eleven red pandas

👁️ LOLC2 Collection of C2 frameworks abusing legitimate services to evade detection Major update: new projects tested, enriched data, and deeper insights. site: lolc2.github.io github: github.com/lolc2/lolc2.gi…

The article analyzes the macOS secure boot chain on Apple Silicon, showing how Boot ROM, cryptographic verification, Secure Enclave, and staged bootloaders create a hardware-anchored chain-of-trust that protects the OS from power-on to kernel startup. core-jmp.org/2026/03/bootin…

The article introduces BYOUD, a Windows evasion technique that manipulates unwind metadata to spoof call stacks without altering return addresses, allowing malware to bypass EDR stack inspection and appear as legitimate execution. core-jmp.org/2026/03/invisi…

tool that bypasses iOS SSL Pinning using OpenVPN + iptables — works with Burp Suite & mitmproxy out of the box. 👇 GitHub github.com/SahilH4ck4you/…

Hacking prison doors remotely, like in movies: vulnerabilities in Net2 ACUs from Paxton. 🚪💳🔗👩🏻‍💻🔓 More details on: LinkedIn: linkedin.com/posts/dlaskov_… Substack: it4sec.substack.com/p/hacking-pris…

The article explains Microsoft’s ODR mechanism for native MCP registration, enabling AI agents to discover and invoke system tools through the Model Context Protocol, preparing Windows for secure agent-driven workflows and integrations. core-jmp.org/2026/03/odr-in…

CVE-2026-25769 - Remote Code Execution via Insecure Deserialization in Wazuh Cluster github.com/hakaioffsec/CV…

ComfyUI-Manager RCE（CVE-2026-22777）Miner Attack mp.weixin.qq.com/s/Jh36L3UnvjNr…

The article demonstrates how to bypass the Winsock layer by communicating directly with the Windows AFD driver using Native API calls. It explains how socket operations can be replicated via IOCTLs and how this reduces reliance on standard networking APIs. core-jmp.org/2026/03/nt-afd…

CVE-2025-41245 / CVE-2026-22721 VMware Aria Operations that enable credential disclosure and privilege escalation. Attackers with limited access can escalate privileges and gain administrative control over the infrastructure monitoring platform. core-jmp.org/2026/03/vulner…

The article analyzes the Windows GetProcessHandleFromHwnd API and its evolution from a hook-based implementation to a kernel Win32k function that could open powerful process handles, enabling security bypasses such as CVE-2023-41772. core-jmp.org/2026/03/a-deep…

KslDump - Extraction of credentials from PPL-protected LSASS using only Microsoft-signed components github.com/andreisss/KslD…

From virtio-snd 0-Day to Hypervisor Escape: Exploiting QEMU with an Uncontrolled Heap Overflow - osec.io/blog/2026-03-1…

The article introduces Windows kernel exploitation and explains how to build a research lab using tools like WinDbg and the HackSys Extreme Vulnerable Driver (HEVD) to study kernel vulnerabilities and exploit development. core-jmp.org/2026/03/0x00-i…

0day BSoD by Windows 11 24H2 /25H2 (Insider) kernel bug in clfs.sys where a NULL pointer is dereferenced during fast mutex acquisition, causing a kernel crash and denial of service due to improper validation of a FAST_MUTEX pointer. core-jmp.org/2026/03/wont-f… github.com/oxfemale/PoC_k…

The article demonstrates how to hook COM methods in Windows Subsystem for Linux by leveraging C++ RTTI metadata to reconstruct class layouts and locate virtual methods, enabling precise COM instrumentation without symbols. core-jmp.org/2026/03/wsl-co…

Extract Windows credentials directly from VM memory snapshots and virtual disks github.com/nikaiw/VMkatz

meet VMkatz, github.com/nikaiw/VMkatz

Anthropic dropped a 33 pages cheat sheet for building Claude skills resources.anthropic.com/hubfs/The-Comp…

The article introduces LOLExfil, a Living-Off-the-Land data exfiltration technique that abuses legitimate system tools and trusted services to stealthily extract data, blending malicious activity with normal system behavior. core-jmp.org/2026/03/lolexf…