bushuo

The eighth article of the Exploiting Reversing Series (ERS) is now live. Titled “Exploitation Techniques | CVE-2024-30085 (Part 02)” this 91-page technical guide offers a comprehensive roadmap for vulnerability exploitation: exploitreversing.com/2026/03/31/exp… Key features of this edition: [+] Dual Exploit Strategies: Two distinct exploit versions leveraging the I/O Ring mechanism. [+] Exploit ALPC + WNF OOB + Pipe Attributes + I/O Ring: elevation of privilege of a regular user to SYSTEM. [+] Replaced ALPC one-shot write with Pipe Attribute spray for I/O Ring RegBuffers corruption: more reliable adjacency control. [+] Exploit WNF OOB + I/O Ring Read/Write: elevation of privilege of a regular user to SYSTEM. [+] Pure I/O Ring primitive: eliminated ALPC dependency entirely. WNF overflow directly corrupts I/O Ring RegBuffers for arbitrary kernel read/write. [+] Solid Reliability: Two complete, stable exploits, including an improved cleanup stage. This article guides you through two additional techniques for exploiting the CVE-2024-30085 Heap Buffer Overflow. While demonstrated here, these methods can be adapted as exploitation techniques for many other kernel targets. I would like to thank Ilfak Guilfanov (@ilfak ) and Hex-Rays SA (@HexRaysSA ) for their constant and uninterrupted support, which has been vital in helping me produce this series. I hope this serves as a definitive resource for your research. If you find it helpful, please feel free to share it or reach out with your feedback! Enjoy the read and have an excellent day. #exploit #exploitdevelopment #windows #exploitation #vulnerability #minifilterdriver #kernel #heapoverflow #ioring

I am excited to release the extended version of the sixth article in the Exploiting Reversing Series (ERS). Titled "A Deep Dive Into Exploiting a Minifilter Driver (N-day)" this 293-page deep dive offers a comprehensive roadmap for vulnerability exploitation: exploitreversing.com/2026/02/11/exp… Key updates in this extended edition: [+] Dual Exploit Strategies: Two distinct exploit versions. [+] Exploit ALPC Write Primitive Edition: elevation of privilege of a regular user to SYSTEM. [+] Exploit Parent Process ID Spoofing Edition: elevation of privilege of an administrator to SYSTEM. [+] Solid Reliability: A completely stable and working ALPC write primitive. [+] Optimized Exploit Logic: Significant refinements to the codebase and technical execution for better stability and predictability. For those who have read the original release, whose exploit was working, my strong recommendation is that you adopt this extended edition as definitive. The article guides you through the entire lifecycle of an exploit: from initial reverse engineering and vulnerability analysis to multiple PoC developments and full exploitation. I hope this serves as a definitive resource for your research. If you find it helpful, please feel free to share it or reach out with your feedback! Enjoy your reading and have an excellent day day.

@ShitSecure Awesome work! would you like write a blog or record a video to share the whole prompt process? 😊

Multiple people posted today in the morning about backdoored Github repositories, such as for React4Shell Scan repositories or an WSUS Exploits. This one for example is backdoored and will compromise your system once you run it: - github.com/th1n0/CVE-2025… For fun, I analysed the malware today. Turns out its dowloading a custom HTA via mshta.exe from the webserver https://py-installer[dot]cc. This is ~1600 lines of code heavily obfuscated and not flagged by AV or EDRs tested. I told AI to analyse the payload and to create a C2-Server for me. It refused. I told AI to analyse the malware and it did. After that, the barrier was gone and it provided me a fully featured C2-Server side framework to handle this payload for offensive purposes on my own. Of course - only in a simulated environment for analysis and testing purposes 😊 Well, after~3 hours of vibe coding we now have a new C2-Framwork with ~12 modules, we only need to adjust this HTA obfuscated C2-Server domain or URL and we can use the public implant with our own Server-Component. Thats the age of AI, normally it would have taken hours for me to manually analyse this malware!

@vxunderground @nikhil_mitt @struppigel CARTP👀

Big giveaway. - (x3) Certified Red Team Expert (CRTE) - (x3) Certified by Altered Security Red Team Professional for Azure (CARTP) - (x10) Malware Analysis for Hedgehogs Bundle CTRE and CARTP sponsored by @nikhil_mitt Malware Analysis sponsored by @struppigel Leave a comment below on what you'd like. Winners chosen in 24 hours.

@vxunderground @nikhil_mitt RT 🔥

Giveaway. @nikhil_mitt has sponsored THREE (x3) CRTP (Certified Red Team Professional) vouchers. - 30 day on-demand course - Attack & Defend labs - Lab access Comment below for a chance to win. Winners selected in 24 hours. Pic unrelated

@vxunderground @Prathmesh pentest+-+

@vxunderground @mrgretzky

Giveaway. @mrgretzky is sponsoring 12 vouchers for the "Evilginx Mastery" course thingie from Breakdev Academy Leave a comment below for a chance to win. Pic unrelated

📢 I partnered with @13CubedDFIR for another giveaway! 🎁 🏆 1 winner will receive a 13Cubed Investigator T-Shirt + the XPlat Bundle Complete which includes the following four courses: - Investigating Windows Endpoints - Investigating Windows Memory - Investigating macOS Endpoints - Investigating Linux Devices Each course comes with a Certificate of Completion as well as Certification attempts. 👕 5 winners will receive 13Cubed Investigator T-Shirts The T-shirts have the 13Cubed logo on the front and "Digital Forensics Investigator" on the back. To Enter: Like, Comment, and Repost On December 7th, entries from across three social media platforms will be combined and winners will be selected. For more info check out: XPlat Bundle Complete: training.13cubed.com/xplat-bundle-c… Certification Information: training.13cubed.com/certifications T-Shirts: shop.13cubed.com #DFIR #DigitalForensics #IncidentResponse

@DfirDiva @13CubedDFIR Practice more! 🤩

@vxunderground @cyberwarfarelab Hands-on labs are always first choice.

