Proxy Bar
20.8K subscribers
1.65K photos
102 videos
669 files
1.69K links
Exploits, Hacking and Leaks

Чат группы - https://t.me/

Связь с администрацией и реклама:
@NULL_vm

Поддержать проект:
BTC bc1qmrt229eghjyj9wqa7nmr9j8zuq6khz6km2pker
Download Telegram
Client-Side Container Attack: DLL Sideloading wab.exe via Email Archive Delivery

Original text: “Initial access. Client side container attack” — Leigh Gilbert, Exploitz (exploitz.ca, June 2026). The diagrams below are reproduced with attribution; prose is paraphrased. MITRE ATT&CK reference: T1574.001 — DLL Search Order Hijacking.

Executive Summary

Leigh Gilbert’s walkthrough chains together a long-known but still effective initial-access pattern: ship a signed Microsoft binary that has…

https://core-jmp.org/2026/06/client-side-container-attack-dll-sideloading-wab-exe-email-archive/
🔥5👍1
Patching the Windows Kernel via BYOVD: ThrottleStop.sys, MmMapIoSpace and the NtAddAtom Trampoline

Original text: “Whoops! I did it again. I patched Windows Kernel at Milan0day 2026” — zer0matt, zer0matt’s blog (29 May 2026). PoC: github.com/zer0matt/Milan0day2026. Diagrams below are reproduced from the original with attribution; prose is paraphrased.

Executive Summary

zer0matt’s Milan0day 2026 talk and accompanying writeup demonstrate a clean Bring Your Own Vulnerable Driver (BYOVD) chain that…

https://core-jmp.org/2026/06/patching-windows-kernel-byovd-throttlestop-mmmapiospace-ntaddatom/
👍4🔥3
👍20🔥15😱4
Covert Kernel/User Communication Channels on Windows: Rootkits, Game Cheats, and Detection

Original text: “Covert Kernel/User Communication Channels on Windows: Rootkits, Game Cheats, and Detection” — kernullist, Kernullist’s Blog (Jun 10, 2026). Classification tables, ASCII flow diagrams, and C-language structure declarations below are reproduced verbatim with attribution captions.

Executive Summary

A modern Windows kernel-assisted threat is almost never a single user-mode binary doing all the work. It…

https://core-jmp.org/2026/06/covert-kernel-user-communication-channels-windows-rootkits-cheats-detection/
🔥8👍1😱1
ЧТО то мне эта копирка сильно напоминает, ну слово в слово
read

#damage #рукалицо
👍9😱3🔥2
ITScape: Guest-to-Host Escape in KVM/arm64
*
ALL in ONE
😱7👍6🔥5
GreatXML: Bypassing BitLocker on Windows 11 via a Recovery-Partition unattend.xml

Original text: “GreatXML — BitLocker bypass vulnerability” — NightmareEclipse (GitHub handle MSNightmare), released under the MIT license. The README, the unattend.xml, the ReAgent.xml and both screenshots below are reproduced verbatim with attribution captions, in line with the project’s MIT terms.

Executive Summary

GreatXML is a one-file BitLocker bypass against Windows 11 (build 10.0.26100, the 24H2…

https://core-jmp.org/2026/06/greatxml-bitlocker-bypass-winre-unattend-xml/
🔥13👍1
Windows Win32k Elevation of Privilege Vulnerability (CVE-2021-1732): Walkthrough of the ConsoleControl Offset Confusion

Original text: “Windows Win32k Elevation of Privilege Vulnerability (Win32k ConsoleControl Offset Confusion) — CVE-2021-1732” — Safe Security research paper (June 3, 2021). Figures and commands below are reproduced verbatim with attribution captions.

Executive Summary

CVE-2021-1732 is a Win32k local privilege escalation vulnerability in the Windows graphics subsystem driver win32kfull.sys. The flaw, also referred to as…

https://core-jmp.org/2026/06/cve-2021-1732-win32k-consolecontrol-offset-confusion-walkthrough/
🔥2😱1
Overcoming Space Restrictions with Egghunters in Windows Exploit Development — Savant Web Server 3.1, Syscall & SEH Egghunters, Heap Staging

Original text: “Overcoming Space Restrictions with Egghunters in Windows Exploit Development” — Remo (@Rem01x), Remo’s Blog (posted Jun 9, 2026). Code blocks, tables, and figures below are reproduced verbatim with attribution captions.

Executive Summary

Classic stack buffer overflows on 32-bit Windows services frequently land an attacker in a constrained position: deterministic EIP control is achieved,…

https://core-jmp.org/2026/06/egghunter-windows-exploit-development-savant-syscall-seh-heap-staging/
👍3🔥2
Forwarded from ⃤⃤¤๋ࣩࣩࣩࣩࣩࣩࣩࣩࣩࣩࣩࣩࣩࣧࣧࣧࣧࣧࣧࣧࣧࣧࣧࣧ͜͡LeandeR°7⨀7⃤𑲯𑲯𑲯𑲯𑲯ا W̵̦͈̜̭̥̣͎̹͉̯͇̗͋̋͑͊́͠e̶̾͌͌͒͌̀͋͌̉͝ ̡͎͖̼̻̮̲͓̺̺̲ͅb̵̍̾̉̒ ̢̪̜̜̼̟̼̬̻̀3̴
👁 Ваши данные уже слиты
Учимся искать то, что скрыто


Только в 2025 году в сеть утекло 767 миллионов записей с данными россиян. Информации - море, но 95% людей не умеют искать ничего сложнее базовых запросов.

