Forwarded from r3v notes
#win #kernel #vmp #deobfuscation
Вскрытие покажет: анализируем драйвер Windows x64, защищенный VMProtect
https://habr.com/ru/companies/F6/articles/564738/
Вскрытие покажет: анализируем драйвер Windows x64, защищенный VMProtect
https://habr.com/ru/companies/F6/articles/564738/
Хабр
Вскрытие покажет: анализируем драйвер Windows x64, защищенный VMProtect
Анализ вредоносных программ, защищающих себя от анализа, — это всегда дополнительные трудности для вирусного аналитика. Программа может быть обфусцирована, чтобы избежать детектирования сигнатурными и...
❤🔥2🐳2
Some basics about alignment
https://developer.ibm.com/articles/pa-dalign/
https://stackoverflow.com/questions/381244/purpose-of-memory-alignment/381368#381368
https://godbolt.org/z/hS3t49
https://developer.ibm.com/articles/pa-dalign/
https://stackoverflow.com/questions/381244/purpose-of-memory-alignment/381368#381368
https://godbolt.org/z/hS3t49
IBM Developer
Data alignment: Straighten up and fly right
Data alignment is an important issue for all programmers who directly use memory. Data alignment affects how well your software performs, and even if your software runs at all. As this article illustrates, understanding the nature of alignment can also explain…
❤3❤🔥1
Forwarded from Source Byte
First time we see details related to gonjeshke darande ( an Israeli APT )
https://iscisc2025.sbu.ac.ir/fa/Home/Content?id=58
https://iscisc2025.sbu.ac.ir/fa/Home/Content?id=58
🐳1
Forwarded from Source Byte
What I Learned from Reverse Engineering Windows Containers
https://unit42.paloaltonetworks.com/what-i-learned-from-reverse-engineering-windows-containers/
https://unit42.paloaltonetworks.com/what-i-learned-from-reverse-engineering-windows-containers/
🐳1
Forwarded from Source Byte
How to mitigate symbolic link attacks on Windows?
https://www.seljan.hu/posts/how-to-mitigate-symbolic-link-attacks-on-windows/
https://www.seljan.hu/posts/how-to-mitigate-symbolic-link-attacks-on-windows/
🐳3
Forwarded from CyberSecurityTechnologies
#exploit
High severity Windows vulnerabilities:
1⃣ CVE-2025-26686:
RCE in Windows 10/11/Srv TCP/IP stack
// leaves sensitive memory unlocked, allowing remote attackers to hijack systems. Exploitable over the network, it risks full compromise. Patch now..
2⃣ CVE-2025-60710:
LPE in Taskhost Windows Tasks
// Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally
3⃣ CVE-2025-54110:
Windows Kernel Integer Overflow Privilege Escalation
// high-severity vulnerability in Windows Kernel that arises from improper handling of integer values during memory allocation
4⃣ CVE-2025-54918:
Improper authentication in Windows NTLM
// Simulated exploitation and mitigation of CVE-2025-54918 (Win NTLM flaw). Incl. detection scripts, Ansible patching, CI/CD hardening. Demonstrates PrivEsc from low-level access to SYSTEM in hybrid cloud environments
// Disclaimer
High severity Windows vulnerabilities:
1⃣ CVE-2025-26686:
RCE in Windows 10/11/Srv TCP/IP stack
// leaves sensitive memory unlocked, allowing remote attackers to hijack systems. Exploitable over the network, it risks full compromise. Patch now..
2⃣ CVE-2025-60710:
LPE in Taskhost Windows Tasks
// Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally
3⃣ CVE-2025-54110:
Windows Kernel Integer Overflow Privilege Escalation
// high-severity vulnerability in Windows Kernel that arises from improper handling of integer values during memory allocation
4⃣ CVE-2025-54918:
Improper authentication in Windows NTLM
// Simulated exploitation and mitigation of CVE-2025-54918 (Win NTLM flaw). Incl. detection scripts, Ansible patching, CI/CD hardening. Demonstrates PrivEsc from low-level access to SYSTEM in hybrid cloud environments
// Disclaimer
❤🔥1