github.com/MatheuZSecurity/U… Hey guys, I posted a really cool zine in pure TXT about Unhooking Linux EDR, attacking the cleanup_module function, to be able to remove any hook from an EDR for example. Feel free to read.

> be @github > be acquired by @Microsoft > get annoyed because @ChaoticEclipse0 published 0-days or because @xploitrsturtle2 published github's compromise evidences / proofs that github was successfully breached > start a ban-wave targeting any "hacker related profile" > ban me on Monday around 4am without any notices > let my appeal ticket rot forever under some infinite SLA with zero explanation for the ban > lock me out from updating dozens of open-source repos i contribute to dude, i know i don’t have a profile full of followers, stars, famous projects or hype-driven repos, and i’m still learning so i can publish better work, but what kind of insane policy is this? randomly banning security researchers with no warning, no reason, not even a basic email explaining what happened, just because @msftsecresponse has beef with some other security researcher? are triagers’ egos really that weak? i’ve already seen multiple people on X getting hit by the same thing (like @yebtimothy, @MiroslavSraga, @CollinsCaxton4, @wavey0x and another guy that i forgot his username here on X), so i’m definitely not the only one. now imagine everyone else who doesn’t want to go public and is just taking this garbage silently, GEEZ

Trend Micro Deep Security Agent Research: Forcing bmhook/tmhook Reloads to Open a Protection Bypass Window Full research: matheuzsecurity.github.io/ha… #rootkit #linux #edr #poc

I analyzed Trend Micro Deep Security Agent for Linux and found that a local event storm can force bmhook/tmhook reload cycles, opening a repeatable temporary protection bypass window. Full write-up: matheuzsecurity.github.io/ha… #linux #edr #rootkit #cybersec #security #research

Kernel Rootkit is a new Telegram community for Linux/Windows rootkit research, ring0/ring3, stealth, defense, forensics and reverse engineering. Join us, share knowledge and collaborate. t.me/kernel_rootkit #rootkits #security #windows #linux #cyber #malware #forensics

Linux Kaspersky 0day: unloading LKMs directly from userspace. Kaspersky rejected my report, so I'll be publishing the full technical write-up soon #Linux #Kernel #0day #VulnerabilityResearch

We're looking for a cover for the next issue of Phrack! Retro sci-fi, terminals, dystopian systems, chrome futures, hacker manuals from an alternate timeline. Make something timeless and strange. Send your work or idea to arts@phrack.org Deadline June 30th

Reminder that our CFP is still running! 🔥 Including the Rootkit Competition

Phrack wants your art! The theme for this issue is retro sci-fi / old-school cybernetic futures. CRT glow, vector grids, space paranoia, BBS aesthetics, analog cyberpunk, forgotten futures. But we accept all kinds of contributions :) ANSI, illustration, collage, renders, weird experiments. Send it to: arts@phrack.org Deadline June 30th

LLMs told me that @MatheuzSecurity created a open-source Linux kernel rootkit called "Singularity". You should take look: github.com/MatheuZSecurity/S…

Brokepkg and Kovid? Never heard of them. I also had written one for FreeBSD, probably way before those ones you mentioned. I had implemented hooking via debug registers, keylogger through the keyboard driver and some other features. It was a nice project to tinker with computers back then. :) Rootkits em kernel space - Redshift, um rootkit para o kernel do FreeBSD pt.slideshare.net/slideshow/…

Brazil is a Linux kernel rootkit factory. Diamorphine, Brokepkg, KoviD, Reptile and now Singularity. Some of the most well-known Linux kernel rootkits came from Brazilian researchers. Brazil has a crazy strong scene in linux rootkit development

Wrote 5k lines for this zine

Singularity rootkit becomes invisible to memory dumps and also invisible to detectors based on eBPF / Tracepoints. github.com/MatheuZSecurity/S… #linux #rootkits #malware #ebpf #cybersecurity

A very nice update has been released over the last week to the EDRmetry Linux Matrix and the corresponding material of Linux Attack, Detection, and Forensics v2.0 - Hands-on Purple Teaming Playbook! What's new? => Host/go-journalctl Memory/mquire EDR-T6328 - io_uring Agent EDR-T6325 - BPFDoor Backdoor. All naturally in an offensive vs detection/DFIR style. It is worth mentioning that the next modules are in great progress too: EDR-T6443 Neo-reGeorg JSP Socks Proxy EDR-T6442 - Mythic C2 AWS S3 binsider ICMP Assembly C2 Agent Phanton Loader EDR-T6445 - PAM VeilCreds. I'm not slowing down - the project roadmap is huge, and using the small steps approach, I achieve the goals. Consistently moving forward. Join the course - you will not be disappointed! And if you have any doubts, check out the latest recommendations I received in the Testimonials section :D

🚨 We are extending the deadline for our Volume 5 Call For Papers and its Rootkit Competition! Check out the updated dates below: → tmpout.sh/blog/vol5-cfp.html (until May 1st 2026) → tmpout.sh/blog/vol5-rootkit-… (until May 31st 2026) We are looking forward to reading your work!

Solomun unleashing this hypnotic techno anthem on the Tomorrowland Freedom stage 💣💯 1001recordings.lnk.to/Machin…