From context_handle to type confusion: A Type Confusion Pattern in Windows RPC Servers
Original text: “From context_handle to type confusion” — k0shl, Whereisk0Shl (Jun 26, 2026). Code blocks and crash dumps below are reproduced verbatim with attribution captions.
Executive Summary
Windows RPC servers routinely expose several different context-handle types within the same interface — for example a generic open/close handle alongside a typed object handle. A context handle…
https://core-jmp.org/2026/06/from-context-handle-to-type-confusion-windows-rpc/
Original text: “From context_handle to type confusion” — k0shl, Whereisk0Shl (Jun 26, 2026). Code blocks and crash dumps below are reproduced verbatim with attribution captions.
Executive Summary
Windows RPC servers routinely expose several different context-handle types within the same interface — for example a generic open/close handle alongside a typed object handle. A context handle…
https://core-jmp.org/2026/06/from-context-handle-to-type-confusion-windows-rpc/
🔥1
Portable Executables
Original text by Sp1d3rM
NTRODUCTION
One of the most famous file formats in computer history probably is the Portable Executable, popularly known as .exe. There is more to it than just being the binary file format of choice for Windows systems. In this chapter, we will deep-dive into what are portable executables? Where they live?…
https://core-jmp.org/2026/06/portable-executables/
Original text by Sp1d3rM
NTRODUCTION
One of the most famous file formats in computer history probably is the Portable Executable, popularly known as .exe. There is more to it than just being the binary file format of choice for Windows systems. In this chapter, we will deep-dive into what are portable executables? Where they live?…
https://core-jmp.org/2026/06/portable-executables/
core-jmp
Portable Executables
Deep dive into Windows PE file format—headers, sections, and loader mechanics. Explains how security products (AV/EDR) detect malware via static analysis: entropy, import hashes, section anomalies, and suspicious API patterns. Essential for red-team tradecraft…
🔥10
Sleeping Beauty: Putting Adaptix to Bed with Crystal Palace
Original post by Maor Sabag
Sleeping Beauty: Putting Adaptix to Bed with Crystal Palace
Introduction
Adaptix C2 ships a default agent DLL. Out of the box, it’s a standard PE – it gets loaded into memory with RWX permissions everywhere, no IAT hooking, no sleep obfuscation, nothing fancy. If you’re doing red team work, that’s…
https://core-jmp.org/2026/06/sleeping-beauty-putting-adaptix-to-bed-with-crystal-palace/
Original post by Maor Sabag
Sleeping Beauty: Putting Adaptix to Bed with Crystal Palace
Introduction
Adaptix C2 ships a default agent DLL. Out of the box, it’s a standard PE – it gets loaded into memory with RWX permissions everywhere, no IAT hooking, no sleep obfuscation, nothing fancy. If you’re doing red team work, that’s…
https://core-jmp.org/2026/06/sleeping-beauty-putting-adaptix-to-bed-with-crystal-palace/
🔥3
Sleeping Beauty II: CFG, CET, and Stack Spoofing
Original textby Maor Sabag
Sleeping Beauty II: CFG, CET, and Stack Spoofing
A tale of CFG bitmaps, shadow stacks, and teaching an implant to sleep in places it was never meant to survive.
In Part I, we built StealthPalace: a Crystal Palace RDLL wrapper for Adaptix with IAT hooking and Ekko-style sleep obfuscation. It worked…
https://core-jmp.org/2026/06/sleeping-beauty-ii-cfg-cet-and-stack-spoofing/
Original textby Maor Sabag
Sleeping Beauty II: CFG, CET, and Stack Spoofing
A tale of CFG bitmaps, shadow stacks, and teaching an implant to sleep in places it was never meant to survive.
