MOIS Linked MOIST GRASSHOPPER / Homeland Justice / KarmaBelow80 / Handala Hackers / Campaigns and Evolution
The evidence examined across this analysis spanning U.S. government reporting, private-sector threat intelligence research, passive DNS and infrastructure enrichment, and longitudinal review of archived web and Telegram content supports a high-confidence assessment that the personas Homeland Justice, Karma, and Handala do not represent discrete or ideologically independent hacktivist groups. Rather, they constitute a coordinated, MOIS-aligned cyber influence ecosystem operating under multiple branded identities that serve distinct but complementary operational roles.
https://dti.domaintools.com/research/mois-linked-moist-grasshopper-homeland-justice-karmabelow80-handala-hackers-campaigns-and-evolution
The evidence examined across this analysis spanning U.S. government reporting, private-sector threat intelligence research, passive DNS and infrastructure enrichment, and longitudinal review of archived web and Telegram content supports a high-confidence assessment that the personas Homeland Justice, Karma, and Handala do not represent discrete or ideologically independent hacktivist groups. Rather, they constitute a coordinated, MOIS-aligned cyber influence ecosystem operating under multiple branded identities that serve distinct but complementary operational roles.
https://dti.domaintools.com/research/mois-linked-moist-grasshopper-homeland-justice-karmabelow80-handala-hackers-campaigns-and-evolution
👍2🔥2
Debugging - WinDBG(X) Automation & Scripting - Part 1
https://www.corelan.be/index.php/2026/04/17/debugging-windbgx-automation-scripting-part-1/
https://www.corelan.be/index.php/2026/04/17/debugging-windbgx-automation-scripting-part-1/
🔥2👎1
Introduction to SMM Rootkit
Some of the most powerful malware include kernel rootkits, hypervisor rootkits, and UEFI bootkits. However, one malware that is (had) more powerful than these is the System Management Mode (SMM) rootkit.
In this article, we will introduce the basics of SMM and then explain how SMM rootkits work and the threats they pose. We will also explain how well SMM rootkits will work on today's PCs, taking into account the current trend of SMMs being weakened.
https://engineers.ffri.jp/entry/2026/04/20/000000
Some of the most powerful malware include kernel rootkits, hypervisor rootkits, and UEFI bootkits. However, one malware that is (had) more powerful than these is the System Management Mode (SMM) rootkit.
In this article, we will introduce the basics of SMM and then explain how SMM rootkits work and the threats they pose. We will also explain how well SMM rootkits will work on today's PCs, taking into account the current trend of SMMs being weakened.
https://engineers.ffri.jp/entry/2026/04/20/000000
🔥6❤2👍1
Beware scam messages offering ships safe transit through Hormuz Strait, says security firm
https://www.straitstimes.com/world/middle-east/scam-messages-offering-ships-safe-transit-through-hormuz-security-firm-warns
https://www.straitstimes.com/world/middle-east/scam-messages-offering-ships-safe-transit-through-hormuz-security-firm-warns
💔2
where did the kelp $292m go? anatomy of a $292m laundering.
https://x.com/the_smart_ape/status/2047233756046438654
https://x.com/the_smart_ape/status/2047233756046438654
🔥3
HTA writing files when Windows doesnt want it to
https://branestawmc.pages.dev/posts/2025-07-24-HTA-writing-files-when-Windows-doesnt-want-it-to
https://branestawmc.pages.dev/posts/2025-07-24-HTA-writing-files-when-Windows-doesnt-want-it-to
❤5👾1
Forwarded from Iman's dmesg
Some programs only accept filenames, even when input comes from a pipe. A common convention is
Example from
That's what makes this work:
But
On Linux,
Ref:
- https://cgit.git.savannah.gnu.org/cgit/diffutils.git/tree/src/diff.c#n1481
- https://github.com/systemd/systemd/blob/v260.1/src/shared/dev-setup.c#L22
- for stdin, but each program has to implement that itself.Example from
diffutils:if (STREQ (cmp.file[f].name, "-")) {
fd = STDIN_FILENO; // <- THIS
...
