PatchGuard’s Detection of Hypervisor-Based Introspection: KiErrata704Present, Skx55, and 361 [P1]
Original text: “Patchguard: Detection of Hypervisor Based Introspection [P1]” — Nick Peterson, Reverse Engineering (revers.engineering) (April 26, 2020). The original is licensed Read-Only; the prose below is a paraphrase. Disassembly screenshots and short code excerpts are reproduced under fair-use commentary with attribution captions.
Executive Summary
Nick Peterson’s post on revers.engineering walks through three Windows kernel…
https://core-jmp.org/2026/06/patchguard-hypervisor-introspection-detection-kierrata-p1/
Original text: “Patchguard: Detection of Hypervisor Based Introspection [P1]” — Nick Peterson, Reverse Engineering (revers.engineering) (April 26, 2020). The original is licensed Read-Only; the prose below is a paraphrase. Disassembly screenshots and short code excerpts are reproduced under fair-use commentary with attribution captions.
Executive Summary
Nick Peterson’s post on revers.engineering walks through three Windows kernel…
https://core-jmp.org/2026/06/patchguard-hypervisor-introspection-detection-kierrata-p1/
🔥2
PatchGuard’s Detection of Hypervisor-Based Introspection: KiErrata420Present and Errata1337 [P2]
Original text: “Patchguard: Detection of Hypervisor Based Introspection [P2]” — Aidan Khoury, Reverse Engineering (revers.engineering) (April 26, 2020). The original is licensed Read-Only; prose below is a paraphrase. The 16 verbatim assembly / C code blocks are reproduced under fair-use commentary with attribution captions.
Executive Summary
Part 2 of Aidan Khoury’s PatchGuard introspection-detection series covers…
https://core-jmp.org/2026/06/patchguard-hypervisor-introspection-detection-lstar-errata1337-p2/
Original text: “Patchguard: Detection of Hypervisor Based Introspection [P2]” — Aidan Khoury, Reverse Engineering (revers.engineering) (April 26, 2020). The original is licensed Read-Only; prose below is a paraphrase. The 16 verbatim assembly / C code blocks are reproduced under fair-use commentary with attribution captions.
Executive Summary
Part 2 of Aidan Khoury’s PatchGuard introspection-detection series covers…
https://core-jmp.org/2026/06/patchguard-hypervisor-introspection-detection-lstar-errata1337-p2/
🔥3
Pwnd Blaster: A Bluetooth-Reachable BadUSB Implant in the Creative Sound Blaster Katana V2X
Original text: “Pwnd Blaster: Hacking your PC using your speaker without ever touching it” — Rasmus Moorats, blog.nns.ee (Jun 03, 2026). Code, tables and figures below are reproduced verbatim with attribution captions.
Executive Summary
Rasmus Moorats reverse-engineered the firmware of the Creative Sound Blaster Katana V2X — a USB-connected PC soundbar — and chained four…
https://core-jmp.org/2026/06/creative-katana-v2x-bluetooth-badusb-rasmus-moorats/
Original text: “Pwnd Blaster: Hacking your PC using your speaker without ever touching it” — Rasmus Moorats, blog.nns.ee (Jun 03, 2026). Code, tables and figures below are reproduced verbatim with attribution captions.
Executive Summary
Rasmus Moorats reverse-engineered the firmware of the Creative Sound Blaster Katana V2X — a USB-connected PC soundbar — and chained four…
https://core-jmp.org/2026/06/creative-katana-v2x-bluetooth-badusb-rasmus-moorats/
🔥3
Forwarded from pol4rity
Уважаемые коллеги, представители СМИ и все заинтересованные лица.
В пятницу, 20 июня 2026 года, наша группа провела успешную кибер4т4ку на одного из ключевых поставщиков комплектующих для беспилотных летательных аппаратов Украины — холдинг TAF Industries и связанные с ним проекты BraveTech.
ЦЕЛИ АТАКИ:
•
taf-ua[.]com•
thebravetech[.]com•
excavator[.]thebravetech[.]comexcavator[.]thebravetech[.]com остаётся недоступен ДО СИХ ПОР.
