Client-Side Container Attack: DLL Sideloading wab.exe via Email Archive Delivery
Original text: “Initial access. Client side container attack” — Leigh Gilbert, Exploitz (exploitz.ca, June 2026). The diagrams below are reproduced with attribution; prose is paraphrased. MITRE ATT&CK reference: T1574.001 — DLL Search Order Hijacking.
Executive Summary
Leigh Gilbert’s walkthrough chains together a long-known but still effective initial-access pattern: ship a signed Microsoft binary that has…
https://core-jmp.org/2026/06/client-side-container-attack-dll-sideloading-wab-exe-email-archive/
Original text: “Initial access. Client side container attack” — Leigh Gilbert, Exploitz (exploitz.ca, June 2026). The diagrams below are reproduced with attribution; prose is paraphrased. MITRE ATT&CK reference: T1574.001 — DLL Search Order Hijacking.
Executive Summary
Leigh Gilbert’s walkthrough chains together a long-known but still effective initial-access pattern: ship a signed Microsoft binary that has…
https://core-jmp.org/2026/06/client-side-container-attack-dll-sideloading-wab-exe-email-archive/
🔥5👍1
Patching the Windows Kernel via BYOVD: ThrottleStop.sys, MmMapIoSpace and the NtAddAtom Trampoline
Original text: “Whoops! I did it again. I patched Windows Kernel at Milan0day 2026” — zer0matt, zer0matt’s blog (29 May 2026). PoC: github.com/zer0matt/Milan0day2026. Diagrams below are reproduced from the original with attribution; prose is paraphrased.
Executive Summary
zer0matt’s Milan0day 2026 talk and accompanying writeup demonstrate a clean Bring Your Own Vulnerable Driver (BYOVD) chain that…
https://core-jmp.org/2026/06/patching-windows-kernel-byovd-throttlestop-mmmapiospace-ntaddatom/
Original text: “Whoops! I did it again. I patched Windows Kernel at Milan0day 2026” — zer0matt, zer0matt’s blog (29 May 2026). PoC: github.com/zer0matt/Milan0day2026. Diagrams below are reproduced from the original with attribution; prose is paraphrased.
Executive Summary
zer0matt’s Milan0day 2026 talk and accompanying writeup demonstrate a clean Bring Your Own Vulnerable Driver (BYOVD) chain that…
https://core-jmp.org/2026/06/patching-windows-kernel-byovd-throttlestop-mmmapiospace-ntaddatom/
👍4🔥3
Covert Kernel/User Communication Channels on Windows: Rootkits, Game Cheats, and Detection
Original text: “Covert Kernel/User Communication Channels on Windows: Rootkits, Game Cheats, and Detection” — kernullist, Kernullist’s Blog (Jun 10, 2026). Classification tables, ASCII flow diagrams, and C-language structure declarations below are reproduced verbatim with attribution captions.
Executive Summary
A modern Windows kernel-assisted threat is almost never a single user-mode binary doing all the work. It…
https://core-jmp.org/2026/06/covert-kernel-user-communication-channels-windows-rootkits-cheats-detection/
Original text: “Covert Kernel/User Communication Channels on Windows: Rootkits, Game Cheats, and Detection” — kernullist, Kernullist’s Blog (Jun 10, 2026). Classification tables, ASCII flow diagrams, and C-language structure declarations below are reproduced verbatim with attribution captions.
Executive Summary
A modern Windows kernel-assisted threat is almost never a single user-mode binary doing all the work. It…
https://core-jmp.org/2026/06/covert-kernel-user-communication-channels-windows-rootkits-cheats-detection/
🔥8👍1😱1
GreatXML: Bypassing BitLocker on Windows 11 via a Recovery-Partition unattend.xml
Original text: “GreatXML — BitLocker bypass vulnerability” — NightmareEclipse (GitHub handle MSNightmare), released under the MIT license. The README, the unattend.xml, the ReAgent.xml and both screenshots below are reproduced verbatim with attribution captions, in line with the project’s MIT terms.
