Autonomous Vulnerability Hunting with MCP: Inside a Self-Improving 0-Day Pipeline
Original text: “Autonomous Vulnerability Hunting with MCP” (alt title: “Bullying LLMs into submission to find 0days at scale”) — Andy Gill, ZephrSec – Adventures In Information Security (2026-04-04). Code snippets, tables and figures below are reproduced verbatim with attribution captions.
Executive Summary
Andy Gill of ZephrSec spent the early part of 2026 wiring Claude Code…
https://core-jmp.org/2026/06/autonomous-vulnerability-hunting-mcp-claude-code-pipeline/
Original text: “Autonomous Vulnerability Hunting with MCP” (alt title: “Bullying LLMs into submission to find 0days at scale”) — Andy Gill, ZephrSec – Adventures In Information Security (2026-04-04). Code snippets, tables and figures below are reproduced verbatim with attribution captions.
Executive Summary
Andy Gill of ZephrSec spent the early part of 2026 wiring Claude Code…
https://core-jmp.org/2026/06/autonomous-vulnerability-hunting-mcp-claude-code-pipeline/
👍10🔥3😱1
Windows ARM64 Internals: Pardon The Interruption — Interrupts on Windows for ARM
Original text: “Windows ARM64 Internals: Pardon The Interruption! Interrupts on Windows for ARM” — Connor McGarr, Connor McGarr’s Blog (January 2, 2026). All figures and code listings below are reproduced verbatim from the source with attribution captions.
Executive Summary
Most Windows kernel researchers grew up reading x64 internals: APIC, IDT, IDTR, KiIsrThunk. Windows on ARM…
https://core-jmp.org/2026/06/windows-arm64-internals-interrupts-gic-hyperv-secure-kernel/
Original text: “Windows ARM64 Internals: Pardon The Interruption! Interrupts on Windows for ARM” — Connor McGarr, Connor McGarr’s Blog (January 2, 2026). All figures and code listings below are reproduced verbatim from the source with attribution captions.
Executive Summary
Most Windows kernel researchers grew up reading x64 internals: APIC, IDT, IDTR, KiIsrThunk. Windows on ARM…
https://core-jmp.org/2026/06/windows-arm64-internals-interrupts-gic-hyperv-secure-kernel/
😱3🔥2
LACUNA Chain: Ghost Frames Defeat Every Layer of EDR Call-Stack Detection
Original text: “LACUNA Chain: Ghost Frames — defeats all EDR layers of call-stack-based detection” — Mohamed Alzhrani (@0xmaz), 0xmaz.me (Jun 20, 2026). Licensed CC BY 4.0. Tables, code listings, diagrams and figures below are reproduced verbatim with attribution captions.
Executive Summary
Modern endpoint detection has moved its trustworthiness anchor from userland hooks to kernel-mode telemetry:…
https://core-jmp.org/2026/06/lacuna-chain-ghost-frames-defeat-edr-call-stack-detection/
Original text: “LACUNA Chain: Ghost Frames — defeats all EDR layers of call-stack-based detection” — Mohamed Alzhrani (@0xmaz), 0xmaz.me (Jun 20, 2026). Licensed CC BY 4.0. Tables, code listings, diagrams and figures below are reproduced verbatim with attribution captions.
Executive Summary
Modern endpoint detection has moved its trustworthiness anchor from userland hooks to kernel-mode telemetry:…
https://core-jmp.org/2026/06/lacuna-chain-ghost-frames-defeat-edr-call-stack-detection/
🔥7
JSC Exploitation Primitives Part 1: From One OOB to Cage-Free Arbitrary R/W
Original text: “JSC Exploitation Primitives — Part 1: From One OOB to Cage-Free Arbitrary R/W” — Varik Matevosyan (@D4RK7ET), Varik’s Blog (June 19, 2026). Code listings, ASCII memory diagrams and figures below are reproduced verbatim with attribution captions.
Executive Summary
Varik Matevosyan’s first instalment of his JSC series walks step by step from a single…
https://core-jmp.org/2026/06/jsc-exploitation-primitives-part-1-oob-to-cage-free-arbitrary-rw/
Original text: “JSC Exploitation Primitives — Part 1: From One OOB to Cage-Free Arbitrary R/W” — Varik Matevosyan (@D4RK7ET), Varik’s Blog (June 19, 2026). Code listings, ASCII memory diagrams and figures below are reproduced verbatim with attribution captions.
Executive Summary
Varik Matevosyan’s first instalment of his JSC series walks step by step from a single…
https://core-jmp.org/2026/06/jsc-exploitation-primitives-part-1-oob-to-cage-free-arbitrary-rw/
🔥1
How LLMs Actually Work: A Transformer Internals Walkthrough
Original text: “How LLMs Actually Work” — 0xkato, 0xkato.xyz (June 1, 2026). Figures and “Tiny Explainer” callouts below are reproduced with attribution captions.