In Part I, we built StealthPalace: a Crystal Palace RDLL wrapper for Adaptix with IAT hooking and Ekko-style sleep obfuscation. It worked…
https://core-jmp.org/2026/06/sleeping-beauty-ii-cfg-cet-and-stack-spoofing/
🔥4
ФРИИ и Metascan запускают совместный фонд для инвестиций в проекты в сфере кибербезопасности 🔐
Сделали сильный продукт, но сложно расти дальше? Не получается выстроить системные продажи, выйти в крупные компании или масштабировать бизнес?
Мы ищем B2B-проекты с готовым продуктом и помогаем не только привлечь инвестиции, но и пройти следующий этап роста.
Что получают команды:
— Инвестиции от 5 до 100 млн рублей
— Экспертиза Metascan и доступ к корпоративным клиентам
около 100 компаний, среди которых энтерпрайз, банки, ритейл
— Системная помощь в продажах и масштабировании
работа с трекерами ФРИИ, настройка процессов продаж, архитектурные ревью
ФРИИ – один из крупнейших венчурных фондов и акселераторов России.
Среди портфельных компаний Flowwow, ПравоТех, DocsinBox, Aimoto, PimSolution и др
Metascan – команда практиков в кибербезопасности и offensive security.
Если вы развиваете CyberSec-проект и готовы к следующему этапу роста:
👉 оставляйте заявку
Сделали сильный продукт, но сложно расти дальше? Не получается выстроить системные продажи, выйти в крупные компании или масштабировать бизнес?
Мы ищем B2B-проекты с готовым продуктом и помогаем не только привлечь инвестиции, но и пройти следующий этап роста.
Что получают команды:
— Инвестиции от 5 до 100 млн рублей
— Экспертиза Metascan и доступ к корпоративным клиентам
около 100 компаний, среди которых энтерпрайз, банки, ритейл
— Системная помощь в продажах и масштабировании
работа с трекерами ФРИИ, настройка процессов продаж, архитектурные ревью
ФРИИ – один из крупнейших венчурных фондов и акселераторов России.
Среди портфельных компаний Flowwow, ПравоТех, DocsinBox, Aimoto, PimSolution и др
Metascan – команда практиков в кибербезопасности и offensive security.
Если вы развиваете CyberSec-проект и готовы к следующему этапу роста:
👉 оставляйте заявку
👍6🔥6😱3
From context_handle to type confusion: A Windows RPC Vulnerability Pattern
Original text: “From context_handle to type confusion” — k0shl, Whereisk0Shl (2026-06-26). The prose below is a paraphrase; all code listings, IDL descriptor bytes and crash dumps are reproduced verbatim with attribution captions.
Executive Summary
Context handles are one of the most common building blocks in Microsoft RPC. Inside rpcrt4 a context handle behaves like an…
https://core-jmp.org/2026/06/from-context-handle-to-type-confusion-windows-rpc-2/
Original text: “From context_handle to type confusion” — k0shl, Whereisk0Shl (2026-06-26). The prose below is a paraphrase; all code listings, IDL descriptor bytes and crash dumps are reproduced verbatim with attribution captions.
Executive Summary
Context handles are one of the most common building blocks in Microsoft RPC. Inside rpcrt4 a context handle behaves like an…
https://core-jmp.org/2026/06/from-context-handle-to-type-confusion-windows-rpc-2/
👍4🔥1
iBoot SMMU Bypass and Kernelcache Struct Forgery on Apple Silicon
Original text: “iBoot SMMU Bypass and Kernelcache Struct Forgery” — author not clearly listed, Ghost Wolf Lab (Jun 25, 2026). Code, tables and figures below are reproduced verbatim with attribution captions; Chinese text in the diagrams, code comments and table has been translated into English.
Executive Summary
Apple Silicon’s security model rests on a chain…
https://core-jmp.org/2026/06/iboot-smmu-bypass-kernelcache-struct-forgery/
Original text: “iBoot SMMU Bypass and Kernelcache Struct Forgery” — author not clearly listed, Ghost Wolf Lab (Jun 25, 2026). Code, tables and figures below are reproduced verbatim with attribution captions; Chinese text in the diagrams, code comments and table has been translated into English.
