Hacking

195 bookmarks

Custom sorting

Leveraging Raw Disk Reads to Bypass EDR | by Christopher Ellis | Workday Technology Blog | Sep, 2025 | Medium

Leveraging Raw Disk Reads to Bypass EDR Drivers are a common part of every Windows environment, and many of them provide low-level functionality. This blog details how to connect with a default …

·medium.com·Sep 4, 2025

Leveraging Raw Disk Reads to Bypass EDR | by Christopher Ellis | Workday Technology Blog | Sep, 2025 | Medium

GitHub - 0x4m4/hexstrike-ai: HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly bridge LLMs with real-world offensive security capabilities.

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug b...

·github.com·Sep 3, 2025

fkie-cad/cwe_checker: cwe_checker finds vulnerable patterns in binary executables

cwe_checker finds vulnerable patterns in binary executables - fkie-cad/cwe_checker

#vulnerability #vulnerability-scanner #code-analysis #binary-analysis #binary-exploits

·github.com·Aug 19, 2025

fkie-cad/cwe_checker: cwe_checker finds vulnerable patterns in binary executables

Print3M/DllShimmer: Weaponize DLL hijacking easily. Backdoor any function in any DLL.

Weaponize DLL hijacking easily. Backdoor any function in any DLL. - Print3M/DllShimmer

#dll-hijacking #dll-sideload

·github.com·Aug 19, 2025

Print3M/DllShimmer: Weaponize DLL hijacking easily. Backdoor any function in any DLL.

the tigress c obfuscator

#obfuscation #malware-evasion #malware-dev

·tigress.wtf·Jul 25, 2025

the tigress c obfuscator

Loki: Hardening Code Obfuscation Against Automated Attacks

#malware-evasion #obfuscation

·usenix.org·Jul 24, 2025

Loki: Hardening Code Obfuscation Against Automated Attacks

GitHub - BlackSnufkin/LitterBox: A secure sandbox environment for malware developers and red teamers to test payloads against detection mechanisms before deployment. Integrates with LLM agents via MCP for enhanced analysis capabilities.

A secure sandbox environment for malware developers and red teamers to test payloads against detection mechanisms before deployment. Integrates with LLM agents via MCP for enhanced analysis capabil...

#malware-analysis #malware-dev

·github.com·Jul 23, 2025

ghostsecurity/reaper: 💀 Don't fear the Reaper 👻

💀 Don't fear the Reaper 👻

·github.com·Jul 1, 2025

ghostsecurity/reaper: 💀 Don't fear the Reaper 👻

.NET GAC and NIC hijacking for lateral movement - ...

#lateral-movement #.net

·williamknowles.io·Apr 30, 2025

.NET GAC and NIC hijacking for lateral movement - ...

io_uring Rootkit Bypasses Linux Security Tools - ARMO

ARMO reveals how io_uring enables rootkits to bypass major Linux security tools like Falco, and Defender. Learn about the Curing rootkit and detection strategies.

#linux-hacking #linux-malware #ebpf

·armosec.io·Apr 25, 2025

io_uring Rootkit Bypasses Linux Security Tools - ARMO

lwthiker/curl-impersonate: curl-impersonate: A special build of curl that can impersonate Chrome & Firefox

curl-impersonate: A special build of curl that can impersonate Chrome & Firefox - lwthiker/curl-impersonate

·github.com·Apr 3, 2025

lwthiker/curl-impersonate: curl-impersonate: A special build of curl that can impersonate Chrome & Firefox

FunnyWolf/Viper: A Unified Platform for Adversary Emulation and Red Team Operations

A Unified Platform for Adversary Emulation and Red Team Operations - FunnyWolf/Viper

#threat-emulation

·github.com·Mar 31, 2025

FunnyWolf/Viper: A Unified Platform for Adversary Emulation and Red Team Operations

DosX-dev/Astral-PE: Astral-PE is a low-level mutator (headers obfuscator) for native Windows PE files (x32/x64)

Astral-PE is a low-level mutator (headers obfuscator) for native Windows PE files (x32/x64) - DosX-dev/Astral-PE

#packer #obfuscation

·github.com·Mar 26, 2025

DosX-dev/Astral-PE: Astral-PE is a low-level mutator (headers obfuscator) for native Windows PE files (x32/x64)

wietze/ArgFuscator.net: ArgFuscator.net is an open-source, stand-alone web application that helps generate obfuscated command lines for common system-native executables.