Executive Summary
0xkato’s piece is a guided tour of what’s actually inside a modern Large Language Model, written for readers who want the mechanism without the math. The framing is simple: a…
https://core-jmp.org/2026/06/how-llms-actually-work-transformer-internals-walkthrough/
Original text: “How LLMs Actually Work” — 0xkato, 0xkato.xyz (June 1, 2026). Figures and “Tiny Explainer” callouts below are reproduced with attribution captions.
Executive Summary
0xkato’s piece is a guided tour of what’s actually inside a modern Large Language Model, written for readers who want the mechanism without the math. The framing is simple: a…
https://core-jmp.org/2026/06/how-llms-actually-work-transformer-internals-walkthrough/
🔥4👍3
DCOM Explained: How Attackers Turn a Windows Feature into a Lateral Movement Tool
Original text: “DCOM Explained: How Attackers Turn a Windows Feature into a Lateral Movement Tool” — Zshan Hyder, Detect FYI (June 2026). The event-log samples and figures below are reproduced verbatim with attribution captions.
Executive Summary
Component Object Model (COM) is the plumbing that lets two applications on a single Windows host talk to each…
https://core-jmp.org/2026/06/dcom-lateral-movement-detection-explained/
Original text: “DCOM Explained: How Attackers Turn a Windows Feature into a Lateral Movement Tool” — Zshan Hyder, Detect FYI (June 2026). The event-log samples and figures below are reproduced verbatim with attribution captions.
Executive Summary
Component Object Model (COM) is the plumbing that lets two applications on a single Windows host talk to each…
https://core-jmp.org/2026/06/dcom-lateral-movement-detection-explained/
👍5🔥3
CVE-2026-55200 libssh2
*
Занятно конечно, сразу поясню - это не дырка в
То есть если у тебя какой то ssh клиент использует эту либру и ты заманил юзера на свой
Еще из прикольного что в advisory видно короткий hash
PoC and local RCE scaffold
*
Занятно конечно, сразу поясню - это не дырка в
SSH server, это дырка в клиентской библиотеке SSH2.То есть если у тебя какой то ssh клиент использует эту либру и ты заманил юзера на свой
evil ssh srv, то прикольно.Еще из прикольного что в advisory видно короткий hash
7acf3df, но реальная ссылка upstream ведёт на commit 97acf3df.. (наверно просто ошиблись 😁)PoC and local RCE scaffold
👍9🔥3
CVE-2026-41096: Heap Overflow in the Windows DNS Client
Original text: “CVE-2026-41096: Heap Overflow in the Windows DNS Client” — m0n1x90, m0n1x90.dev (May 24, 2026). Code, tables and ASCII diagrams below are reproduced verbatim with attribution captions.
Executive Summary
CVE-2026-41096 is a remotely-triggerable heap overflow in dnsapi.dll, the Windows DNS client library shipped with modern Windows 11 builds. A single crafted UDP DNS response…
https://core-jmp.org/2026/06/cve-2026-41096-windows-dns-client-heap-overflow/
Original text: “CVE-2026-41096: Heap Overflow in the Windows DNS Client” — m0n1x90, m0n1x90.dev (May 24, 2026). Code, tables and ASCII diagrams below are reproduced verbatim with attribution captions.
Executive Summary
CVE-2026-41096 is a remotely-triggerable heap overflow in dnsapi.dll, the Windows DNS client library shipped with modern Windows 11 builds. A single crafted UDP DNS response…
https://core-jmp.org/2026/06/cve-2026-41096-windows-dns-client-heap-overflow/
🔥3
FUD Shellcode Stagers in Python: String Reversal, NT APIs and IAT Walking to Bypass EDR
Original text: “Creative approaches to coding FUD Stagers” — R.B.C. (g3tsyst3m), G3tSyst3m’s Infosec Blog (March 29, 2026). The code, screenshots and VirusTotal results below are reproduced verbatim with attribution captions; the surrounding prose is a paraphrase.
Executive Summary
The g3tsyst3m blog post walks through two Python-based shellcode stagers that both achieve 0/63 on VirusTotal by…
https://core-jmp.org/2026/06/fud-shellcode-stagers-python-string-reversal-nt-apis-iat-walking/
Original text: “Creative approaches to coding FUD Stagers” — R.B.C. (g3tsyst3m), G3tSyst3m’s Infosec Blog (March 29, 2026). The code, screenshots and VirusTotal results below are reproduced verbatim with attribution captions; the surrounding prose is a paraphrase.
Executive Summary
The g3tsyst3m blog post walks through two Python-based shellcode stagers that both achieve 0/63 on VirusTotal by…
https://core-jmp.org/2026/06/fud-shellcode-stagers-python-string-reversal-nt-apis-iat-walking/
🔥5
PatchGuard’s Detection of Hypervisor-Based Introspection: KiErrata704Present, Skx55, and 361 [P1]
Original text: “Patchguard: Detection of Hypervisor Based Introspection [P1]” — Nick Peterson, Reverse Engineering (revers.engineering) (April 26, 2020). The original is licensed Read-Only; the prose below is a paraphrase. Disassembly screenshots and short code excerpts are reproduced under fair-use commentary with attribution captions.
