MatheuZ

github.com/MatheuZSecurit… Hey guys, I posted a really cool zine in pure TXT about Unhooking Linux EDR, attacking the cleanup_module function, to be able to remove any hook from an EDR for example. Feel free to read.

Reminder that our CFP is still running! 🔥 Including the Rootkit Competition

Phrack wants your art! The theme for this issue is retro sci-fi / old-school cybernetic futures. CRT glow, vector grids, space paranoia, BBS aesthetics, analog cyberpunk, forgotten futures. But we accept all kinds of contributions :) ANSI, illustration, collage, renders, weird experiments. Send it to: arts@phrack.org Deadline June 30th

LLMs told me that @MatheuzSecurity created a open-source Linux kernel rootkit called "Singularity". You should take look: github.com/MatheuZSecurit…

@extencil Check out the Singularity rootkit guys😂🤣

@heyZeus131313 You're mixing unrelated things. Residential proxies explain IP origin, not who wrote the code. The rootkits mentioned are Brazilian, and there are others as well this is about authorship and technical scene, not attack location.

@MatheuzSecurity Brazil is just a massive residential proxy exit node. These are all coming from other places. Not Brazil. 🇧🇷

Brazil is a Linux kernel rootkit factory. Diamorphine, Brokepkg, KoviD, Reptile and now Singularity. Some of the most well-known Linux kernel rootkits came from Brazilian researchers. Brazil has a crazy strong scene in linux rootkit development

@NoirBurner Thank you very so much!

@MatheuzSecurity I love when people keep the culture alive I have been writing e-zines for a while but is hard to find people doing it now a days... amazing job

github.com/MatheuZSecurit… Hey guys, I posted a really cool zine in pure TXT about Unhooking Linux EDR, attacking the cleanup_module function, to be able to remove any hook from an EDR for example. Feel free to read.

@duket2122 I've spoken with the creators of Kovid, Diamorphine, and Brokepkg. Reptile's creator is Brazilian and has even spoken at a Brazilian conference. Do some research or get basic knowledge before giving your opinion Furthermore, I am the creator of Singularity and I am Brazilian :)

@MatheuzSecurity I'm not, but you, indeed, are

@duket2122 lol are you completely delusional?

@MatheuzSecurity None of these are from Brazilians and I mean it because I am Brazilian and work in this field. None are Brazilians.

@who1sroot Yes, you can find a repository with the Reptile files here: codeberg.org/hardenedvault/… Github was taking down several repositories a while back, so I think it's a good idea to take projects from GitHub and upload them to a Gitea instance to avoid "disappearing from the internet".

@MatheuzSecurity Talking about Reptile, the GH repo (and it's forks) got nuked. Does anyone have a copy? Also, I have been thinking of running a Gitea instance of only "dangerous"/blacklisted repos (Reptile, Havoc, various RATs etc), "for archival purposes only", what do you guys think?

@Vindix007 That's a different discussion though. I'm talking about Linux kernel rootkit research, not desktop OS popularity. And even on Windows, Brazil has had a strong offensive security scene for a long time.

@MatheuzSecurity Strong presence in Linux, but the vast majority of the population uses Winblow$ 11.

@m0nadlabs That's very interesting, I'll take a look

Brokepkg and Kovid? Never heard of them. I also had written one for FreeBSD, probably way before those ones you mentioned. I had implemented hooking via debug registers, keylogger through the keyboard driver and some other features. It was a nice project to tinker with computers back then. :) Rootkits em kernel space - Redshift, um rootkit para o kernel do FreeBSD pt.slideshare.net/slideshow/root…

@andersonc0d3 Damn, that's really cool. Great work! I had no idea about Redshift. Another one for the Brazilian rootkit hall of fame 😄

Wrote 5k lines for this zine

@41327_ I used an ASCII art I found on that site, and it turned out really good in this zine, I got it from here: emojicombos.com/ghost-ascii-art

@MatheuzSecurity howd you make that ascii art? looks sharp

@the_cia_hacker I really love reading zines, there are a lot of cool ones on Exploit-DB too: exploit-db.com/ezines/kr5hou2…

@MatheuzSecurity github.com/d3f4ultt/OpNas…

@true_amateur Sup, this is my zine that I'm going to submit to phrack.org this year.

@MatheuzSecurity Don't be shy, share the tech stack 😁

@encrypted_past Sup, this is my zine that I'm going to submit to phrack.org this year.

@MatheuzSecurity Linksies? :3

@matthewjmadura Sup, this is my zine that I'm going to submit to phrack.org this year.

@MatheuzSecurity Looks great and subjects are interesting. Any link?