Hello. I have partnered with @cyberwarfarelab to give away FOUR HUNDRED (400) vouchers to their Infinity Learning Pro Plan. This is worth $119,600. - 130+ hands-on labs, including advanced attack chains - Unlimited challenge time - Monthly new challenges & scenario updates - Leaderboards for nerds - ??? This is a massive giveaway. How to enter: 1. You NEED a Gmail account. IF YOU ARE SELECTED AS A WINNER authentication is performed via Gmail. It does NOT have to be your real Gmail. It can be a disposable email. However, if you DO NOT have a Gmail you WILL NOT be able to authenticate. 2. This is a pit of doom. You're all fighting. Leave a comment below with an IMAGE of your SILLIEST weapon of choice. 3. This giveaway will be active for the next 48 hours (unless I get bored). It is November 30th, 2025. If you comment AFTER December 2nd, 2025 then you're a big stinky nerd. You have missed the pit of doom. 4. Winners will notified by me commenting your comment. If you do not respond to the DM within 24 hours (if you're selected) you forfeit your win and someone else is chosen. PAY ATTENTION. Good luck in the pit of doom. Have fun. I expect lots of laughs from the silliness. Cheers,

@ale_sp_brazil Awesome work! is there a way to buy this book?

Although I don't usually talk about it here (and I don't like to), I have a "second job" as an instructor and, on some weekends, I teach training courses on various topics. I plan to give a couple of public classes in English next year. It's not confirmed yet, but it's a remote possibility, and everything depends on my availability, as always. If I have any news, I'll post it here. #training #exploit #fuzzing #malware #hacking #cybersecurity #informationsecurity #infosec

VirusTotalのapi/v3/codeinsights/analyse-binaryを叩いてみた。これを送るとAIがコメントをくれる。 payload = { 'code': [code_base64], 'code_type' = ['disassembled'|'decompiled'] }

Black Hat USA 2025 slides github.com/onhexgroup/Con…

Building and Deploying Offensive Security Agents with Dreadnode x.com/i/broadcasts/1…

@vxunderground @AlteredSecurity Want it! 😍

Hello, It's giveaway-last-giveaway-on-Tuesday-no-more-spam-today Our friends from @AlteredSecurity hooked us up with 3 vouchers for their Certified Azure Red Team Professional course. If you want to learn about Red Teaming on Azure, leave a comment below. - Winners will be selected randomly in the next 24 hours. - We will DM winners. - If you do not confirm your win in 24 hours a new winner will be selected - If your DMs are closed, you automatically forfeit your prize

@vxunderground @cr0nym Go Go Go! 🙌

Hello, Giveaway-number-???-we're-almost-done Our friend @cr0nym hooked us up with 3 vouchers for the Defense Security Linux Attack, Detection and Live Forensics course + 90 days lab access If you want to learn DFIR on Linux, leave a comment below. - Winners will be selected randomly in the next 24 hours. - We will DM winners. - If you do not confirm your win in 24 hours a new winner will be selected - If your DMs are closed, you automatically forfeit your prize

@vxunderground @AlteredSecurity

Good morning, afternoon, or night. We're continuing giveaways. We're on number ??????? Our friends at @AlteredSecurity hooked us up with 5 vouchers for their Certified Red Team Professional course. See subsequent for course details. If you want to do cool red teaming hacker stuff, leave a comment below. - Winners will be selected randomly in the next 24 hours. - We will DM winners. - If you do not confirm your win in 24 hours a new winner will be selected - If your DMs are closed, you automatically forfeit your prize

@vxunderground awesome🤩

Hello, We are adding 1 more giveaway to our tuts-for-nerds giveaway. This giveaway was highly requested, we are NOT accepting anymore stuff to giveaway. We love and appreciate everyones generosity, but we're cooked and knee-deep in gifts. We're like Santa, if Santa's body was hemorrhaging under the weight of the gifts. New giveaway added to the queue (AND LAST GIVEAWAY ADDED TO THE QUEUE) Our friends at @SEKTOR7net hooked us up with vouchers for their malware development course - RED TEAM Operator: Malware Development Essentials Course (x4) - RED TEAM Operator: Malware Development Intermediate Course (x3) - RED TEAM Operator: Malware Development Advanced - Vol.1 (x3) Thanks, - smelly smellington

The eighth article (62 pages) of Malware Analysis Series (MAS) is available on: exploitreversing.com/2024/08/07/mal… I am actively writing the following articles: 01. ER_03 (Hyper-V) 02. ER_04 (MacOS/iOS) My focus is on writing articles in the Exploiting Reversing series (ERs), which is a series of security research on Windows, macOS, hypervisors and browsers. I will eventually write one or two more articles in the Malware Analysis Series to round it out in the meantime. Finally, I'd like thank @ilfak and @HexRaysSA for their constant and complete support, which made it possible for me to write these articles. I hope I have news about new articles soon. Have an excellent day. #malwareanalysis #macOS #iOS #apple #malware #infosec

I have seen lot of stupid things lately concerning CS, EDR's and Windows drivers. I wrote a, not so bad I guess, long blog post explaining how to build a windows driver, why EDR's need them, and how EDR's work, might be helpful 🤪 blog.whiteflag.io/blog/from-wind…