This media is not supported in your browser
VIEW IN TELEGRAM
Слишком грязный hack
*
No cable, no USB, no NETWORK, но файлы передать нужно !
😆😆😆
Что то отдаленно похожее
*
No cable, no USB, no NETWORK, но файлы передать нужно !
😆😆😆
Что то отдаленно похожее
👍63🔥39😱4
Drupal SA-CORE-2026-004
*
PostgreSQL Entity Query SQLi via JSON:API filter array keys
*
Lab, PoC, and Post-mortem
*
PostgreSQL Entity Query SQLi via JSON:API filter array keys
*
Lab, PoC, and Post-mortem
🔥7👍6
GhostTree: The NTFS Trick That Can Make Malware Disappear from EDR Scans
Original text by Dolev Taler
Varonis Threat Labs describes GhostTree, a Windows path-manipulation technique that abuses NTFS junctions to create recursive directory structures and disrupt security scanning. NTFS junctions are legitimate reparse points that redirect one folder to another, and ordinary users can create them if they have write access. The simpler GhostBranch variant points…
https://core-jmp.org/2026/05/ghosttree-the-ntfs-trick-that-can-make-malware-disappear-from-edr-scans/
Original text by Dolev Taler
Varonis Threat Labs describes GhostTree, a Windows path-manipulation technique that abuses NTFS junctions to create recursive directory structures and disrupt security scanning. NTFS junctions are legitimate reparse points that redirect one folder to another, and ordinary users can create them if they have write access. The simpler GhostBranch variant points…
https://core-jmp.org/2026/05/ghosttree-the-ntfs-trick-that-can-make-malware-disappear-from-edr-scans/
🔥12👍2
👍7🔥4
CVE-2026-20182 Cisco Catalyst SD-WAN
MetaSploit bypass module
*
CVE-2026-0300 PAN-OS 12.1, 11.2, 11.1, 10.2
RCE PoC
*
#network
MetaSploit bypass module
*
CVE-2026-0300 PAN-OS 12.1, 11.2, 11.1, 10.2
RCE PoC
*
#network
👍15😱8🔥5
mov ax, bx drama story – for fun and fasm
; build:
; fasm love_registers.asm love_registers.exe
format PE GUI 4.0
entry start
include ‘win32a.inc’
section ‘.data’ data readable writeable
title db ‘Register Drama’, 0
msg db ‘BX whispered: “take my value…”‘, 13, 10
db ‘AX blushed and replied: mov ax, bx’, 13, 10, 13, 10
db ‘Now AX and BX are in a serious relationship.’,…
https://core-jmp.org/2026/05/mov-ax-bx-drama-story-for-fun-and-fasm/
; build:
; fasm love_registers.asm love_registers.exe
format PE GUI 4.0
entry start
include ‘win32a.inc’
section ‘.data’ data readable writeable
title db ‘Register Drama’, 0
msg db ‘BX whispered: “take my value…”‘, 13, 10
db ‘AX blushed and replied: mov ax, bx’, 13, 10, 13, 10
db ‘Now AX and BX are in a serious relationship.’,…
https://core-jmp.org/2026/05/mov-ax-bx-drama-story-for-fun-and-fasm/
🔥8
Essential iOS Hardening: A Practical Guide to Defending iPhones Against Modern Spyware
Original source: Essential iOS Hardening Steps by Officer’s Notes, published on Medium — Technology Hits.
This article is an original English rewrite based on the source above. It is not a verbatim republication. Full credit for the underlying recommendations and threat-model framing goes to the original author. Please read the original article for the author’s…
https://core-jmp.org/2026/05/essential-ios-hardening-guide/
Original source: Essential iOS Hardening Steps by Officer’s Notes, published on Medium — Technology Hits.
This article is an original English rewrite based on the source above. It is not a verbatim republication. Full credit for the underlying recommendations and threat-model framing goes to the original author. Please read the original article for the author’s…
https://core-jmp.org/2026/05/essential-ios-hardening-guide/
🔥9
Fundamentals of Virtual Memory: A Deep Dive into Paging, Page Tables, and Process Address Spaces
Original source: Fundamental of Virtual Memory — author not clearly listed (site: Melatoni, contact nghiant3223@gmail.com), published 2025-05-29.
