test 123

test 123

https://core-jmp.org/2026/05/test-123/

mov ax, bx drama story – for fun and fasm

; build:
; fasm love_registers.asm love_registers.exe

format PE GUI 4.0
entry start

include ‘win32a.inc’

section ‘.data’ data readable writeable
title db ‘Register Drama’, 0
msg db ‘BX whispered: “take my value…”‘, 13, 10
db ‘AX blushed and replied: mov ax, bx’, 13, 10, 13, 10
db ‘Now AX and BX are in a serious relationship.’,…

https://core-jmp.org/2026/05/mov-ax-bx-drama-story-for-fun-and-fasm/

Essential iOS Hardening: A Practical Guide to Defending iPhones Against Modern Spyware

Original source: Essential iOS Hardening Steps by Officer’s Notes, published on Medium — Technology Hits.

This article is an original English rewrite based on the source above. It is not a verbatim republication. Full credit for the underlying recommendations and threat-model framing goes to the original author. Please read the original article for the author’s…

https://core-jmp.org/2026/05/essential-ios-hardening-guide/

Fundamentals of Virtual Memory: A Deep Dive into Paging, Page Tables, and Process Address Spaces

Original source: Fundamental of Virtual Memory — author not clearly listed (site: Melatoni, contact nghiant3223@gmail.com), published 2025-05-29.

This article is an original English rewrite of the topic, not a verbatim republication. Full credit for the underlying explanation, structure, and diagrams goes to the original author. Diagrams below are reproduced from the source article with attribution.…

https://core-jmp.org/2026/05/fundamentals-of-virtual-memory/

APC Tandem: A Primitive-Chaining Process Injection That Slips Past Common EDR Triggers

Original source: Primitive Process Injection: APC Tandem by S12 — 0x12Dark Development, published on Medium in May 2026.

This article is an original English rewrite of the technique walkthrough. Code blocks, the PoC screenshot, the Kleenscan scan output and the YARA rule are reproduced verbatim from the source with attribution. Full credit for the technique,…

https://core-jmp.org/2026/05/apc-tandem-primitive-process-injection/

CVE-2025-54539: Apache.NMS.AMQP Deserialization Policy Bypass to Unauthenticated RCE in .NET

Attribution. This is an original English rewrite based on the SecureLayer7 Blog post “CVE-2025-54539: Apache ActiveMQ NMS AMQP Deserialization Policy Bypass to RCE” (SecureLayer7 Blog, 19 May 2026). Author not clearly listed (site: SecureLayer7 Blog). All credit for the original research, lab setup, code listings and diagrams belongs to SecureLayer7. The post you are reading…

https://core-jmp.org/2026/05/cve-2025-54539-apache-nms-amqp-deserialization-policy-bypass-rce/

TREVEX: Black-Box CPU Fuzzing Finds FP-DSS, New FPVI Variants, and Zero-at-ret

Attribution. This is an original English rewrite based on the paper “TREVEX: A Black-Box Detection Framework For Data-Flow Transient Execution Vulnerabilities” by Daniel Weber, Fabian Thomas, Leon Trampert, Ruiyi Zhang, and Michael Schwarz (CISPA Helmholtz Center for Information Security, to appear at IEEE Symposium on Security and Privacy 2026). All research, lab work, figures, tables…

https://core-jmp.org/2026/05/trevex-black-box-fuzzer-data-flow-transient-execution-vulnerabilities-fp-dss-cve-2025-54505/

Roundcube CVE-2025-49113: Authenticated PHP Object Deserialization to RCE in Open-Source Webmail

Attribution. This is an original English rewrite based on the article “Critical Remote Code Execution (RCE) in Roundcube, CVE-2025-49113: Your Email is Not Safe!” by AirCorridor on Hackers Arise (published 25 July 2025). The technical analysis, walkthrough and screenshots are the original author’s work; this page paraphrases the prose in our own words, preserves every…

https://core-jmp.org/2026/05/roundcube-cve-2025-49113-authenticated-rce-php-deserialization/

Рубрика На заметку $USERNAME@hacker.wtf - part 11
*
*
Выпуск скорее мини аналитический, чем практический.
*
Dirty-family: новые Linux LPE — это не случайность, а болезнь zero-copy и page cache
*
Linux уже свежими ластами наступает на старые грабли: Dirty COW, Dirty Pipe, Copy Fail, Dirty Frag, Fragnesia, а теперь ещё и GRO Frag.
Кому то может даже показаться что это разные уязвимости:

TimeLine такой

Dirty COW (CVE-2016-5195) — race в Copy-on-Write.
Dirty Pipe (CVE-2022-0847) — баг в pipe/page cache.
Copy Fail (CVE-2026-31431) — AF_ALG + splice.
Dirty Frag и Fragnesia (CVE-2026-43284 + CVE-2026-43500 + CVE-2026-46300) — XFRM/RxRPC/ESP и + сетевые фрагменты.
GRO Frag — GRO (вчера был без CVE) - zero-copy skb и io_uring.

