Source Code Botnet Hook
– Grabbers and Stealers:
All bugs squashed and optimization cranked up for smoother operation.
– Builder & ObfuscaAPK:
APK builds now use domains instead of IPs. IP flip? Just point the domain — no client drop-offs!
– VNC & TCP Tunneling:
Compatibility patched, plus a fresh tunneling method for lightning-fast performance.
– Device Compatibility:
Locked in support for Chinese handsets and the latest Android 15, 16
– Client Panel Fixes:
No more random disconnects — sessions stay rock-solid.
– Anti-Uninstallation:
Beefed-up defenses to keep your payloads glued in place.
– Bonus Tweaks:
A slew of under-the-hood enhancements for that extra edge.
Rustbof
#bof #coff #beacon #rust @reconcore
This project enables the development of BOFs using Rust with full no_stdsupport. It leverages Rust's safety features and modern tooling while producing small, efficient COFF objects.
The framework provides everything needed for BOF development. The build process compiles your code to a static library, which boflink then links into a COFF object with proper relocations and imports for Beacon's dynamic function resolution.
#bof #coff #beacon #rust @reconcore
CVE-2026-1357
#cve #rce #poc @reconcore
WPvivid Backup & Migration ≤ 0.9.123 Unauthenticated RCE PoC (Cryptographic Fail-Open + Path Traversal)
#cve #rce #poc @reconcore
GitHub
GitHub - halilkirazkaya/CVE-2026-1357: CVE-2026-1357 — WPvivid Backup & Migration ≤ 0.9.123 Unauthenticated RCE PoC (Cryptographic…
CVE-2026-1357 — WPvivid Backup & Migration ≤ 0.9.123 Unauthenticated RCE PoC (Cryptographic Fail-Open + Path Traversal) - halilkirazkaya/CVE-2026-1357
Living off the Process
CodefromBlog
#technique #shellcode #asm @reconcore
This is a technique that does as the name implies: We use what is already available to us in the remote process of our choosing to accomplish a given goal. In this case, the goal will be to write shellcode indirectly into the remote process with as low of a footprint as possible. When I say indirectly, I mean we won’t be using WriteProcessMemory to write the shellcode. That API does play a small role, but ultimately we will be indirectly writing our shellcode in 8 byte chunks using ROP gadgets and assembly stubs all made available in the remote process. We will also avoid the creation of RWX regions of memory.
CodefromBlog
#technique #shellcode #asm @reconcore
🤯1🎉1
Media is too big
VIEW IN TELEGRAM
Zero Day Ransomware vs Popular Antivirus and EDR
#raas #ransomware #zeroday #malware #av #edr @reconcore
#raas #ransomware #zeroday #malware #av #edr @reconcore
🎉2
This media is not supported in your browser
VIEW IN TELEGRAM
CVE-2026-21508 - Windows Local Privilege Escalation via arbitrary COM object initialization
CVE-2026-21508_PoC
#vulnerability #research #windows #cve #poc #eop @reconcore
This vulnerability essentially works by forcing a process running as system and that uses the undocumented function Windows_Storage!_SHCoCreateInstance, to create an arbitrary COM object of our choice. For this to happen, the object must be associated with an already registered COM class that supports CLSCTX_INPROC_SERVER. Arbitrary COM object creation is archived by manipulating a CoCreateInstance call first argument
CVE-2026-21508_PoC
#vulnerability #research #windows #cve #poc #eop @reconcore
❤1🎉1
→ SwaggerSpy - Automated OSINT on SwaggerHub
→ RedTiger-Tools - Open-Source Security Multi-Tool
→ ASN - ASN Lookup Tool and Traceroute Server
→ SatIntel - OSINT tool for Satellites. Extract satellite telemetry, receive orbital predictions, and parse TLEs
#tools #osint @reconcore
→ RedTiger-Tools - Open-Source Security Multi-Tool
→ ASN - ASN Lookup Tool and Traceroute Server
→ SatIntel - OSINT tool for Satellites. Extract satellite telemetry, receive orbital predictions, and parse TLEs
#tools #osint @reconcore
GitHub
GitHub - UndeadSec/SwaggerSpy: Automated OSINT on SwaggerHub
Automated OSINT on SwaggerHub. Contribute to UndeadSec/SwaggerSpy development by creating an account on GitHub.
🔥2🎉1
STProcessMonitorBYOVD
持续演进的银狐——不断增加脆弱驱动通过BYOVD结束防病毒软件
(附CVE-2025-70795)
#av #edr #driver @reconcore
One more BYOVD. STProcessMonitor driver is not in Windows vulnerable driver blocklist and allows to terminate AV / EDR processes.
持续演进的银狐——不断增加脆弱驱动通过BYOVD结束防病毒软件
(附CVE-2025-70795)
#av #edr #driver @reconcore
❤2🎉1
PANIX - Persistence Against *NIX
#techniques #tools #linux @reconcore
Customizable Linux Persistence Tool for Security Research and Detection Engineering.
www.rgrosec.com/
#techniques #tools #linux @reconcore
DotNetPELoader
[Tools] dotNetPELoader——A C# PE loader for x64 and x86 PE files.
#pe #loader @reconcore
A C# PE loader for x64 and x86 PE files.
Recently, when I was developing a fileless execution method for DuplexSpy RAT version 2, I could hardly find a C#-based x86 PE loader.
Most existing implementations I found were x64-only, such as the one developed by Casey Smith . Therefore, I decided to develop a C#-based x86 PE loader myself.
This console application allows you to load either x86 or x64 PE files into memory. First, it reads the file bytes from the specified file path, then determines the architecture of both the loader and the target PE file.
An x64 PE cannot be loaded by an x86 loader, and vice versa.
[Tools] dotNetPELoader——A C# PE loader for x64 and x86 PE files.
#pe #loader @reconcore
🎉1