GKarAnThe0nly1

Mimikatz Missing Manual His goal was to create the "Missing Manual" that explains not just the commands, but the why and the how of the Windows protocols being manipulated. darkoperator.github.io/mimikatz-missi… #redteam #blueteam #dfir #pentesting #mimikatz

Also improved my Novel Process Injection technique, it's still failing depending on which opened handles were found. But the evasion rates are great. Let me know your feedback and possible improvements github.com/S12cybersecuri…

During your pentest mission, please don’t make the same mistake I did. Add printer IPs to your exclusion list when running Nuclei. Otherwise, the printer will interpret every packet sent to port 9100 as a print job.

Can LNK files ever be trusted? ⚡ My latest blog post demonstrates several new LNK abuse methods, allowing you to fully spoof the target shown in Explorer. It also introduces tools to create your own LNKs, and detected spoofed ones yourself. 🐬 wietzebeukema.nl/blog/trust-me-…

Ever wanted to draw a triangle with OpenGL as a 2kb position-independent shellcode? No? Me neither. But you can do it anyway: github.com/wbenny/scfw

If you have any good public discord server with audience to suggest on WindowsOS Dev , Mobile OS Android/iOS Dev & internals, SDR/Baseband/Sigint dev & internals, Embedded Development, RTOS, Architecture, Telco etc lmk always looking to stay up to date with the newest events.

A Deep Dive into WhatsApp 0-Click Exploits on iOS and Samsung Devices media.ccc.de/v/39c3-dngerou…

WhatsApp End-to-End Encryption vs. Forensic Extraction Although WhatsApp uses end-to-end encryption to protect messages, calls, and shared media during transmission, this protection only applies while the data is moving between devices. Once the content reaches the device, it is stored unencrypted within WhatsApp’s local databases and media folders. Out of the volumes of content, such as 733,543 WhatsApp messages, along with videos, audios, images, and documents. I was able to get a conversation between my kid sister @ama_Anyemedu in November 11, 2020. The chat preview shows a typical WhatsApp conversation recovered from a mobile forensic extraction. At the top of the chat, WhatsApp displays the standard banner “Messages are now secured with end-to-end encryption.” This banner simply means that when messages are being transmitted between two devices, WhatsApp’s servers cannot read them because they are protected by encryption keys stored only on the users’ devices. However, end-to-end encryption does NOT protect data stored on the device itself. Mobile forensics work by accessing the phone’s internal storage, not by intercepting messages from WhatsApp servers. Once a device is unlocked or decrypted by the lawful extraction process, the tool can read the local WhatsApp databases stored on the device (usually the `msgstore.db` and related SQLite databases). This is why, despite the presence of the "end-to-end encryption" banner, the forensic tool is still able to extract: * Full chat history * Timestamps * Participants * Message contents * Attachments * Deleted messages (if still recoverable in the database) End-to-end encryption protects data in transit, not data *at rest* on the device. Forensic tools exploit lawful access to the device’s decrypted file system, enabling them to parse and display the stored WhatsApp database, which is why you can see the complete message timeline, content, and timestamps on the right side.

Like a fairytale before going to sleep: securelist.com/finspy-unseen-…

Hypervisors for Memory Introspection and Reverse Engineering by @memn0ps secret.club/2025/06/02/hyp…

I made a CTF challenge a couple years ago which required decrypting Ekko sleep obfuscation from a memory dump. It had ~5 solves by the end of the CTF. Here's a writeup on it elvisblue.github.io/posts/nahamcon…

We're excited to announce the formation of Catalyst Security! We're a new company started by a small group of experienced vulnerability researchers, focused solely on innovative research. catalystsecurity.com

Thread Execution Hijacking is one of the well-known methods that can be used to run implanted code. In this blog we introduce a new injection method, that is based on this classic technique, but much stealthier - Waiting Thread Hijacking. Read More : research.checkpoint.com/2025/waiting-t…

ETW is an incredibly powerful tool in the wrong hands. Just finished writing about how it allows drivers to hook context switches on Windows 11 24H2 while remaining PatchGuard and HVCI compatible: archie-osu.github.io/etw/hooking/20…

Getting code execution in a process that cannot be located using traditional kernel APIs and is untouchable from usermode? All while staying PatchGuard-friendly? Sign me up: archie-osu.github.io/2025/04/13/pow…

Dug into @RiotVanguard's kernel driver's dispatch table hooks. The article took an unexpected turn half way through, as I found some not yet documented stuff, such as the complete list of system calls hooked by the driver. Article link: archie-osu.github.io/2025/04/11/van…

A small demo/tutorial on unpacking executables with #PEsieve and #TinyTracer: hshrzd.wordpress.com/2025/03/22/unp… - automatic OEP finding, reconstructing IAT, avoiding antidebugs and fixing imports broken by shims

Join @cyril_t_f and #ElasticSecurityLabs in exposing ABYSSWORKER, a malicious driver that silences #EDR tools and is distributed via the MEDUSA #ransomware. Get the deep details: go.es.io/4bFKnr5