Только вот не нужно смотреть на конкретную функцию в ядре, смотрите на итоговый primitive, тогда картина становится нарисованной не гавном, а маслом.
Во всех этих cool story ломается один из базовых инвариантов ядра:
Файл или страница памяти должны быть доступны read ONLY, но $USER ,без привилегий получает возможность изменить то, что менять не должен. (как внезапно да ?).

Особенным ароматом пахнет ветка page-cache bugs !
Тут и файл на диске может оставаться неизменным и checksum может быть нормальным, но процесс при чтении получает уже "заряженную" копию из page cache. (опять мир чудес).
Ну а для LPE этого достаточно - если удаётся повлиять на то что видит setuid-root бинарь или системный компонент, любой $USER забирает root.

НЕЛЬЗЯ ГОВОРИТЬ что Dirty Pipe, Copy Fail, Dirty Frag, Fragnesia и GRO Frag — это “ЭТО ОДНА И ТАЖЕ ДЫРА”. Нет, это РАЗНЫЕ баги в РАЗНЫХ подсистемах.
Но можно сказать это точно одна и та же БОЛЕЗНЬ КЛАССА - zero-copy / shared buffers / fragments / page cache ownership оборзели и потеряли границы ответственности и это дало юзеру внезапно получить write primitive туда, где должен был быть read ONLY.

Старая корова (Dirty COW 2016) в этой истории это скорее прародитель по духу, коуч и духовный наставник.
io_uring UAF и io_uring ZCRX freelist — это соседняя ветка (но дерево то же) !!!! там больше про lifetime, UAF, freelist и kernel memory corruption, но философия ОЧЕНЬ ПОХОЖАЯ — сложные fast-path механизмы ломают модель владения памятью.

Ну и какой вывод то а ? Да такой же как и всегда, чем сложнее система - тем легче ломать.
Современные zero-copy и high-performance пути в ядре стали настолько сложными, что любая ошибка в refcount/ownership превращается в root.

#РубрикаНаЗаметкуХакеру

CVE-2026-6068 — NASM Heap UAF Turns Into Persistent RCE Through a Dependency-File Symlink Trick

Attribution. This is an original English rewrite based on the writeup “CVE-2026-6068 – From Heap UAF to Persistent RCE in NASM” by breakingbad on Project SEKAI (sekai.team, published 18 May 2026). All research, code, screenshots and the disclosure timeline are the original author’s work. Both screenshots and every code listing are reproduced verbatim at their…

https://core-jmp.org/2026/05/cve-2026-6068-nasm-heap-uaf-persistent-rce/

RemotePE: Inside Lazarus’s In-Memory RAT and Its DPAPI-Keyed Three-Stage Loader Chain

Attribution. This is an original English rewrite based on “RemotePE: The Lazarus RAT that lives in memory” by Yun Zheng Hu and Mick Koomen on the Fox-IT (NCC Group) International blog (published 22 May 2026). All research, screenshots, tables, IOCs and YARA rules are the original authors’ work. Figures, IOCs, YARA rules and command tables…

https://core-jmp.org/2026/05/remotepe-lazarus-in-memory-rat-dpapi-loader-chain/

CVE-2026-28910: Breaking the macOS App Sandbox, TCC and Code Signing with Archive Utility

Attribution. This is an original English rewrite based on “CVE-2026-28910: Breaking macOS App Sandbox Data Containers, TCC, and Hijacking Apps Using Archive Utility” by Talal Haj Bakry and Tommy Mysk on Mysk Blog (mysk.blog, published 19 May 2026). All research, screenshots, videos, code listings and the disclosure timeline are the original authors’ work. Every figure,…

https://core-jmp.org/2026/05/cve-2026-28910-macos-archive-utility-sandbox-tcc-app-hijacking/