ПОЛУЧЕННЫЕ ДАННЫЕ:
1. Полная база данных TAF Industries и BraveTech
😱 Пeрс0н4льнblе данные всех сотрудников
😱 Табельные номера, должности, внутренние приказы
😱 Корпоративная переписка (e-mail и мессенджеры)
😱 Учётные данные всех систем
2. Финансовый блок
😱 Заказы и контракты на поставку комплектующих
😱 Полная информация по экспорту и импорту
😱 Банковские реквизиты, счета и транзакции
😱 Цепочки поставщиков и контрагентов
3. Технический блок
😱 Полные доступы к серверам (SSH, RDP, административные панели)
😱 Все базы данных (SQL, PostgreSQL)
😱 Исходные коды внутренних систем и техническая документация
😱 API-ключи, токены и параметры интеграций (Нова Пошта, CRM, ERP)
4. Производственный блок
😱 Спецификации компонентов для БПЛА
😱 Технологические карты и чертежи
😱 Данные по складским остаткам и логистике
для получения полной информации нажмите на стрелочку
КЛЮЧЕВАЯ ФИГУРА:
Александр Яковенко — основатель и генеральный директор TAF Industries, соучредитель BraveTech.
В нашем распоряжении находится вся его личная и корпоративная переписка, документы и доступы.
Доказательства будут опубликованы в ближайшее время.
В подтверждение прилагаем несколько документов.
Слава России!
Кому интересны д4нные компаний - пишите в бота для связи @u404ro_bot.Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥28👍15😱11
Linux Scales eBPF Rootkit: Detection and Forensic Analysis
Original text: “Linux Scales eBPF Rootkit Detection and Analysis” — Sandfly Security (Sandfly Blog), 24 June 2026. Author not individually credited on the source page. Commands, screenshots and figures below are reproduced with attribution captions.
Executive Summary
Scales is a Linux malware family that surfaced through a supply-chain campaign against the Arch User Repository (AUR),…
https://core-jmp.org/2026/06/linux-scales-ebpf-rootkit-detection-analysis/
Original text: “Linux Scales eBPF Rootkit Detection and Analysis” — Sandfly Security (Sandfly Blog), 24 June 2026. Author not individually credited on the source page. Commands, screenshots and figures below are reproduced with attribution captions.
Executive Summary
Scales is a Linux malware family that surfaced through a supply-chain campaign against the Arch User Repository (AUR),…
https://core-jmp.org/2026/06/linux-scales-ebpf-rootkit-detection-analysis/
🔥3
Squidbleed (CVE-2026-47729): A 29-Year-Old Heap Over-Read Leaks Cleartext HTTP in Squid
Original text: “Squidbleed: A 29-Year-Old Heap Over-Read Leaks Cleartext HTTP in Squid (CVE-2026-47729)” — Dark Web Informer (June 24, 2026). This is an independent technical write-up of the same vulnerability. The code samples below are original, illustrative reconstructions written for this article — they demonstrate the bug class and are not copied from the Squid…
https://core-jmp.org/2026/06/squidbleed-cve-2026-47729-squid-ftp-heap-over-read/
Original text: “Squidbleed: A 29-Year-Old Heap Over-Read Leaks Cleartext HTTP in Squid (CVE-2026-47729)” — Dark Web Informer (June 24, 2026). This is an independent technical write-up of the same vulnerability. The code samples below are original, illustrative reconstructions written for this article — they demonstrate the bug class and are not copied from the Squid…
https://core-jmp.org/2026/06/squidbleed-cve-2026-47729-squid-ftp-heap-over-read/
🔥3
A 27-Year-Old Authentication Bypass in OpenBSD’s PPP Stack (CVE-2026-55706)
Original text: “A 27-Year-Old Authentication Bypass in OpenBSD’s PPP Stack” — Argus, Argus Blog (2026-06-16). Kernel source snippets and console output below are reproduced verbatim with attribution; the surrounding analysis, the attack-chain diagram and the proof-of-concept are original to core-jmp.org.
Executive Summary
OpenBSD’s synchronous-PPP layer contained a textbook length-confusion bug in its PAP (Password Authentication…
https://core-jmp.org/2026/06/openbsd-ppp-pap-authentication-bypass-cve-2026-55706/
Original text: “A 27-Year-Old Authentication Bypass in OpenBSD’s PPP Stack” — Argus, Argus Blog (2026-06-16). Kernel source snippets and console output below are reproduced verbatim with attribution; the surrounding analysis, the attack-chain diagram and the proof-of-concept are original to core-jmp.org.
