Blackstorm Security

GPUBreach: A Root Shell Through GPU Abuse — and How Stealthium detects it. stealthium.io/blog/gpubreach… #gpu #infosec #informationsecurity #cybersecurity #vulnerability

C++26 Memory Safety Is the First Serious Answer to the Rewrite Fantasy johnfarrier.com/c26-memory-saf… #programming #cpp #infosec #informationsecurity

Qilin EDR killer infection chain: blog.talosintelligence.com/qilin-edr-kill… #edr #malware #threathunting #informationsecurity #infosec #cybersecurity

The eighth article of the Exploiting Reversing Series (ERS) is now live. Titled “Exploitation Techniques | CVE-2024-30085 (Part 02)” this 91-page technical guide offers a comprehensive roadmap for vulnerability exploitation: exploitreversing.com/2026/03/31/exp… Key features of this edition: [+] Dual Exploit Strategies: Two distinct exploit versions leveraging the I/O Ring mechanism. [+] Exploit ALPC + WNF OOB + Pipe Attributes + I/O Ring: elevation of privilege of a regular user to SYSTEM. [+] Replaced ALPC one-shot write with Pipe Attribute spray for I/O Ring RegBuffers corruption: more reliable adjacency control. [+] Exploit WNF OOB + I/O Ring Read/Write: elevation of privilege of a regular user to SYSTEM. [+] Pure I/O Ring primitive: eliminated ALPC dependency entirely. WNF overflow directly corrupts I/O Ring RegBuffers for arbitrary kernel read/write. [+] Solid Reliability: Two complete, stable exploits, including an improved cleanup stage. This article guides you through two additional techniques for exploiting the CVE-2024-30085 Heap Buffer Overflow. While demonstrated here, these methods can be adapted as exploitation techniques for many other kernel targets. I would like to thank Ilfak Guilfanov (@ilfak ) and Hex-Rays SA (@HexRaysSA ) for their constant and uninterrupted support, which has been vital in helping me produce this series. I hope this serves as a definitive resource for your research. If you find it helpful, please feel free to share it or reach out with your feedback! Enjoy the read and have an excellent day. #exploit #exploitdevelopment #windows #exploitation #vulnerability #minifilterdriver #kernel #heapoverflow #ioring

Homoglyph Attacks: How Lookalike Characters Are Exploited for Cyber Deception: seqrite.com/blog/homoglyph… #threathunting #infosec #informationsecurity #phishing

Before dropping my next article (ERS_08), I’ve updated the ERS 06 article (rev C.1): exploitreversing.com/2026/02/11/exp… This revision features a refined ALPC exploit with a new stage and an extended cleaner stage, ensuring a stable exit and preventing system crashes. I’ve also fixed several minor issues and uploaded a new video demonstrating the practical execution. Enjoy the read and have an excellent day! #vulnerability #exploitation #cybersecurity #windows #exploit

Malwoverview v8.0 (codename: Revolutions) has been released: github.com/alexandreborge… To install its complete version: pip install malwoverview[all] Partial List of Improvements: NEW SERVICE INTEGRATIONS (6): 01. URLScan.io — submit URLs, retrieve results, search scans, search by domain/IP (-u/-U) 02. Shodan — IP lookup and search queries (-s/-S, -ip 4) 03. AbuseIPDB — IP reputation checks (-ab/-AB, -ip 5) 04. GreyNoise — IP classification (-gn/-GN, -ip 6) 05. Whois/RDAP — domain and IP lookups (-wh/-WH) 06. LLM threat enrichment — Claude, Gemini, OpenAI, Ollama (--enrich, --llm) NEW CAPABILITIES (16): 07. Cross-service hash correlation across VT, HA, Triage, AlienVault (--correlate-hash) 08. Batch hash check — Bazaar (-b 11), Hybrid Analysis (-a 16), Triage (-x 8) 09. Directory scan — Bazaar (-b 12), Hybrid Analysis (-a 17), Triage (-x 9) 10. Comprehensive IP lookup across all services (-ip 7) 11. IOC extraction from text, PDF, email, URL (--extract-iocs) 12. YARA rule scanning (--yara, --yara-target) 13. Interactive REPL mode with 22 commands (--interactive) 14. JSON and CSV structured output (--output-format) 15. Result caching with configurable TTL (--no-cache, --cache-ttl) 16. HTTP/HTTPS/SOCKS5 proxy support (--proxy) 17. MITRE ATT&CK technique mapping (--attack-map) 18. Quiet and verbose modes (--quiet, --verbose) 19. HTML/PDF report generation (--report) 20. TUI dashboard mode (--tui) 21. Context-aware LLM prompts — separate threat analysis and CVE analysis prompts 22. LLM provider override from CLI (--llm claude|gemini|openai|ollama) #threathunting #malware #vulnerability #ai #informationsecurity #cybersecurity #cve

EDR killers explained: Beyond the drivers: welivesecurity.com/en/eset-resear… #cybersecurity #edr #informationsecurity #infosec #threathunting

