Weaponizing Writable SMB Shares to Steal Domain Credentials
Original text: “Weaponizing SMB Shares to Steal Domain Credentials” — Alex Neacsu, Security Café (April 21, 2026). Code snippets and screenshots below are reproduced verbatim with attribution captions.
Executive Summary
Alex Neacsu’s Security Café post is a clean, end-to-end walkthrough of a coercion technique every internal pentester has used and most internal AD environments are…
https://core-jmp.org/2026/06/weaponizing-smb-shares-steal-domain-credentials/
Original text: “Weaponizing SMB Shares to Steal Domain Credentials” — Alex Neacsu, Security Café (April 21, 2026). Code snippets and screenshots below are reproduced verbatim with attribution captions.
Executive Summary
Alex Neacsu’s Security Café post is a clean, end-to-end walkthrough of a coercion technique every internal pentester has used and most internal AD environments are…
https://core-jmp.org/2026/06/weaponizing-smb-shares-steal-domain-credentials/
🔥8👍2
Hunting Active Directory Honeypots: Reading lastLogon as a Decoy Oracle
Original text: “Hunting Honey Pots as Red Teamers” — Charles F. Hamilton, CYPFER Offensive Practice (June 15, 2026). Screenshots and the sam_honeypot_enum.c source are reproduced verbatim with attribution captions.
Executive Summary
Honeytokens and honeypot accounts are some of the highest-signal tripwires defenders can place inside Active Directory: any interaction with them is, by construction, illegitimate.…
https://core-jmp.org/2026/06/hunting-active-directory-honeypots-lastlogon-oracle/
Original text: “Hunting Honey Pots as Red Teamers” — Charles F. Hamilton, CYPFER Offensive Practice (June 15, 2026). Screenshots and the sam_honeypot_enum.c source are reproduced verbatim with attribution captions.
Executive Summary
Honeytokens and honeypot accounts are some of the highest-signal tripwires defenders can place inside Active Directory: any interaction with them is, by construction, illegitimate.…
https://core-jmp.org/2026/06/hunting-active-directory-honeypots-lastlogon-oracle/
🔥6👍1
BindFlt 0x50: Windows 11 25H2 Bugcheck from Malformed Batch Virtualisation Mappings
Research artifact: bindflt-0x50 — author not clearly listed. Independent PoC against bindflt.sys on Windows 11 25H2 (build 26100.8655). The artifact ships struct_fuzz.c, a Makefile, and a kernel minidump (061826-31687-01.dmp); all are reproduced or summarised verbatim below.
SHA-256 hashes (as shipped in the original README):
struct_fuzz.c — a8aa5b568b5d95f32fe2605aa979a4ab186498080174574c08f3b90532285a7a
struct_fuzz.exe (built on the VM) — 6bfbbc67a1f09655287ab3f1ec1ed3144dddb099ff914b2865c16937f57334b9
Executive…
https://core-jmp.org/2026/06/bindflt-0x50-windows-11-25h2-bugcheck-bfvalidateshortname/
Research artifact: bindflt-0x50 — author not clearly listed. Independent PoC against bindflt.sys on Windows 11 25H2 (build 26100.8655). The artifact ships struct_fuzz.c, a Makefile, and a kernel minidump (061826-31687-01.dmp); all are reproduced or summarised verbatim below.
SHA-256 hashes (as shipped in the original README):
struct_fuzz.c — a8aa5b568b5d95f32fe2605aa979a4ab186498080174574c08f3b90532285a7a
struct_fuzz.exe (built on the VM) — 6bfbbc67a1f09655287ab3f1ec1ed3144dddb099ff914b2865c16937f57334b9
Executive…
https://core-jmp.org/2026/06/bindflt-0x50-windows-11-25h2-bugcheck-bfvalidateshortname/
🔥3😱2
Striga: A 500-Line Python Lifter from x86 to LLVM IR
Original text: “Striga: Lifting x86 to LLVM IR with Python” — mrexodia, secret club (May 21, 2026). Code blocks, the control-flow graph and short quotations below are reproduced verbatim with attribution captions.
