Proxy Bar
20.8K subscribers
1.65K photos
102 videos
669 files
1.69K links
Exploits, Hacking and Leaks

Чат группы - https://t.me/

Связь с администрацией и реклама:
@NULL_vm

Поддержать проект:
BTC bc1qmrt229eghjyj9wqa7nmr9j8zuq6khz6km2pker
Download Telegram
Factoring “Short-Sleeve” RSA Keys with Polynomials

Original text: “Factoring “short-sleeve” RSA keys with polynomials” — Keegan Ryan, The Trail of Bits Blog (12 June 2026). Figures, decompiled code, and synthetic moduli below are reproduced verbatim with attribution captions; surrounding prose is paraphrased.

Executive Summary

What happens when an RSA modulus is generated from a private key whose bits are heavily biased…

https://core-jmp.org/2026/06/factoring-short-sleeve-rsa-keys-with-polynomials/
🔥1
tabby — A Minimal Position-Independent Windows x64 Shellcode Framework, Built Entirely on Linux

Original text: cocomelonc/tabby README on GitHub — by cocomelonc. The screenshots are reproduced from the repository’s img/ folder; technical code snippets and the project-rationale table are reproduced verbatim with attribution. Prose summary is original.

Executive Summary

tabby is cocomelonc’s minimal teaching framework for building position-independent Windows x64 shellcode in C, designed for the upcoming Malware…

https://core-jmp.org/2026/06/tabby-cocomelonc-shellcode-framework-windows-x64/
🔥6
Weaponizing Writable SMB Shares to Steal Domain Credentials

Original text: “Weaponizing SMB Shares to Steal Domain Credentials” — Alex Neacsu, Security Café (April 21, 2026). Code snippets and screenshots below are reproduced verbatim with attribution captions.

Executive Summary

Alex Neacsu’s Security Café post is a clean, end-to-end walkthrough of a coercion technique every internal pentester has used and most internal AD environments are…

https://core-jmp.org/2026/06/weaponizing-smb-shares-steal-domain-credentials/
🔥8👍2
NOT сесурити
🔥22
Hunting Active Directory Honeypots: Reading lastLogon as a Decoy Oracle

Original text: “Hunting Honey Pots as Red Teamers” — Charles F. Hamilton, CYPFER Offensive Practice (June 15, 2026). Screenshots and the sam_honeypot_enum.c source are reproduced verbatim with attribution captions.

Executive Summary

Honeytokens and honeypot accounts are some of the highest-signal tripwires defenders can place inside Active Directory: any interaction with them is, by construction, illegitimate.…

https://core-jmp.org/2026/06/hunting-active-directory-honeypots-lastlogon-oracle/
🔥6👍1
BindFlt 0x50: Windows 11 25H2 Bugcheck from Malformed Batch Virtualisation Mappings

Research artifact: bindflt-0x50 — author not clearly listed. Independent PoC against bindflt.sys on Windows 11 25H2 (build 26100.8655). The artifact ships struct_fuzz.c, a Makefile, and a kernel minidump (061826-31687-01.dmp); all are reproduced or summarised verbatim below.

SHA-256 hashes (as shipped in the original README):
struct_fuzz.c — a8aa5b568b5d95f32fe2605aa979a4ab186498080174574c08f3b90532285a7a
struct_fuzz.exe (built on the VM) — 6bfbbc67a1f09655287ab3f1ec1ed3144dddb099ff914b2865c16937f57334b9

Executive…

https://core-jmp.org/2026/06/bindflt-0x50-windows-11-25h2-bugcheck-bfvalidateshortname/
🔥3😱2
Striga: A 500-Line Python Lifter from x86 to LLVM IR

Original text: “Striga: Lifting x86 to LLVM IR with Python” — mrexodia, secret club (May 21, 2026). Code blocks, the control-flow graph and short quotations below are reproduced verbatim with attribution captions.

Executive Summary

Lifting x86 machine code into a higher-level intermediate representation is the foundation of most modern static deobfuscators, devirtualizers, and binary translators…

https://core-jmp.org/2026/06/striga-python-lifter-x86-to-llvm-ir/
👍2🔥2
ROP Gadget Hunting on Windows: Building a DEP-Bypass Exploit Chain with rop_scanner

Project: github.com/oxfemale/rop_scanner — offline ROP / JOP / syscall / pivot gadget hunter for Windows PE files, written in C++17, decoder powered by Zydis. Cross-platform (Windows / Linux / macOS), single self-contained binary. Builds on the technique described by 0x12 Dark Development (@Salsa12__) in «Hunting ROP Gadgets in Windows DLLs» on Medium.

Executive Summary

Exploiting…

https://core-jmp.org/2026/06/rop-scanner-windows-rop-gadget-hunting-exploit-chain/
🔥9
This media is not supported in your browser
VIEW IN TELEGRAM
CVE-2026-42530 NGINX RCE
*
Подвержен Nginx 1.31 - если включен QUIC
*
Господа из Nebula Security обещают сегодня тех обзор на дыру
👍31🔥15
Autonomous Vulnerability Hunting with MCP: Inside a Self-Improving 0-Day Pipeline

Original text: “Autonomous Vulnerability Hunting with MCP” (alt title: “Bullying LLMs into submission to find 0days at scale”) — Andy Gill, ZephrSec – Adventures In Information Security (2026-04-04). Code snippets, tables and figures below are reproduced verbatim with attribution captions.