Executive Summary
GreatXML is a one-file BitLocker bypass against Windows 11 (build 10.0.26100, the 24H2…
https://core-jmp.org/2026/06/greatxml-bitlocker-bypass-winre-unattend-xml/
Original text: “GreatXML — BitLocker bypass vulnerability” — NightmareEclipse (GitHub handle MSNightmare), released under the MIT license. The README, the unattend.xml, the ReAgent.xml and both screenshots below are reproduced verbatim with attribution captions, in line with the project’s MIT terms.
Executive Summary
GreatXML is a one-file BitLocker bypass against Windows 11 (build 10.0.26100, the 24H2…
https://core-jmp.org/2026/06/greatxml-bitlocker-bypass-winre-unattend-xml/
🔥13👍1
Windows Win32k Elevation of Privilege Vulnerability (CVE-2021-1732): Walkthrough of the ConsoleControl Offset Confusion
Original text: “Windows Win32k Elevation of Privilege Vulnerability (Win32k ConsoleControl Offset Confusion) — CVE-2021-1732” — Safe Security research paper (June 3, 2021). Figures and commands below are reproduced verbatim with attribution captions.
Executive Summary
CVE-2021-1732 is a Win32k local privilege escalation vulnerability in the Windows graphics subsystem driver win32kfull.sys. The flaw, also referred to as…
https://core-jmp.org/2026/06/cve-2021-1732-win32k-consolecontrol-offset-confusion-walkthrough/
Original text: “Windows Win32k Elevation of Privilege Vulnerability (Win32k ConsoleControl Offset Confusion) — CVE-2021-1732” — Safe Security research paper (June 3, 2021). Figures and commands below are reproduced verbatim with attribution captions.
Executive Summary
CVE-2021-1732 is a Win32k local privilege escalation vulnerability in the Windows graphics subsystem driver win32kfull.sys. The flaw, also referred to as…
https://core-jmp.org/2026/06/cve-2021-1732-win32k-consolecontrol-offset-confusion-walkthrough/
🔥2😱1
Overcoming Space Restrictions with Egghunters in Windows Exploit Development — Savant Web Server 3.1, Syscall & SEH Egghunters, Heap Staging
Original text: “Overcoming Space Restrictions with Egghunters in Windows Exploit Development” — Remo (@Rem01x), Remo’s Blog (posted Jun 9, 2026). Code blocks, tables, and figures below are reproduced verbatim with attribution captions.
Executive Summary
Classic stack buffer overflows on 32-bit Windows services frequently land an attacker in a constrained position: deterministic EIP control is achieved,…
https://core-jmp.org/2026/06/egghunter-windows-exploit-development-savant-syscall-seh-heap-staging/
Original text: “Overcoming Space Restrictions with Egghunters in Windows Exploit Development” — Remo (@Rem01x), Remo’s Blog (posted Jun 9, 2026). Code blocks, tables, and figures below are reproduced verbatim with attribution captions.
Executive Summary
Classic stack buffer overflows on 32-bit Windows services frequently land an attacker in a constrained position: deterministic EIP control is achieved,…
https://core-jmp.org/2026/06/egghunter-windows-exploit-development-savant-syscall-seh-heap-staging/
👍3🔥2
Forwarded from ⃤⃤¤๋ࣩࣩࣩࣩࣩࣩࣩࣩࣩࣩࣩࣩࣩࣧࣧࣧࣧࣧࣧࣧࣧࣧࣧࣧ͜͡LeandeR°7⨀7⃤𑲯𑲯𑲯𑲯𑲯ا W̵̦͈̜̭̥̣͎̹͉̯͇̗͋̋͑͊́͠e̶̾͌͌͒͌̀͋͌̉͝ ̡͎͖̼̻̮̲͓̺̺̲ͅb̵̍̾̉̒ ̢̪̜̜̼̟̼̬̻̀3̴
Учимся искать то, что скрыто
Только в 2025 году в сеть утекло 767 миллионов записей с данными россиян. Информации - море, но 95% людей не умеют искать ничего сложнее базовых запросов.