BYOVD Attack Surface: From Vulnerability-Driven to Certificate Abuse

Source attribution. This is an original English rewrite of the research article “BYOVD宣击面从漏洞驱动到合法证书的范式转移” (“BYOVD Attack Surface: Paradigm Shift from Vulnerability-Driven to Legitimate Certificate Abuse”), published on Ghost Wolf Lab — Research on 2026-05-24. Author not clearly listed (publication: Ghost Wolf Lab). All technical claims, code samples, and figures are credited to the original author and…

https://core-jmp.org/2026/05/byovd-attack-surface-vulnerability-to-certificate-abuse/

Callback Hell: Abusing Callbacks, Tail Calls, and Proxy Frames to Obfuscate the Stack

Source & licence. This is a faithful English republication of “Callback hell: abusing callbacks, tail-calls, and proxy frames to obfuscate the stack” by klezVirus (posted 2025-12-21, updated 2025-12-22). The original is licensed under CC BY 4.0; that licence allows republication with attribution, which is provided here in full. All figures, assembly listings, and the POC…

https://core-jmp.org/2026/05/callback-hell-tail-calls-proxy-frames-stack-obfuscation/

CVE-2024-27398: Exploiting a Linux Bluetooth SCO Use-After-Free with SMEP Bypass

Source attribution. This is an original English rewrite of “CVE-2024-27398 — Exploiting a Linux Bluetooth SCO Use-After-Free with SMEP Bypass”, published on Secunnix Cyber Security on 2026-04-25 (author not clearly listed — byline reads “Yayıncı: Anonymous”). The original carries an “All rights reserved” notice (© Secunnix Cyber Security — Tüm hakları saklıdır.), so this is…

https://core-jmp.org/2026/05/cve-2024-27398-linux-bluetooth-sco-uaf-smep-bypass/

UAC-0247 / UAC-0244: HTA-Borne Malware Hunts Ukrainian FPV Drone Operators

Original English rewrite with full credit. This article is an independent English-language rewrite of “UAC-0244 / UAC-0247: Malware Targeting FPV drone operators” by Robin Dost, published on the Synaptic Security Blog on May 21, 2026.

All original research, screenshots, decoded scripts, hashes, infrastructure findings, and the IIM Chain diagram remain the work of the original…

https://core-jmp.org/2026/05/uac-0247-uac-0244-fpv-drone-operators-malware/

Attacking Samsung RKP: Three Bypasses of EL2 Kernel Protection on Exynos Devices

Original English rewrite with full credit. This article is an independent English-language rewrite of “Attacking Samsung RKP” by Alexandre Adamski, published on the Impalabs Blog on November 25, 2021.

All vulnerability research, reverse engineering, source-code excerpts, ASCII diagrams, and the exploit proof-of-concept are the work of the original author and were originally disclosed by Longterm…

https://core-jmp.org/2026/05/attacking-samsung-rkp-impalabs-rewrite/

PPL Abuse: How Attackers Turn Windows’ Own Trust Anchors Into EDR Killers

Original English rewrite with full credit. This article is an independent English-language rewrite of «PPL滥用» (“PPL Abuse”), published on the Ghost Wolf Lab research blog on May 25, 2026. Author not clearly listed on the source page — attributed to Ghost Wolf Lab.

The original is in Chinese. All technical analysis, the PPL-inspection C program,…

https://core-jmp.org/2026/05/ppl-abuse-ghost-wolf-lab-rewrite/

Malware Development Essentials for Operators: From PEB Walking to Kernel-Mode DKOM

Original English rewrite with full credit. This article is an independent English-language rewrite of “Malware Development Essentials for Operators”, published on f00crew.org (page /0x33). Author not clearly listed on the source page — site handle 0x00, no byline.

All technical content, code samples, ASCII diagrams, and VirusTotal screenshots are the work of the original author.…

https://core-jmp.org/2026/05/malware-development-essentials-for-operators-rewrite/

educational project
Пфф, ну разумеется, о чем речь то

#rootkits #bootkits

V2X2MAP: A $10 ESP32-C5 Board Plus an Android App Turns Live 802.11p V2X Traffic Into a Map

Original English rewrite with full credit. This article is an independent English-language rewrite of “Monitor live traffic from V2X signals with V2X2MAP open-source Android app and an ESP32-C5 development board”, by Jean-Luc Aufranc (CNXSoft), published on CNX Software on May 25, 2026.

All hardware photos, app screenshots, the legal disclaimer text and the underlying reporting…

https://core-jmp.org/2026/05/v2x2map-esp32-c5-android-v2x-traffic-monitor/