Executive Summary
OpenBSD’s synchronous-PPP layer contained a textbook length-confusion bug in its PAP (Password Authentication…
https://core-jmp.org/2026/06/openbsd-ppp-pap-authentication-bypass-cve-2026-55706/
👍3🔥3
From context_handle to type confusion: A Type Confusion Pattern in Windows RPC Servers
Original text: “From context_handle to type confusion” — k0shl, Whereisk0Shl (Jun 26, 2026). Code blocks and crash dumps below are reproduced verbatim with attribution captions.
Executive Summary
Windows RPC servers routinely expose several different context-handle types within the same interface — for example a generic open/close handle alongside a typed object handle. A context handle…
https://core-jmp.org/2026/06/from-context-handle-to-type-confusion-windows-rpc/
Original text: “From context_handle to type confusion” — k0shl, Whereisk0Shl (Jun 26, 2026). Code blocks and crash dumps below are reproduced verbatim with attribution captions.
Executive Summary
Windows RPC servers routinely expose several different context-handle types within the same interface — for example a generic open/close handle alongside a typed object handle. A context handle…
https://core-jmp.org/2026/06/from-context-handle-to-type-confusion-windows-rpc/
🔥1
Portable Executables
Original text by Sp1d3rM
NTRODUCTION
One of the most famous file formats in computer history probably is the Portable Executable, popularly known as .exe. There is more to it than just being the binary file format of choice for Windows systems. In this chapter, we will deep-dive into what are portable executables? Where they live?…
https://core-jmp.org/2026/06/portable-executables/
Original text by Sp1d3rM
NTRODUCTION
One of the most famous file formats in computer history probably is the Portable Executable, popularly known as .exe. There is more to it than just being the binary file format of choice for Windows systems. In this chapter, we will deep-dive into what are portable executables? Where they live?…
https://core-jmp.org/2026/06/portable-executables/
core-jmp
Portable Executables
Deep dive into Windows PE file format—headers, sections, and loader mechanics. Explains how security products (AV/EDR) detect malware via static analysis: entropy, import hashes, section anomalies, and suspicious API patterns. Essential for red-team tradecraft…
🔥10
Sleeping Beauty: Putting Adaptix to Bed with Crystal Palace
Original post by Maor Sabag
Sleeping Beauty: Putting Adaptix to Bed with Crystal Palace
Introduction
Adaptix C2 ships a default agent DLL. Out of the box, it’s a standard PE – it gets loaded into memory with RWX permissions everywhere, no IAT hooking, no sleep obfuscation, nothing fancy. If you’re doing red team work, that’s…
https://core-jmp.org/2026/06/sleeping-beauty-putting-adaptix-to-bed-with-crystal-palace/
Original post by Maor Sabag
Sleeping Beauty: Putting Adaptix to Bed with Crystal Palace
Introduction
Adaptix C2 ships a default agent DLL. Out of the box, it’s a standard PE – it gets loaded into memory with RWX permissions everywhere, no IAT hooking, no sleep obfuscation, nothing fancy. If you’re doing red team work, that’s…
https://core-jmp.org/2026/06/sleeping-beauty-putting-adaptix-to-bed-with-crystal-palace/
🔥3
Sleeping Beauty II: CFG, CET, and Stack Spoofing
Original textby Maor Sabag
Sleeping Beauty II: CFG, CET, and Stack Spoofing
A tale of CFG bitmaps, shadow stacks, and teaching an implant to sleep in places it was never meant to survive.
In Part I, we built StealthPalace: a Crystal Palace RDLL wrapper for Adaptix with IAT hooking and Ekko-style sleep obfuscation. It worked…
https://core-jmp.org/2026/06/sleeping-beauty-ii-cfg-cet-and-stack-spoofing/
Original textby Maor Sabag
Sleeping Beauty II: CFG, CET, and Stack Spoofing
A tale of CFG bitmaps, shadow stacks, and teaching an implant to sleep in places it was never meant to survive.