😒Мы запускаем бесплатный 2-дневный онлайн-интенсив по OSINT

Выдают базу Давид (8 лет в пентесте, Red Team EC-Council) и Анар (9 лет в анализе киберугроз).

💗16 июня в 19:00 - Найди невидимое
Разбираем продвинутые техники: скрытые возможности Google Dorks, правильный пробив людей и компаний, работа с обратным поиском. В конце - живая практика мини-расследования.


💗18 июня в 19:00 - Мышление расследователя
Учимся не просто гуглить, а собирать разрозненные куски в единую картину. Вытаскиваем метаданные, строим связи (люди/домены/аккаунты), вычисляем фейки и упаковываем всё это в полноценное досье.


Регистрируйтесь сейчас - сразу после входа закинем вам в телеграм подробную карту OSINT-инструментов, чтобы не потеряться!
⬇️⬇️⬇️
ПОДРОБНЕЕ
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
😱10👍7🔥2
Scales — carving an embedded eBPF rootkit
*
eBPF-based infostealer & rootkit targeting Arch Linux
👍7🔥3😱2
3D Point 😁
***
Если точка имеет координаты x, y, z, значит ли это, что она трехмерная?
например:
P = (10, 20, 30)
у нее есть положение в 3D пространстве.
Есть ли у неё длина, ширина, высота и объём ?

*** то же самое, только злее

у точки в 3D есть три координаты.
у 3D объекта есть три размера.
Координаты и размеры — это одно и то же?
👍8😱5🔥2
CVE-2026-20245 Cisco Catalyst SD-WAN Manager Privilege Escalation
*
.py
👍7🔥1
Некоторый Пал Леанидыч рекомендует
*
радиолюбитель
👍16🔥2
This media is not supported in your browser
VIEW IN TELEGRAM
scp.exe -S "cmd /c c:\windows\system32\calc.exe" . localhost:.
😱18🔥9👍8
CVE-2026-40369: Twelve Bytes to Escape the Browser Sandbox

Original text: “CVE-2026-40369: Twelve Bytes to Escape the Browser Sandbox” — voidsec, VoidSec (20 May 2026). Hex-Rays excerpts, exploit pseudo-code, and offsets below are reproduced verbatim with attribution captions; surrounding prose is paraphrased.

Executive Summary

CVE-2026-40369 is an unprivileged arbitrary 12-byte kernel write primitive sitting inside nt!ExpGetProcessInformation in ntoskrnl.exe. The bug is reachable from any…

https://core-jmp.org/2026/06/cve-2026-40369-twelve-bytes-browser-sandbox-escape/
🔥3
Factoring “Short-Sleeve” RSA Keys with Polynomials

Original text: “Factoring “short-sleeve” RSA keys with polynomials” — Keegan Ryan, The Trail of Bits Blog (12 June 2026). Figures, decompiled code, and synthetic moduli below are reproduced verbatim with attribution captions; surrounding prose is paraphrased.

Executive Summary

What happens when an RSA modulus is generated from a private key whose bits are heavily biased…

https://core-jmp.org/2026/06/factoring-short-sleeve-rsa-keys-with-polynomials/
🔥2
CVE-2025-8088 — Russia-Linked APTs Are Still Pwning Unpatched WinRAR Installs in Ukraine

Original text: “Russian APTs Still Exploiting Patched WinRAR Flaw CVE-2025-8088” — Pierluigi Paganini, Security Affairs (June 10, 2026). Trend Micro’s reporting and the two illustrations below are reproduced with attribution; prose is original analysis.

Executive Summary

Pierluigi Paganini’s Security Affairs writeup — built on a June 2026 Trend Micro report — documents that CVE-2025-8088, the…

https://core-jmp.org/2026/06/cve-2025-8088-russian-apts-winrar-ukraine-patch-gap/
👍3🔥2
From Prompt to Pwned: Chaining LLM and Web Bugs into Admin Takeover

Original text: "From prompt to pwned: chaining LLM and web bugs to Admin" — Norak, Quarkslab’s blog (05 June 2026). Code snippets, payloads and figures below are reproduced verbatim with attribution captions; surrounding prose is paraphrased.

Executive Summary

Prompt injection has become the headline LLM risk, but the Quarkslab red team exercise behind this article…

https://core-jmp.org/2026/06/from-prompt-to-pwned-chaining-llm-and-web-bugs-to-admin/
🔥1
DCOMIllusionist — Fileless Windows Lateral Movement via .NET DCOM Server Deserialization

Original text: synacktiv/DCOMIllusionist README on GitHub — by Synacktiv, June 2026. Command-line help, CLSID/AppId lists, build commands and short code snippets below are reproduced verbatim with attribution. Diagrams are rendered from the repository’s img/ SVGs.

Executive Summary

DCOMIllusionist is Synacktiv’s open-source C# implementation of a .NET-DCOM-deserialisation lateral-movement primitive originally written up by James Forshaw —…

https://core-jmp.org/2026/06/synacktiv-dcomillusionist-dcom-fileless-lateral-movement/
🔥2👍1