спутников и декодирования сигналов с помощью локального SDR, включая загрузку метеорологических изображений и тд.
*
all-in-one
*
Полный набор open source инструментов для мониторинга спутников и декодирования сигналов с помощью локального SDR, включая загрузку метеорологических изображений и тд.
*
all-in-one
👍11😱1
Stanford CS230 | Autumn 2025 | Lecture 8: Agents, Prompts, and RAG
*
Стэнфордский курс по созданию систем ИИ уделывает все туториалы Claude и треды по промптингу.
Реально учит инженеров создавать с нуля надёжные системы ИИ
https://www.youtube.com/watch?v=k1njvbBmfsw
*
Стэнфордский курс по созданию систем ИИ уделывает все туториалы Claude и треды по промптингу.
Реально учит инженеров создавать с нуля надёжные системы ИИ
https://www.youtube.com/watch?v=k1njvbBmfsw
YouTube
Stanford CS230 | Autumn 2025 | Lecture 8: Agents, Prompts, and RAG
For more information about Stanford’s Artificial Intelligence professional and graduate programs, visit: https://stanford.io/ai
November 11, 2025
This lecture covers agents, prompts, and RAG.
To learn more about enrolling in this course, visit: https:…
November 11, 2025
This lecture covers agents, prompts, and RAG.
To learn more about enrolling in this course, visit: https:…
👍3🔥1