This article is an original English rewrite of the topic, not a verbatim republication. Full credit for the underlying explanation, structure, and diagrams goes to the original author. Diagrams below are reproduced from the source article with attribution.…
https://core-jmp.org/2026/05/fundamentals-of-virtual-memory/
Original source: Fundamental of Virtual Memory — author not clearly listed (site: Melatoni, contact nghiant3223@gmail.com), published 2025-05-29.
This article is an original English rewrite of the topic, not a verbatim republication. Full credit for the underlying explanation, structure, and diagrams goes to the original author. Diagrams below are reproduced from the source article with attribution.…
https://core-jmp.org/2026/05/fundamentals-of-virtual-memory/
👍4🔥2
APC Tandem: A Primitive-Chaining Process Injection That Slips Past Common EDR Triggers
Original source: Primitive Process Injection: APC Tandem by S12 — 0x12Dark Development, published on Medium in May 2026.
This article is an original English rewrite of the technique walkthrough. Code blocks, the PoC screenshot, the Kleenscan scan output and the YARA rule are reproduced verbatim from the source with attribution. Full credit for the technique,…
https://core-jmp.org/2026/05/apc-tandem-primitive-process-injection/
Original source: Primitive Process Injection: APC Tandem by S12 — 0x12Dark Development, published on Medium in May 2026.
This article is an original English rewrite of the technique walkthrough. Code blocks, the PoC screenshot, the Kleenscan scan output and the YARA rule are reproduced verbatim from the source with attribution. Full credit for the technique,…
https://core-jmp.org/2026/05/apc-tandem-primitive-process-injection/
🔥3👍2
CVE-2025-54539: Apache.NMS.AMQP Deserialization Policy Bypass to Unauthenticated RCE in .NET
Attribution. This is an original English rewrite based on the SecureLayer7 Blog post “CVE-2025-54539: Apache ActiveMQ NMS AMQP Deserialization Policy Bypass to RCE” (SecureLayer7 Blog, 19 May 2026). Author not clearly listed (site: SecureLayer7 Blog). All credit for the original research, lab setup, code listings and diagrams belongs to SecureLayer7. The post you are reading…
https://core-jmp.org/2026/05/cve-2025-54539-apache-nms-amqp-deserialization-policy-bypass-rce/
Attribution. This is an original English rewrite based on the SecureLayer7 Blog post “CVE-2025-54539: Apache ActiveMQ NMS AMQP Deserialization Policy Bypass to RCE” (SecureLayer7 Blog, 19 May 2026). Author not clearly listed (site: SecureLayer7 Blog). All credit for the original research, lab setup, code listings and diagrams belongs to SecureLayer7. The post you are reading…
https://core-jmp.org/2026/05/cve-2025-54539-apache-nms-amqp-deserialization-policy-bypass-rce/
🔥3👍2
TREVEX: Black-Box CPU Fuzzing Finds FP-DSS, New FPVI Variants, and Zero-at-ret
Attribution. This is an original English rewrite based on the paper “TREVEX: A Black-Box Detection Framework For Data-Flow Transient Execution Vulnerabilities” by Daniel Weber, Fabian Thomas, Leon Trampert, Ruiyi Zhang, and Michael Schwarz (CISPA Helmholtz Center for Information Security, to appear at IEEE Symposium on Security and Privacy 2026). All research, lab work, figures, tables…
https://core-jmp.org/2026/05/trevex-black-box-fuzzer-data-flow-transient-execution-vulnerabilities-fp-dss-cve-2025-54505/