}That's what makes this work:
ls | diff -u - oldfilelist
But
/dev/fd/0 avoids depending on that convention. It gives the current process's stdin a real pathname:ls | diff -u /dev/fd/0 oldfilelist
On Linux,
/proc/self/fd comes from the kernel via procfs, while /dev/fd, /dev/stdin, /dev/stdout, and /dev/stderr are usually set up in early userspace by udev.Ref:
- https://cgit.git.savannah.gnu.org/cgit/diffutils.git/tree/src/diff.c#n1481
- https://github.com/systemd/systemd/blob/v260.1/src/shared/dev-setup.c#L22
❤2
Forwarded from -
ما با موفقیت به اپراتور همراه اول و نظام صنفی رایانه ای کشور نفوذ کردیم و جزئیات این اقدام که در اعتراض به اینترنت پرو انجام شده بزودی منتشر خواهد شد
🔥5👏3❤2🤔2🤯2💔2
-
ما با موفقیت به اپراتور همراه اول و نظام صنفی رایانه ای کشور نفوذ کردیم و جزئیات این اقدام که در اعتراض به اینترنت پرو انجام شده بزودی منتشر خواهد شد
[ + ] They appear from no where
[ + ] say we are fighting GOV
[ + ] leak some MCI internal chats
[ + ] start sharing VPNs
plz don't fight 😆
[ + ] say we are fighting GOV
[ + ] leak some MCI internal chats
[ + ] start sharing VPNs
plz don't fight 😆
❤8👎1👏1🗿1
LLM Internals
Learn LLM internals step by step - from tokenization to attention to inference optimization.
https://github.com/amitshekhariitbhu/llm-internals
Learn LLM internals step by step - from tokenization to attention to inference optimization.
https://github.com/amitshekhariitbhu/llm-internals
❤4👍3👾3🔥1
Ghost Operators: How Israeli Telecoms Were Exploited to Track Citizens Worldwide
Report shows how an SMS exploit turns smartphones into tracking devices – and how 4G and 5G networks are abused
https://www.haaretz.com/israel-news/security-aviation/2026-05-03/ty-article-magazine/ghost-operators-how-israeli-telecoms-were-exploited-to-track-citizens-worldwide/0000019d-e9c0-dd9a-a79d-ede90a450000
Report shows how an SMS exploit turns smartphones into tracking devices – and how 4G and 5G networks are abused
https://www.haaretz.com/israel-news/security-aviation/2026-05-03/ty-article-magazine/ghost-operators-how-israeli-telecoms-were-exploited-to-track-citizens-worldwide/0000019d-e9c0-dd9a-a79d-ede90a450000
❤7👍1
Copy Fail (CVE-2026-31431): Technical summary of this Linux flaw
https://www.linuxtricks.fr/news/10-logiciels-libres/600-copy-fail-cve-2026-31431-synthese-technique-sur-cette-faille-linux/
https://www.linuxtricks.fr/news/10-logiciels-libres/600-copy-fail-cve-2026-31431-synthese-technique-sur-cette-faille-linux/
❤4🔥1
Forwarded from Stuff for Geeks (Нossein)
USB Made Simple
An introduction to USB
https://web.archive.org/web/20141226231324/http://www.usbmadesimple.co.uk/ums_1.htm
An introduction to USB
https://web.archive.org/web/20141226231324/http://www.usbmadesimple.co.uk/ums_1.htm
web.archive.org
USB Made Simple - Part 1
Introduction to USB.
❤2
gdrv3.sys – Reverse Engineering a Signed Kernel Driver with 13 Hardware Access Primitives
https://core-jmp.org/2026/05/gdrv3-sys-reverse-engineering-a-signed-kernel-driver-with-13-hardware-access-primitives/
https://core-jmp.org/2026/05/gdrv3-sys-reverse-engineering-a-signed-kernel-driver-with-13-hardware-access-primitives/
🔥2❤1
A critical no-interaction proximal/adjacent remote code execution vulnerability in adbd's ADB-over-TCP authentication path.
https://barghest.asia/blog/cve-2026-0073-adb-tls-auth-bypass/
#CVE-2026-0073
https://barghest.asia/blog/cve-2026-0073-adb-tls-auth-bypass/
#CVE-2026-0073
❤2
How an Omitted Write Barrier in V8 Turns Into RCE in Chrome: #CVE-2026-5865
https://nebusec.ai/research/v8-maglev-incorrect-phis-untagging/
https://nebusec.ai/research/v8-maglev-incorrect-phis-untagging/
🔥3