Executive Summary
Nick Peterson’s post on revers.engineering walks through three Windows kernel…
https://core-jmp.org/2026/06/patchguard-hypervisor-introspection-detection-kierrata-p1/
Original text: “Patchguard: Detection of Hypervisor Based Introspection [P1]” — Nick Peterson, Reverse Engineering (revers.engineering) (April 26, 2020). The original is licensed Read-Only; the prose below is a paraphrase. Disassembly screenshots and short code excerpts are reproduced under fair-use commentary with attribution captions.
Executive Summary
Nick Peterson’s post on revers.engineering walks through three Windows kernel…
https://core-jmp.org/2026/06/patchguard-hypervisor-introspection-detection-kierrata-p1/
🔥2
PatchGuard’s Detection of Hypervisor-Based Introspection: KiErrata420Present and Errata1337 [P2]
Original text: “Patchguard: Detection of Hypervisor Based Introspection [P2]” — Aidan Khoury, Reverse Engineering (revers.engineering) (April 26, 2020). The original is licensed Read-Only; prose below is a paraphrase. The 16 verbatim assembly / C code blocks are reproduced under fair-use commentary with attribution captions.
Executive Summary
Part 2 of Aidan Khoury’s PatchGuard introspection-detection series covers…
https://core-jmp.org/2026/06/patchguard-hypervisor-introspection-detection-lstar-errata1337-p2/
Original text: “Patchguard: Detection of Hypervisor Based Introspection [P2]” — Aidan Khoury, Reverse Engineering (revers.engineering) (April 26, 2020). The original is licensed Read-Only; prose below is a paraphrase. The 16 verbatim assembly / C code blocks are reproduced under fair-use commentary with attribution captions.
Executive Summary
Part 2 of Aidan Khoury’s PatchGuard introspection-detection series covers…
https://core-jmp.org/2026/06/patchguard-hypervisor-introspection-detection-lstar-errata1337-p2/
🔥3
Pwnd Blaster: A Bluetooth-Reachable BadUSB Implant in the Creative Sound Blaster Katana V2X
Original text: “Pwnd Blaster: Hacking your PC using your speaker without ever touching it” — Rasmus Moorats, blog.nns.ee (Jun 03, 2026). Code, tables and figures below are reproduced verbatim with attribution captions.
Executive Summary
Rasmus Moorats reverse-engineered the firmware of the Creative Sound Blaster Katana V2X — a USB-connected PC soundbar — and chained four…
https://core-jmp.org/2026/06/creative-katana-v2x-bluetooth-badusb-rasmus-moorats/
Original text: “Pwnd Blaster: Hacking your PC using your speaker without ever touching it” — Rasmus Moorats, blog.nns.ee (Jun 03, 2026). Code, tables and figures below are reproduced verbatim with attribution captions.
Executive Summary
Rasmus Moorats reverse-engineered the firmware of the Creative Sound Blaster Katana V2X — a USB-connected PC soundbar — and chained four…
https://core-jmp.org/2026/06/creative-katana-v2x-bluetooth-badusb-rasmus-moorats/
🔥3
Forwarded from pol4rity
Уважаемые коллеги, представители СМИ и все заинтересованные лица.
В пятницу, 20 июня 2026 года, наша группа провела успешную кибер4т4ку на одного из ключевых поставщиков комплектующих для беспилотных летательных аппаратов Украины — холдинг TAF Industries и связанные с ним проекты BraveTech.
ЦЕЛИ АТАКИ:
•
taf-ua[.]com•
thebravetech[.]com•
excavator[.]thebravetech[.]comexcavator[.]thebravetech[.]com остаётся недоступен ДО СИХ ПОР.
ПОЛУЧЕННЫЕ ДАННЫЕ:
1. Полная база данных TAF Industries и BraveTech
😱 Пeрс0н4льнblе данные всех сотрудников
😱 Табельные номера, должности, внутренние приказы
😱 Корпоративная переписка (e-mail и мессенджеры)
😱 Учётные данные всех систем
2. Финансовый блок
😱 Заказы и контракты на поставку комплектующих
😱 Полная информация по экспорту и импорту
😱 Банковские реквизиты, счета и транзакции
😱 Цепочки поставщиков и контрагентов
3. Технический блок
😱 Полные доступы к серверам (SSH, RDP, административные панели)
😱 Все базы данных (SQL, PostgreSQL)
😱 Исходные коды внутренних систем и техническая документация
😱 API-ключи, токены и параметры интеграций (Нова Пошта, CRM, ERP)
4. Производственный блок
😱 Спецификации компонентов для БПЛА
😱 Технологические карты и чертежи
😱 Данные по складским остаткам и логистике
для получения полной информации нажмите на стрелочку
КЛЮЧЕВАЯ ФИГУРА:
Александр Яковенко — основатель и генеральный директор TAF Industries, соучредитель BraveTech.
В нашем распоряжении находится вся его личная и корпоративная переписка, документы и доступы.
Доказательства будут опубликованы в ближайшее время.
В подтверждение прилагаем несколько документов.
Слава России!
Кому интересны д4нные компаний - пишите в бота для связи @u404ro_bot.Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥28👍15😱11