Executive Summary
Lifting x86 machine code into a higher-level intermediate representation is the foundation of most modern static deobfuscators, devirtualizers, and binary translators…
https://core-jmp.org/2026/06/striga-python-lifter-x86-to-llvm-ir/
Original text: “Striga: Lifting x86 to LLVM IR with Python” — mrexodia, secret club (May 21, 2026). Code blocks, the control-flow graph and short quotations below are reproduced verbatim with attribution captions.
Executive Summary
Lifting x86 machine code into a higher-level intermediate representation is the foundation of most modern static deobfuscators, devirtualizers, and binary translators…
https://core-jmp.org/2026/06/striga-python-lifter-x86-to-llvm-ir/
👍2🔥2
ROP Gadget Hunting on Windows: Building a DEP-Bypass Exploit Chain with rop_scanner
Project: github.com/oxfemale/rop_scanner — offline ROP / JOP / syscall / pivot gadget hunter for Windows PE files, written in C++17, decoder powered by Zydis. Cross-platform (Windows / Linux / macOS), single self-contained binary. Builds on the technique described by 0x12 Dark Development (@Salsa12__) in «Hunting ROP Gadgets in Windows DLLs» on Medium.
Executive Summary
Exploiting…
https://core-jmp.org/2026/06/rop-scanner-windows-rop-gadget-hunting-exploit-chain/
Project: github.com/oxfemale/rop_scanner — offline ROP / JOP / syscall / pivot gadget hunter for Windows PE files, written in C++17, decoder powered by Zydis. Cross-platform (Windows / Linux / macOS), single self-contained binary. Builds on the technique described by 0x12 Dark Development (@Salsa12__) in «Hunting ROP Gadgets in Windows DLLs» on Medium.
Executive Summary
Exploiting…
https://core-jmp.org/2026/06/rop-scanner-windows-rop-gadget-hunting-exploit-chain/
🔥9
This media is not supported in your browser
VIEW IN TELEGRAM
CVE-2026-42530 NGINX RCE
*
Подвержен Nginx 1.31 - если включен
*
Господа из Nebula Security обещают сегодня тех обзор на дыру
*
Подвержен Nginx 1.31 - если включен
QUIC*
Господа из Nebula Security обещают сегодня тех обзор на дыру
👍31🔥15
Autonomous Vulnerability Hunting with MCP: Inside a Self-Improving 0-Day Pipeline
Original text: “Autonomous Vulnerability Hunting with MCP” (alt title: “Bullying LLMs into submission to find 0days at scale”) — Andy Gill, ZephrSec – Adventures In Information Security (2026-04-04). Code snippets, tables and figures below are reproduced verbatim with attribution captions.
Executive Summary
Andy Gill of ZephrSec spent the early part of 2026 wiring Claude Code…
https://core-jmp.org/2026/06/autonomous-vulnerability-hunting-mcp-claude-code-pipeline/
Original text: “Autonomous Vulnerability Hunting with MCP” (alt title: “Bullying LLMs into submission to find 0days at scale”) — Andy Gill, ZephrSec – Adventures In Information Security (2026-04-04). Code snippets, tables and figures below are reproduced verbatim with attribution captions.
Executive Summary
Andy Gill of ZephrSec spent the early part of 2026 wiring Claude Code…
https://core-jmp.org/2026/06/autonomous-vulnerability-hunting-mcp-claude-code-pipeline/
👍10🔥3😱1
Windows ARM64 Internals: Pardon The Interruption — Interrupts on Windows for ARM
Original text: “Windows ARM64 Internals: Pardon The Interruption! Interrupts on Windows for ARM” — Connor McGarr, Connor McGarr’s Blog (January 2, 2026). All figures and code listings below are reproduced verbatim from the source with attribution captions.