Attribution. This is an original English rewrite based on the paper “TREVEX: A Black-Box Detection Framework For Data-Flow Transient Execution Vulnerabilities” by Daniel Weber, Fabian Thomas, Leon Trampert, Ruiyi Zhang, and Michael Schwarz (CISPA Helmholtz Center for Information Security, to appear at IEEE Symposium on Security and Privacy 2026). All research, lab work, figures, tables…
https://core-jmp.org/2026/05/trevex-black-box-fuzzer-data-flow-transient-execution-vulnerabilities-fp-dss-cve-2025-54505/
Roundcube CVE-2025-49113: Authenticated PHP Object Deserialization to RCE in Open-Source Webmail
Attribution. This is an original English rewrite based on the article “Critical Remote Code Execution (RCE) in Roundcube, CVE-2025-49113: Your Email is Not Safe!” by AirCorridor on Hackers Arise (published 25 July 2025). The technical analysis, walkthrough and screenshots are the original author’s work; this page paraphrases the prose in our own words, preserves every…
https://core-jmp.org/2026/05/roundcube-cve-2025-49113-authenticated-rce-php-deserialization/
Attribution. This is an original English rewrite based on the article “Critical Remote Code Execution (RCE) in Roundcube, CVE-2025-49113: Your Email is Not Safe!” by AirCorridor on Hackers Arise (published 25 July 2025). The technical analysis, walkthrough and screenshots are the original author’s work; this page paraphrases the prose in our own words, preserves every…
https://core-jmp.org/2026/05/roundcube-cve-2025-49113-authenticated-rce-php-deserialization/
🔥7👍3
Рубрика На заметку
*
*
Выпуск скорее мини аналитический, чем практический.
*
Dirty-family: новые Linux LPE — это не случайность, а болезнь zero-copy и page cache
*
Linux уже свежими ластами наступает на старые грабли:
Кому то может даже показаться что это разные уязвимости:
Только вот не нужно смотреть на конкретную функцию в ядре, смотрите на итоговый primitive, тогда картина становится нарисованной не гавном, а маслом.
Во всех этих cool story ломается один из базовых инвариантов ядра:
Файл или страница памяти должны быть доступны
Особенным ароматом пахнет
Тут и файл на диске может оставаться неизменным и checksum может быть нормальным, но процесс при чтении получает уже "
Ну а для
НЕЛЬЗЯ ГОВОРИТЬ что Dirty Pipe, Copy Fail, Dirty Frag, Fragnesia и GRO Frag — это “ЭТО ОДНА И ТАЖЕ ДЫРА”. Нет, это РАЗНЫЕ баги в РАЗНЫХ подсистемах.
Но можно сказать это точно одна и та же БОЛЕЗНЬ КЛАССА -
Старая корова (Dirty COW 2016) в этой истории это скорее прародитель по духу, коуч и духовный наставник.
Ну и какой вывод то а ? Да такой же как и всегда, чем сложнее система - тем легче ломать.
Современные zero-copy и high-performance пути в ядре стали настолько сложными, что любая ошибка в refcount/ownership превращается в root.
#РубрикаНаЗаметкуХакеру
$USERNAME@hacker.wtf - part 11*
*
Выпуск скорее мини аналитический, чем практический.
*
Dirty-family: новые Linux LPE — это не случайность, а болезнь zero-copy и page cache
*
Linux уже свежими ластами наступает на старые грабли:
Dirty COW, Dirty Pipe, Copy Fail, Dirty Frag, Fragnesia, а теперь ещё и GRO Frag.Кому то может даже показаться что это разные уязвимости:
TimeLine такой
Dirty COW (CVE-2016-5195) — race в Copy-on-Write.
Dirty Pipe (CVE-2022-0847) — баг в pipe/page cache.
Copy Fail (CVE-2026-31431) — AF_ALG + splice.
Dirty Frag и Fragnesia (CVE-2026-43284 + CVE-2026-43500 + CVE-2026-46300) — XFRM/RxRPC/ESP и + сетевые фрагменты.
GRO Frag — GRO (вчера был без CVE) - zero-copy skb и io_uring.
Только вот не нужно смотреть на конкретную функцию в ядре, смотрите на итоговый primitive, тогда картина становится нарисованной не гавном, а маслом.