Выдают базу Давид (8 лет в пентесте, Red Team EC-Council) и Анар (9 лет в анализе киберугроз).
Разбираем продвинутые техники: скрытые возможности Google Dorks, правильный пробив людей и компаний, работа с обратным поиском. В конце - живая практика мини-расследования.
Учимся не просто гуглить, а собирать разрозненные куски в единую картину. Вытаскиваем метаданные, строим связи (люди/домены/аккаунты), вычисляем фейки и упаковываем всё это в полноценное досье.
Регистрируйтесь сейчас - сразу после входа закинем вам в телеграм подробную карту OSINT-инструментов, чтобы не потеряться!
ПОДРОБНЕЕ
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
😱10👍7🔥2
👍7🔥3😱2
3D Point 😁
***
Если точка имеет координаты
например:
P = (10, 20, 30)
у нее есть положение в 3D пространстве.
Есть ли у неё длина, ширина, высота и объём ?
*** то же самое, только злее
у точки в 3D есть три координаты.
у 3D объекта есть три размера.
Координаты и размеры — это одно и то же?
***
Если точка имеет координаты
x, y, z, значит ли это, что она трехмерная?например:
P = (10, 20, 30)
у нее есть положение в 3D пространстве.
Есть ли у неё длина, ширина, высота и объём ?
*** то же самое, только злее
у точки в 3D есть три координаты.
у 3D объекта есть три размера.
Координаты и размеры — это одно и то же?
👍8😱5🔥2
This media is not supported in your browser
VIEW IN TELEGRAM
scp.exe -S "cmd /c c:\windows\system32\calc.exe" . localhost:.
😱18🔥9👍8
CVE-2026-40369: Twelve Bytes to Escape the Browser Sandbox
Original text: “CVE-2026-40369: Twelve Bytes to Escape the Browser Sandbox” — voidsec, VoidSec (20 May 2026). Hex-Rays excerpts, exploit pseudo-code, and offsets below are reproduced verbatim with attribution captions; surrounding prose is paraphrased.
Executive Summary
CVE-2026-40369 is an unprivileged arbitrary 12-byte kernel write primitive sitting inside nt!ExpGetProcessInformation in ntoskrnl.exe. The bug is reachable from any…
https://core-jmp.org/2026/06/cve-2026-40369-twelve-bytes-browser-sandbox-escape/
Original text: “CVE-2026-40369: Twelve Bytes to Escape the Browser Sandbox” — voidsec, VoidSec (20 May 2026). Hex-Rays excerpts, exploit pseudo-code, and offsets below are reproduced verbatim with attribution captions; surrounding prose is paraphrased.
Executive Summary
CVE-2026-40369 is an unprivileged arbitrary 12-byte kernel write primitive sitting inside nt!ExpGetProcessInformation in ntoskrnl.exe. The bug is reachable from any…
https://core-jmp.org/2026/06/cve-2026-40369-twelve-bytes-browser-sandbox-escape/
🔥3
Factoring “Short-Sleeve” RSA Keys with Polynomials
Original text: “Factoring “short-sleeve” RSA keys with polynomials” — Keegan Ryan, The Trail of Bits Blog (12 June 2026). Figures, decompiled code, and synthetic moduli below are reproduced verbatim with attribution captions; surrounding prose is paraphrased.
Executive Summary
What happens when an RSA modulus is generated from a private key whose bits are heavily biased…
https://core-jmp.org/2026/06/factoring-short-sleeve-rsa-keys-with-polynomials/
Original text: “Factoring “short-sleeve” RSA keys with polynomials” — Keegan Ryan, The Trail of Bits Blog (12 June 2026). Figures, decompiled code, and synthetic moduli below are reproduced verbatim with attribution captions; surrounding prose is paraphrased.