Executive Summary
Most Windows kernel researchers grew up reading x64 internals: APIC, IDT, IDTR, KiIsrThunk. Windows on ARM…
https://core-jmp.org/2026/06/windows-arm64-internals-interrupts-gic-hyperv-secure-kernel/
Original text: “Windows ARM64 Internals: Pardon The Interruption! Interrupts on Windows for ARM” — Connor McGarr, Connor McGarr’s Blog (January 2, 2026). All figures and code listings below are reproduced verbatim from the source with attribution captions.
Executive Summary
Most Windows kernel researchers grew up reading x64 internals: APIC, IDT, IDTR, KiIsrThunk. Windows on ARM…
https://core-jmp.org/2026/06/windows-arm64-internals-interrupts-gic-hyperv-secure-kernel/
😱3🔥2
LACUNA Chain: Ghost Frames Defeat Every Layer of EDR Call-Stack Detection
Original text: “LACUNA Chain: Ghost Frames — defeats all EDR layers of call-stack-based detection” — Mohamed Alzhrani (@0xmaz), 0xmaz.me (Jun 20, 2026). Licensed CC BY 4.0. Tables, code listings, diagrams and figures below are reproduced verbatim with attribution captions.
Executive Summary
Modern endpoint detection has moved its trustworthiness anchor from userland hooks to kernel-mode telemetry:…
https://core-jmp.org/2026/06/lacuna-chain-ghost-frames-defeat-edr-call-stack-detection/
Original text: “LACUNA Chain: Ghost Frames — defeats all EDR layers of call-stack-based detection” — Mohamed Alzhrani (@0xmaz), 0xmaz.me (Jun 20, 2026). Licensed CC BY 4.0. Tables, code listings, diagrams and figures below are reproduced verbatim with attribution captions.
Executive Summary
Modern endpoint detection has moved its trustworthiness anchor from userland hooks to kernel-mode telemetry:…
https://core-jmp.org/2026/06/lacuna-chain-ghost-frames-defeat-edr-call-stack-detection/
🔥7
JSC Exploitation Primitives Part 1: From One OOB to Cage-Free Arbitrary R/W
Original text: “JSC Exploitation Primitives — Part 1: From One OOB to Cage-Free Arbitrary R/W” — Varik Matevosyan (@D4RK7ET), Varik’s Blog (June 19, 2026). Code listings, ASCII memory diagrams and figures below are reproduced verbatim with attribution captions.
Executive Summary
Varik Matevosyan’s first instalment of his JSC series walks step by step from a single…
https://core-jmp.org/2026/06/jsc-exploitation-primitives-part-1-oob-to-cage-free-arbitrary-rw/
Original text: “JSC Exploitation Primitives — Part 1: From One OOB to Cage-Free Arbitrary R/W” — Varik Matevosyan (@D4RK7ET), Varik’s Blog (June 19, 2026). Code listings, ASCII memory diagrams and figures below are reproduced verbatim with attribution captions.
Executive Summary
Varik Matevosyan’s first instalment of his JSC series walks step by step from a single…
https://core-jmp.org/2026/06/jsc-exploitation-primitives-part-1-oob-to-cage-free-arbitrary-rw/
🔥1
How LLMs Actually Work: A Transformer Internals Walkthrough
Original text: “How LLMs Actually Work” — 0xkato, 0xkato.xyz (June 1, 2026). Figures and “Tiny Explainer” callouts below are reproduced with attribution captions.
Executive Summary
0xkato’s piece is a guided tour of what’s actually inside a modern Large Language Model, written for readers who want the mechanism without the math. The framing is simple: a…
https://core-jmp.org/2026/06/how-llms-actually-work-transformer-internals-walkthrough/
Original text: “How LLMs Actually Work” — 0xkato, 0xkato.xyz (June 1, 2026). Figures and “Tiny Explainer” callouts below are reproduced with attribution captions.
Executive Summary
0xkato’s piece is a guided tour of what’s actually inside a modern Large Language Model, written for readers who want the mechanism without the math. The framing is simple: a…
https://core-jmp.org/2026/06/how-llms-actually-work-transformer-internals-walkthrough/
🔥4👍3
DCOM Explained: How Attackers Turn a Windows Feature into a Lateral Movement Tool
Original text: “DCOM Explained: How Attackers Turn a Windows Feature into a Lateral Movement Tool” — Zshan Hyder, Detect FYI (June 2026). The event-log samples and figures below are reproduced verbatim with attribution captions.