Executive Summary

Andy Gill of ZephrSec spent the early part of 2026 wiring Claude Code…

https://core-jmp.org/2026/06/autonomous-vulnerability-hunting-mcp-claude-code-pipeline/
👍10🔥3😱1
CVE-2026-56099 OpenBSD - Remote Kernel MPLS Stack Disclosure
*
Tech + PoC
👍9🔥4😱4
Windows ARM64 Internals: Pardon The Interruption — Interrupts on Windows for ARM

Original text: “Windows ARM64 Internals: Pardon The Interruption! Interrupts on Windows for ARM” — Connor McGarr, Connor McGarr’s Blog (January 2, 2026). All figures and code listings below are reproduced verbatim from the source with attribution captions.

Executive Summary

Most Windows kernel researchers grew up reading x64 internals: APIC, IDT, IDTR, KiIsrThunk. Windows on ARM…

https://core-jmp.org/2026/06/windows-arm64-internals-interrupts-gic-hyperv-secure-kernel/
😱3🔥2
LACUNA Chain: Ghost Frames Defeat Every Layer of EDR Call-Stack Detection

Original text: “LACUNA Chain: Ghost Frames — defeats all EDR layers of call-stack-based detection” — Mohamed Alzhrani (@0xmaz), 0xmaz.me (Jun 20, 2026). Licensed CC BY 4.0. Tables, code listings, diagrams and figures below are reproduced verbatim with attribution captions.

Executive Summary

Modern endpoint detection has moved its trustworthiness anchor from userland hooks to kernel-mode telemetry:…

https://core-jmp.org/2026/06/lacuna-chain-ghost-frames-defeat-edr-call-stack-detection/
🔥7
JSC Exploitation Primitives Part 1: From One OOB to Cage-Free Arbitrary R/W

Original text: “JSC Exploitation Primitives — Part 1: From One OOB to Cage-Free Arbitrary R/W” — Varik Matevosyan (@D4RK7ET), Varik’s Blog (June 19, 2026). Code listings, ASCII memory diagrams and figures below are reproduced verbatim with attribution captions.

Executive Summary

Varik Matevosyan’s first instalment of his JSC series walks step by step from a single…

https://core-jmp.org/2026/06/jsc-exploitation-primitives-part-1-oob-to-cage-free-arbitrary-rw/
🔥1
How LLMs Actually Work: A Transformer Internals Walkthrough

Original text: “How LLMs Actually Work” — 0xkato, 0xkato.xyz (June 1, 2026). Figures and “Tiny Explainer” callouts below are reproduced with attribution captions.

Executive Summary

0xkato’s piece is a guided tour of what’s actually inside a modern Large Language Model, written for readers who want the mechanism without the math. The framing is simple: a…

https://core-jmp.org/2026/06/how-llms-actually-work-transformer-internals-walkthrough/
🔥4👍3
Ну поглядим что из этого выйдет.
Сделаем свой криптоКонтейнер !НО, таким образом, что бы его воровство или уже вытягивание данных с уже открытого контейнера - грязный воришка все равно получил бы МУСОР
👍10🔥7😱2
CVE-2026-48909 — SP LMS PHP Object Injection - RCE
*
POC ≤ 4.1.3 for Joomla CMS
👍9🔥8
DCOM Explained: How Attackers Turn a Windows Feature into a Lateral Movement Tool

Original text: “DCOM Explained: How Attackers Turn a Windows Feature into a Lateral Movement Tool” — Zshan Hyder, Detect FYI (June 2026). The event-log samples and figures below are reproduced verbatim with attribution captions.

Executive Summary

Component Object Model (COM) is the plumbing that lets two applications on a single Windows host talk to each…

https://core-jmp.org/2026/06/dcom-lateral-movement-detection-explained/
👍5🔥3
CVE-2026-55200 libssh2
*
Занятно конечно, сразу поясню - это не дырка в SSH server, это дырка в клиентской библиотеке SSH2.
То есть если у тебя какой то ssh клиент использует эту либру и ты заманил юзера на свой evil ssh srv, то прикольно.
Еще из прикольного что в advisory видно короткий hash 7acf3df, но реальная ссылка upstream ведёт на commit 97acf3df.. (наверно просто ошиблись 😁)


PoC and local RCE scaffold
👍9🔥3
CVE-2026-41096: Heap Overflow in the Windows DNS Client

Original text: “CVE-2026-41096: Heap Overflow in the Windows DNS Client” — m0n1x90, m0n1x90.dev (May 24, 2026). Code, tables and ASCII diagrams below are reproduced verbatim with attribution captions.

Executive Summary

CVE-2026-41096 is a remotely-triggerable heap overflow in dnsapi.dll, the Windows DNS client library shipped with modern Windows 11 builds. A single crafted UDP DNS response…

https://core-jmp.org/2026/06/cve-2026-41096-windows-dns-client-heap-overflow/
🔥3
FUD Shellcode Stagers in Python: String Reversal, NT APIs and IAT Walking to Bypass EDR

Original text: “Creative approaches to coding FUD Stagers” — R.B.C. (g3tsyst3m), G3tSyst3m’s Infosec Blog (March 29, 2026). The code, screenshots and VirusTotal results below are reproduced verbatim with attribution captions; the surrounding prose is a paraphrase.

Executive Summary

The g3tsyst3m blog post walks through two Python-based shellcode stagers that both achieve 0/63 on VirusTotal by…

https://core-jmp.org/2026/06/fud-shellcode-stagers-python-string-reversal-nt-apis-iat-walking/
🔥5