Bypassing Detections with Command-Line Obfuscation: wietzebeukema.nl/blog/bypassing… #cybersecurity #obfuscation #informationsecurity #edr #redteam

Malwoverview 7.1 has just been released: github.com/alexandreborge… This version introduces access to VulnCheck @VulnCheckAI endpoint. To install it: python -m pip install -U malwoverview More information is available on the project website. #vulnerability #cve #cybersecurity

@Lakr233 and @wh1te4ever, you have done an excellent and impressive work. My proof of iOS 26.3.1 full-jailbroken running on macOS. #research #ios

Coruna: A Complete Technical Teardown: nadsec.online/blog/coruna-te… #cybersecurity #threathunting #threatanalysis #informationsecurity #iOS #reverseengineering #exploit

I am excited to release the seventh article in the Exploiting Reversing Series (ERS). Titled “Exploitation Techniques | CVE-2024-30085 (part 01)” this 119-page technical guide offers a comprehensive roadmap for vulnerability exploitation: exploitreversing.com/2026/03/04/exp… Key features of this edition: [+] Dual Exploit Strategies: Two distinct exploit versions using Token Stealing and I/O Ring techniques. [+] Exploit ALPC + PreviousMode Flip + Token Stealing: elevation of privilege of a regular user to SYSTEM. [+] Exploit ALPC + Pipes + I/O Ring: elevation of privilege of a regular user to SYSTEM. [+] Solid Reliability: Two complete working and stable exploits, including an improved cleanup stage. [+] Optimized Exploit Logic: Significant refinements to the codebase and technical execution for better stability and predictability. The article guides you through the two distinct techniques for exploiting the CVE-2024-30085 Heap Buffer Overflow vulnerability. I would like to thank Ilfak Guilfanov (@ilfak on X) and Hex-Rays SA (@HexRaysSA on X) for their constant and uninterrupted support, which has helped me write these articles over time. I hope this serves as a definitive resource for your research. If you find it helpful, please feel free to share it or reach out with your feedback! Enjoy your reading and have an excellent day.

Malwoverview 7.0: Malwoverview is a rapid response tool used to gather intelligence information from multiple sources. github.com/alexandreborge… To install it: python -m pip install -U malwoverview #malware #threathunting #vulnerability #informationsecurity #infosec #blueteam

Trenchant Exec Who Sold His Employer's Zero-Day Exploits to Russian Buyer Sentenced to 7 Years in Prison: zetter-zeroday.com/trenchant-exec… #exploit #cybersecurity #infosec #informationsecurity

Flashingestor A TUI for Active Directory collection. github.com/Macmod/flashin… #activedirectory #informationsecurity #infosec #cybersecurity #ad #ldap #redteam

Clang Hardening Cheat Sheet - Ten Years Later: blog.quarkslab.com/clang-hardenin… #linux #cybersecurity #informationsecurity #vulnerability #infosec

EventLog-in: Propagating With Weak Credentials Using the Eventlog Service in Microsoft Windows (CVE-2025-29969): safebreach.com/blog/safebreac… #cybersecurity #informationsecurity #infosec #vulnerability #cve #windows #exploitation

I am excited to release the extended version of the sixth article in the Exploiting Reversing Series (ERS). Titled "A Deep Dive Into Exploiting a Minifilter Driver (N-day)" this 293-page deep dive offers a comprehensive roadmap for vulnerability exploitation: exploitreversing.com/2026/02/11/exp… Key updates in this extended edition: [+] Dual Exploit Strategies: Two distinct exploit versions. [+] Exploit ALPC Write Primitive Edition: elevation of privilege of a regular user to SYSTEM. [+] Exploit Parent Process ID Spoofing Edition: elevation of privilege of an administrator to SYSTEM. [+] Solid Reliability: A completely stable and working ALPC write primitive. [+] Optimized Exploit Logic: Significant refinements to the codebase and technical execution for better stability and predictability. For those who have read the original release, whose exploit was working, my strong recommendation is that you adopt this extended edition as definitive. The article guides you through the entire lifecycle of an exploit: from initial reverse engineering and vulnerability analysis to multiple PoC developments and full exploitation. I hope this serves as a definitive resource for your research. If you find it helpful, please feel free to share it or reach out with your feedback! Enjoy your reading and have an excellent day day.

I am pleased to announce the publication of the sixth article in the Exploiting Reversing Series (ERS). Titled "A Deep Dive Into Exploiting a Minifilter Driver (N-day)", this 251-page article provides a comprehensive look at a past vulnerability in a mini-filter driver: exploitreversing.com/2026/02/11/exp… It guides readers through the entire investigation process—beginning with binary diffing and moving through reverse engineering, deep analysis and proof-of-concept stages into full exploit development. I hope this serves as a valuable resource for your research. If you enjoy the content, please feel free to share it or reach out with feedback. Have an excellent day!