Executive Summary
Apple Silicon’s security model rests on a chain…
https://core-jmp.org/2026/06/iboot-smmu-bypass-kernelcache-struct-forgery/
😱3🔥2
Dissecting and Exploiting Linux LPE Variant: DirtyClone (CVE-2026-43503)
Original text: “Dissecting and Exploiting Linux LPE Variant: DirtyClone (CVE-2026-43503)” — Eddy Tsalolikhin and Or Peles, JFrog Security Research (25 Jun 2026). Code, figures and the PoC video below are reproduced verbatim with attribution captions.
Executive Summary
CVE-2026-43503, nicknamed DirtyClone, is a high-severity (CVSS 8.8) local privilege escalation in the Linux kernel. It is the…
https://core-jmp.org/2026/06/dirtyclone-cve-2026-43503-linux-lpe/
Original text: “Dissecting and Exploiting Linux LPE Variant: DirtyClone (CVE-2026-43503)” — Eddy Tsalolikhin and Or Peles, JFrog Security Research (25 Jun 2026). Code, figures and the PoC video below are reproduced verbatim with attribution captions.
Executive Summary
CVE-2026-43503, nicknamed DirtyClone, is a high-severity (CVSS 8.8) local privilege escalation in the Linux kernel. It is the…
https://core-jmp.org/2026/06/dirtyclone-cve-2026-43503-linux-lpe/
🔥6
Pack2TheRoot (CVE-2026-41651): Local Root on Linux via a PackageKit Race Condition
Original text: “Privilege Escalation: Getting Started with the Pack2TheRoot (CVE-2026-41651) Vulnerability to Escalate Privileges” — aircorridor, Hackers Arise (May 1, 2026). Commands and figures below are reproduced verbatim with attribution captions.
Executive Summary
A high-severity vulnerability nicknamed Pack2TheRoot (CVE-2026-41651) was publicly disclosed and affects the default installation of many Linux distributions. The flaw lives in…
https://core-jmp.org/2026/06/pack2theroot-cve-2026-41651-linux-privilege-escalation/
Original text: “Privilege Escalation: Getting Started with the Pack2TheRoot (CVE-2026-41651) Vulnerability to Escalate Privileges” — aircorridor, Hackers Arise (May 1, 2026). Commands and figures below are reproduced verbatim with attribution captions.
Executive Summary
A high-severity vulnerability nicknamed Pack2TheRoot (CVE-2026-41651) was publicly disclosed and affects the default installation of many Linux distributions. The flaw lives in…
https://core-jmp.org/2026/06/pack2theroot-cve-2026-41651-linux-privilege-escalation/
🔥2
IDT Table Hijacking under VBS/HVCI/kCET in Windows 11
Original text: “IDT Table Hijacking under VBS/HVCI/kCET in Windows 11” — author not clearly listed (Exploit Pack), Exploit Pack blog (June 26, 2026). Figures and the descriptor-format table below are reproduced with attribution captions.
Executive Summary
Modern Windows 11 stacks several kernel-protection layers on top of each other: Virtualization-Based Security (VBS), Hypervisor-protected Code Integrity (HVCI),…
https://core-jmp.org/2026/06/idt-table-hijacking-vbs-hvci-kcet-windows-11/
Original text: “IDT Table Hijacking under VBS/HVCI/kCET in Windows 11” — author not clearly listed (Exploit Pack), Exploit Pack blog (June 26, 2026). Figures and the descriptor-format table below are reproduced with attribution captions.
Executive Summary
Modern Windows 11 stacks several kernel-protection layers on top of each other: Virtualization-Based Security (VBS), Hypervisor-protected Code Integrity (HVCI),…
https://core-jmp.org/2026/06/idt-table-hijacking-vbs-hvci-kcet-windows-11/
🔥4