ArgFuscator.net is an open-source, stand-alone web application that helps generate obfuscated command lines for common system-native executables. - wietze/ArgFuscator.net

·github.com·Feb 7, 2025

wietze/ArgFuscator.net: ArgFuscator.net is an open-source, stand-alone web application that helps generate obfuscated command lines for common system-native executables.

WorstFit: Unveiling Hidden Transformers in Windows ANSI!

📌 This is a cross-post from DEVCORE. The research was first published at Black Hat Europe 2024. Personally, I would like to thank splitline, the co-author of this research & article, whose help

·blog.orange.tw·Jan 10, 2025

WorstFit: Unveiling Hidden Transformers in Windows ANSI!

hardenedlinux/userland-exec: Userland exec PoC to be used as attack vector technique

Userland exec PoC to be used as attack vector technique - hardenedlinux/userland-exec

#selinux

·github.com·Dec 31, 2024

hardenedlinux/userland-exec: Userland exec PoC to be used as attack vector technique

devttys0/delink

#routers #IoT

·github.com·Dec 23, 2024

devttys0/delink

xaitax/TotalRecall: This tool extracts and displays data from the Recall feature in Windows 11, providing an easy way to access information about your PC's activity snapshots.

This tool extracts and displays data from the Recall feature in Windows 11, providing an easy way to access information about your PC's activity snapshots. - xaitax/TotalRecall

#windows-hacking

·github.com·Dec 4, 2024

xaitax/TotalRecall: This tool extracts and displays data from the Recall feature in Windows 11, providing an easy way to access information about your PC's activity snapshots.

two06/CerealKiller: .NET deserialization hunter

.NET deserialization hunter.

#deserialization #.net

·github.com·Dec 4, 2024

two06/CerealKiller: .NET deserialization hunter

Kudaes/Shelter: ROP-based sleep obfuscation to evade memory scanners

ROP-based sleep obfuscation to evade memory scanners - Kudaes/Shelter

#evasion #shellcode #obfuscation

·github.com·Dec 4, 2024

Kudaes/Shelter: ROP-based sleep obfuscation to evade memory scanners

Scheduled Task Tampering

Microsoft recently published an article that documented how the HAFNIUM threat actor leveraged a flaw in how scheduled tasks are stored in the registry to hide their presence.

#scheduled-tasks #windows-hacking

·labs.withsecure.com·Dec 4, 2024

Scheduled Task Tampering

Listen to the whispers: web timing attacks that actually work

Websites are riddled with timing oracles eager to divulge their innermost secrets. It's time we started listening to them. In this paper, I'll unleash novel attack concepts to coax out server secrets

#web-hacking #timing-attacks

·portswigger.net·Dec 4, 2024

Listen to the whispers: web timing attacks that actually work

Malicious Registry Timestamp Manipulation Technique: Detecting Registry Timestomping

#windows #windows-hacking #time-stomping

·inversecos.com·Nov 25, 2024

Malicious Registry Timestamp Manipulation Technique: Detecting Registry Timestomping

The Definitive Guide to Linux Process Injection | Akamai

In this blog post, we document Linux process injection techniques, and explain how to detect and mitigate them.

#process-injection #linux-hacking

·akamai.com·Nov 14, 2024

The Definitive Guide to Linux Process Injection | Akamai

SELinux bypasses | Klecko Blog

This post aims at giving an overview of what SELinux is, how it is implemented, and how to bypass it, from the point of view of Android kernel exploitation.

#selinux

·klecko.github.io·Oct 21, 2024

SELinux bypasses | Klecko Blog