Во всех этих cool story ломается один из базовых инвариантов ядра:
Файл или страница памяти должны быть доступны
read ONLY, но $USER ,без привилегий получает возможность изменить то, что менять не должен. (как внезапно да ?).Особенным ароматом пахнет
ветка page-cache bugs ! Тут и файл на диске может оставаться неизменным и checksum может быть нормальным, но процесс при чтении получает уже "
заряженную" копию из page cache. (опять мир чудес).Ну а для
LPE этого достаточно - если удаётся повлиять на то что видит setuid-root бинарь или системный компонент, любой $USER забирает root. НЕЛЬЗЯ ГОВОРИТЬ что Dirty Pipe, Copy Fail, Dirty Frag, Fragnesia и GRO Frag — это “ЭТО ОДНА И ТАЖЕ ДЫРА”. Нет, это РАЗНЫЕ баги в РАЗНЫХ подсистемах.
Но можно сказать это точно одна и та же БОЛЕЗНЬ КЛАССА -
zero-copy / shared buffers / fragments / page cache ownership оборзели и потеряли границы ответственности и это дало юзеру внезапно получить write primitive туда, где должен был быть read ONLY.Старая корова (Dirty COW 2016) в этой истории это скорее прародитель по духу, коуч и духовный наставник.
io_uring UAF и io_uring ZCRX freelist — это соседняя ветка (но дерево то же) !!!! там больше про lifetime, UAF, freelist и kernel memory corruption, но философия ОЧЕНЬ ПОХОЖАЯ — сложные fast-path механизмы ломают модель владения памятью.Ну и какой вывод то а ? Да такой же как и всегда, чем сложнее система - тем легче ломать.
Современные zero-copy и high-performance пути в ядре стали настолько сложными, что любая ошибка в refcount/ownership превращается в root.
#РубрикаНаЗаметкуХакеру
🔥12👍7
CVE-2026-6068 — NASM Heap UAF Turns Into Persistent RCE Through a Dependency-File Symlink Trick
Attribution. This is an original English rewrite based on the writeup “CVE-2026-6068 – From Heap UAF to Persistent RCE in NASM” by breakingbad on Project SEKAI (sekai.team, published 18 May 2026). All research, code, screenshots and the disclosure timeline are the original author’s work. Both screenshots and every code listing are reproduced verbatim at their…
https://core-jmp.org/2026/05/cve-2026-6068-nasm-heap-uaf-persistent-rce/
Attribution. This is an original English rewrite based on the writeup “CVE-2026-6068 – From Heap UAF to Persistent RCE in NASM” by breakingbad on Project SEKAI (sekai.team, published 18 May 2026). All research, code, screenshots and the disclosure timeline are the original author’s work. Both screenshots and every code listing are reproduced verbatim at their…
https://core-jmp.org/2026/05/cve-2026-6068-nasm-heap-uaf-persistent-rce/
🔥3👍2
RemotePE: Inside Lazarus’s In-Memory RAT and Its DPAPI-Keyed Three-Stage Loader Chain
Attribution. This is an original English rewrite based on “RemotePE: The Lazarus RAT that lives in memory” by Yun Zheng Hu and Mick Koomen on the Fox-IT (NCC Group) International blog (published 22 May 2026). All research, screenshots, tables, IOCs and YARA rules are the original authors’ work. Figures, IOCs, YARA rules and command tables…
https://core-jmp.org/2026/05/remotepe-lazarus-in-memory-rat-dpapi-loader-chain/
Attribution. This is an original English rewrite based on “RemotePE: The Lazarus RAT that lives in memory” by Yun Zheng Hu and Mick Koomen on the Fox-IT (NCC Group) International blog (published 22 May 2026). All research, screenshots, tables, IOCs and YARA rules are the original authors’ work. Figures, IOCs, YARA rules and command tables…
https://core-jmp.org/2026/05/remotepe-lazarus-in-memory-rat-dpapi-loader-chain/
👍4🔥3😱1