Executive Summary
Component Object Model (COM) is the plumbing that lets two applications on a single Windows host talk to each…
https://core-jmp.org/2026/06/dcom-lateral-movement-detection-explained/
Original text: “DCOM Explained: How Attackers Turn a Windows Feature into a Lateral Movement Tool” — Zshan Hyder, Detect FYI (June 2026). The event-log samples and figures below are reproduced verbatim with attribution captions.
Executive Summary
Component Object Model (COM) is the plumbing that lets two applications on a single Windows host talk to each…
https://core-jmp.org/2026/06/dcom-lateral-movement-detection-explained/
👍5🔥3
CVE-2026-55200 libssh2
*
Занятно конечно, сразу поясню - это не дырка в
То есть если у тебя какой то ssh клиент использует эту либру и ты заманил юзера на свой
Еще из прикольного что в advisory видно короткий hash
PoC and local RCE scaffold
*
Занятно конечно, сразу поясню - это не дырка в
SSH server, это дырка в клиентской библиотеке SSH2.То есть если у тебя какой то ssh клиент использует эту либру и ты заманил юзера на свой
evil ssh srv, то прикольно.Еще из прикольного что в advisory видно короткий hash
7acf3df, но реальная ссылка upstream ведёт на commit 97acf3df.. (наверно просто ошиблись 😁)PoC and local RCE scaffold
👍9🔥3
CVE-2026-41096: Heap Overflow in the Windows DNS Client
Original text: “CVE-2026-41096: Heap Overflow in the Windows DNS Client” — m0n1x90, m0n1x90.dev (May 24, 2026). Code, tables and ASCII diagrams below are reproduced verbatim with attribution captions.
Executive Summary
CVE-2026-41096 is a remotely-triggerable heap overflow in dnsapi.dll, the Windows DNS client library shipped with modern Windows 11 builds. A single crafted UDP DNS response…
https://core-jmp.org/2026/06/cve-2026-41096-windows-dns-client-heap-overflow/
Original text: “CVE-2026-41096: Heap Overflow in the Windows DNS Client” — m0n1x90, m0n1x90.dev (May 24, 2026). Code, tables and ASCII diagrams below are reproduced verbatim with attribution captions.
Executive Summary
CVE-2026-41096 is a remotely-triggerable heap overflow in dnsapi.dll, the Windows DNS client library shipped with modern Windows 11 builds. A single crafted UDP DNS response…
https://core-jmp.org/2026/06/cve-2026-41096-windows-dns-client-heap-overflow/
🔥3
FUD Shellcode Stagers in Python: String Reversal, NT APIs and IAT Walking to Bypass EDR
Original text: “Creative approaches to coding FUD Stagers” — R.B.C. (g3tsyst3m), G3tSyst3m’s Infosec Blog (March 29, 2026). The code, screenshots and VirusTotal results below are reproduced verbatim with attribution captions; the surrounding prose is a paraphrase.
Executive Summary
The g3tsyst3m blog post walks through two Python-based shellcode stagers that both achieve 0/63 on VirusTotal by…
https://core-jmp.org/2026/06/fud-shellcode-stagers-python-string-reversal-nt-apis-iat-walking/
Original text: “Creative approaches to coding FUD Stagers” — R.B.C. (g3tsyst3m), G3tSyst3m’s Infosec Blog (March 29, 2026). The code, screenshots and VirusTotal results below are reproduced verbatim with attribution captions; the surrounding prose is a paraphrase.
Executive Summary
The g3tsyst3m blog post walks through two Python-based shellcode stagers that both achieve 0/63 on VirusTotal by…
https://core-jmp.org/2026/06/fud-shellcode-stagers-python-string-reversal-nt-apis-iat-walking/
🔥5