In Part I, we built StealthPalace: a Crystal Palace RDLL wrapper for Adaptix with IAT hooking and Ekko-style sleep obfuscation. It worked…
https://core-jmp.org/2026/06/sleeping-beauty-ii-cfg-cet-and-stack-spoofing/
🔥4
ФРИИ и Metascan запускают совместный фонд для инвестиций в проекты в сфере кибербезопасности 🔐
Сделали сильный продукт, но сложно расти дальше? Не получается выстроить системные продажи, выйти в крупные компании или масштабировать бизнес?
Мы ищем B2B-проекты с готовым продуктом и помогаем не только привлечь инвестиции, но и пройти следующий этап роста.
Что получают команды:
— Инвестиции от 5 до 100 млн рублей
— Экспертиза Metascan и доступ к корпоративным клиентам
около 100 компаний, среди которых энтерпрайз, банки, ритейл
— Системная помощь в продажах и масштабировании
работа с трекерами ФРИИ, настройка процессов продаж, архитектурные ревью
ФРИИ – один из крупнейших венчурных фондов и акселераторов России.
Среди портфельных компаний Flowwow, ПравоТех, DocsinBox, Aimoto, PimSolution и др
Metascan – команда практиков в кибербезопасности и offensive security.
Если вы развиваете CyberSec-проект и готовы к следующему этапу роста:
👉 оставляйте заявку
Сделали сильный продукт, но сложно расти дальше? Не получается выстроить системные продажи, выйти в крупные компании или масштабировать бизнес?
Мы ищем B2B-проекты с готовым продуктом и помогаем не только привлечь инвестиции, но и пройти следующий этап роста.
Что получают команды:
— Инвестиции от 5 до 100 млн рублей
— Экспертиза Metascan и доступ к корпоративным клиентам
около 100 компаний, среди которых энтерпрайз, банки, ритейл
— Системная помощь в продажах и масштабировании
работа с трекерами ФРИИ, настройка процессов продаж, архитектурные ревью
ФРИИ – один из крупнейших венчурных фондов и акселераторов России.
Среди портфельных компаний Flowwow, ПравоТех, DocsinBox, Aimoto, PimSolution и др
Metascan – команда практиков в кибербезопасности и offensive security.
Если вы развиваете CyberSec-проект и готовы к следующему этапу роста:
👉 оставляйте заявку
👍6🔥6😱3
From context_handle to type confusion: A Windows RPC Vulnerability Pattern
Original text: “From context_handle to type confusion” — k0shl, Whereisk0Shl (2026-06-26). The prose below is a paraphrase; all code listings, IDL descriptor bytes and crash dumps are reproduced verbatim with attribution captions.
Executive Summary
Context handles are one of the most common building blocks in Microsoft RPC. Inside rpcrt4 a context handle behaves like an…
https://core-jmp.org/2026/06/from-context-handle-to-type-confusion-windows-rpc-2/
Original text: “From context_handle to type confusion” — k0shl, Whereisk0Shl (2026-06-26). The prose below is a paraphrase; all code listings, IDL descriptor bytes and crash dumps are reproduced verbatim with attribution captions.
Executive Summary
Context handles are one of the most common building blocks in Microsoft RPC. Inside rpcrt4 a context handle behaves like an…
https://core-jmp.org/2026/06/from-context-handle-to-type-confusion-windows-rpc-2/
👍4🔥1
iBoot SMMU Bypass and Kernelcache Struct Forgery on Apple Silicon
Original text: “iBoot SMMU Bypass and Kernelcache Struct Forgery” — author not clearly listed, Ghost Wolf Lab (Jun 25, 2026). Code, tables and figures below are reproduced verbatim with attribution captions; Chinese text in the diagrams, code comments and table has been translated into English.
Executive Summary
Apple Silicon’s security model rests on a chain…
https://core-jmp.org/2026/06/iboot-smmu-bypass-kernelcache-struct-forgery/
Original text: “iBoot SMMU Bypass and Kernelcache Struct Forgery” — author not clearly listed, Ghost Wolf Lab (Jun 25, 2026). Code, tables and figures below are reproduced verbatim with attribution captions; Chinese text in the diagrams, code comments and table has been translated into English.
Executive Summary
Apple Silicon’s security model rests on a chain…
https://core-jmp.org/2026/06/iboot-smmu-bypass-kernelcache-struct-forgery/
😱3🔥2