Executive Summary
What happens when an RSA modulus is generated from a private key whose bits are heavily biased…
https://core-jmp.org/2026/06/factoring-short-sleeve-rsa-keys-with-polynomials/
🔥2
CVE-2025-8088 — Russia-Linked APTs Are Still Pwning Unpatched WinRAR Installs in Ukraine
Original text: “Russian APTs Still Exploiting Patched WinRAR Flaw CVE-2025-8088” — Pierluigi Paganini, Security Affairs (June 10, 2026). Trend Micro’s reporting and the two illustrations below are reproduced with attribution; prose is original analysis.
Executive Summary
Pierluigi Paganini’s Security Affairs writeup — built on a June 2026 Trend Micro report — documents that CVE-2025-8088, the…
https://core-jmp.org/2026/06/cve-2025-8088-russian-apts-winrar-ukraine-patch-gap/
Original text: “Russian APTs Still Exploiting Patched WinRAR Flaw CVE-2025-8088” — Pierluigi Paganini, Security Affairs (June 10, 2026). Trend Micro’s reporting and the two illustrations below are reproduced with attribution; prose is original analysis.
Executive Summary
Pierluigi Paganini’s Security Affairs writeup — built on a June 2026 Trend Micro report — documents that CVE-2025-8088, the…
https://core-jmp.org/2026/06/cve-2025-8088-russian-apts-winrar-ukraine-patch-gap/
👍3🔥2
From Prompt to Pwned: Chaining LLM and Web Bugs into Admin Takeover
Original text: "From prompt to pwned: chaining LLM and web bugs to Admin" — Norak, Quarkslab’s blog (05 June 2026). Code snippets, payloads and figures below are reproduced verbatim with attribution captions; surrounding prose is paraphrased.
Executive Summary
Prompt injection has become the headline LLM risk, but the Quarkslab red team exercise behind this article…
https://core-jmp.org/2026/06/from-prompt-to-pwned-chaining-llm-and-web-bugs-to-admin/
Original text: "From prompt to pwned: chaining LLM and web bugs to Admin" — Norak, Quarkslab’s blog (05 June 2026). Code snippets, payloads and figures below are reproduced verbatim with attribution captions; surrounding prose is paraphrased.
Executive Summary
Prompt injection has become the headline LLM risk, but the Quarkslab red team exercise behind this article…
https://core-jmp.org/2026/06/from-prompt-to-pwned-chaining-llm-and-web-bugs-to-admin/
🔥1
DCOMIllusionist — Fileless Windows Lateral Movement via .NET DCOM Server Deserialization
Original text: synacktiv/DCOMIllusionist README on GitHub — by Synacktiv, June 2026. Command-line help, CLSID/AppId lists, build commands and short code snippets below are reproduced verbatim with attribution. Diagrams are rendered from the repository’s img/ SVGs.
Executive Summary
DCOMIllusionist is Synacktiv’s open-source C# implementation of a .NET-DCOM-deserialisation lateral-movement primitive originally written up by James Forshaw —…
https://core-jmp.org/2026/06/synacktiv-dcomillusionist-dcom-fileless-lateral-movement/
Original text: synacktiv/DCOMIllusionist README on GitHub — by Synacktiv, June 2026. Command-line help, CLSID/AppId lists, build commands and short code snippets below are reproduced verbatim with attribution. Diagrams are rendered from the repository’s img/ SVGs.
Executive Summary
DCOMIllusionist is Synacktiv’s open-source C# implementation of a .NET-DCOM-deserialisation lateral-movement primitive originally written up by James Forshaw —…
https://core-jmp.org/2026/06/synacktiv-dcomillusionist-dcom-fileless-lateral-movement/
🔥2👍1