Signed to Kill: Reverse Engineering a 0-Day Used to Disable CrowdStrike EDR
Original text by Jehad Abudagga
The article presents a reverse-engineering analysis of a kernel driver used in a BYOVD (Bring Your Own Vulnerable Driver) attack to disable security software, including CrowdStrike Falcon EDR. The researcher discovered multiple variants of a Microsoft-signed driver that expose a dangerous IOCTL interface capable of terminating arbitrary processes. Because the…
https://core-jmp.org/2026/04/signed-to-kill-reverse-engineering-a-0-day-used-to-disable-crowdstrike-edr/
Original text by Jehad Abudagga
The article presents a reverse-engineering analysis of a kernel driver used in a BYOVD (Bring Your Own Vulnerable Driver) attack to disable security software, including CrowdStrike Falcon EDR. The researcher discovered multiple variants of a Microsoft-signed driver that expose a dangerous IOCTL interface capable of terminating arbitrary processes. Because the…
https://core-jmp.org/2026/04/signed-to-kill-reverse-engineering-a-0-day-used-to-disable-crowdstrike-edr/
👍12🔥1
COMouflage: Stealthy DLL Surrogate Injection for Process Tree Evasion
Original text by S12 – 0x12Dark Development
The article introduces COMouflage, a stealthy Windows process-injection technique that abuses the legitimate COM DLL Surrogate mechanism to execute malicious code inside trusted system processes. Instead of directly injecting into a target process, the attacker registers a fake COM object in the Windows registry under HKEY_CURRENT_USER, which does…
https://core-jmp.org/2026/04/comouflage-stealthy-dll-surrogate-injection-for-process-tree-evasion/
Original text by S12 – 0x12Dark Development
The article introduces COMouflage, a stealthy Windows process-injection technique that abuses the legitimate COM DLL Surrogate mechanism to execute malicious code inside trusted system processes. Instead of directly injecting into a target process, the attacker registers a fake COM object in the Windows registry under HKEY_CURRENT_USER, which does…
https://core-jmp.org/2026/04/comouflage-stealthy-dll-surrogate-injection-for-process-tree-evasion/
😱8🔥1
Recovery Mode Breakdown: Turning macOS Recovery Safari into Root Persistence
Original text by Yaseen Ghanem
The article describes a vulnerability discovered in macOS Recovery Mode Safari that allows an attacker with physical access to gain unrestricted write access to system partitions and achieve persistent root-level execution. While exploring Safari inside the macOS Recovery environment, the researcher discovered that downloaded files could be saved to arbitrary…
https://core-jmp.org/2026/04/recovery-mode-breakdown-turning-macos-recovery-safari-into-root-persistence/
Original text by Yaseen Ghanem
The article describes a vulnerability discovered in macOS Recovery Mode Safari that allows an attacker with physical access to gain unrestricted write access to system partitions and achieve persistent root-level execution. While exploring Safari inside the macOS Recovery environment, the researcher discovered that downloaded files could be saved to arbitrary…
https://core-jmp.org/2026/04/recovery-mode-breakdown-turning-macos-recovery-safari-into-root-persistence/
🔥10😱1
Книжка хорошая, странно другое, почему вдруг латыши за нее взялись на
*
Ну да ладно, хорошая книжка PDF
kgb.arhivi.lv*
Ну да ладно, хорошая книжка PDF
👍13😱4
Tutorial: Adaptix C2 with ShellcodePack and MacroPack
Original post by Emeric
The article explains how to integrate the Adaptix C2 framework with BallisKit tools ShellcodePack and MacroPack to create stealthy payloads for red-team operations. Adaptix is an open-source command-and-control platform used for post-exploitation and adversarial emulation. The tutorial walks through setting up an Adaptix server on Linux and compiling the GUI client…
https://core-jmp.org/2026/04/tutorial-adaptix-c2-with-shellcodepack-and-macropack/
Original post by Emeric
The article explains how to integrate the Adaptix C2 framework with BallisKit tools ShellcodePack and MacroPack to create stealthy payloads for red-team operations. Adaptix is an open-source command-and-control platform used for post-exploitation and adversarial emulation. The tutorial walks through setting up an Adaptix server on Linux and compiling the GUI client…
https://core-jmp.org/2026/04/tutorial-adaptix-c2-with-shellcodepack-and-macropack/
🔥22
Ground Station
*
Полный набор open source инструментов для мониторинга спутников и декодирования сигналов с помощью локального SDR, включая загрузку метеорологических изображений и тд.
*
all-in-one
*
Полный набор open source инструментов для мониторинга спутников и декодирования сигналов с помощью локального SDR, включая загрузку метеорологических изображений и тд.
*
all-in-one
👍11😱1