github.com/cocomelonc/tabby - a minimal, position-independent C #shellcode framework for #windows x64. this tool is a PoC for educational purposes only t.me/maldevcc/206 #hacking #malware #programming #research #windows #redteam #cybersec #threatintel #book #cybersecurity

Word Based Shellcode Encoding New Medium post. Today, I’d like to share a technique that allows shellcode to be encoded as a sequence of English words. Similar to the classic shellcode to IPv4 encoding approach medium.com/@s12deff/word-bas…

NimSyscallPacker - It can be used to pack any C# Assembly, PE-File, or Shellcode into a Nim binary. It will encrypt the target payload, build the corresponding Nim source code according to the given arguments, and compile it to a Nim binary. github.com/S3cur3Th1sSh1t/Ni…

Connaissance de l'écriture ou de l'utilisation d'un shellcode ou similaire pour exploiter un débordement de buffer : ne sert qu'en attaque. etc

#threatreport #MediumCompleteness From Phishing Email to Process Injection: Inside a Multi-Stage Agent Tesla Infection Chain | 09-06-2026 Source: pointwild.com/threat-intelli… Key details below ↓ 💀Threats: Process_injection_technique, Agent_tesla, Process_hollowing_technique, Native_loader, Credential_harvesting_technique, Credential_dumping_technique, Spear-phishing_technique, Amsi_bypass_technique, Lolbin_technique, 🎯Victims: Windows users 🏭Industry: Financial 📚TTPs: ⚔️Tactics: 11 🛠️Technics: 26 🧨IOCs: - File: 23 - Hash: 1 - Email: 2 💽Software: Chromium, Internet Explorer, Microsoft Edge, Chrome, Opera, Vivaldi, Firefox, Pale Moon, SeaMonkey, Waterfox, ... 🔢Algorithms: xor, md5, base64 🔠Functions: FromBase64String, GetWindowText, Grab, BXX 🗂️Win API: CreateRemoteThread, VirtualAlloc, NET, GetForegroundWindow, GetKeyboardState, OpenProcess, VirtualAllocEx, WriteProcessMemory 📜Programming Languages: powershell, autoit, python, javascript #threatreport: The article delves into a sophisticated malware infection chain tied to the Agent Tesla infostealer, initiated through a seemingly innocuous phishing email containing a heavily obfuscated Batch script. The infection process is multi-staged, progressing from initial access via the malicious attachment to full system compromise while employing a range of evasion techniques to remain undetected. Upon opening the attachment, a Batch script executes a PowerShell command that serves as a cradle for downloading further malicious payloads directly into memory, minimizing the risk of detection by not leaving traditional disk artifacts. This includes the execution of an in-memory shellcode loader that decodes and runs more malicious code, employing techniques such as Base64 encoding and XOR decryption to obscure its true intent. The malware establishes persistence on the victim's system by leaving residual components in the temporary directory and creating a startup script, ensuring continued execution even after a reboot. A significant aspect of the attack includes the use of an AutoIt-based script as an injection loader. This loader injects the Agent Tesla payload into a legitimate Windows process, specifically charmap.exe, utilizing remote memory allocation and process creation techniques often associated with process hollowing. Once operational, the malware engages in extensive data theft activities, including capturing browser credentials, keystrokes, and screenshots, which are then exfiltrated via SMTP communication disguised as regular email traffic. The analysis reveals the malware's sophisticated structure, designed to act stealthily and persistently. It performs system fingerprinting to gather detailed information about the compromised machine. Specific functionalities target various web browsers for credential extraction, including both Chromium and Mozilla-based browsers, and it gathers sensitive data from the Windows Credential Vault. The keylogger component further emphasizes its capability for detailed user activity monitoring. Significantly, the malware incorporates anti-analysis measures such as checks for debugging, sandbox environments, and virtual machines, enhancing its ability to evade detection during analysis. The implementation of multiple layers of obfuscation and its reliance on fileless execution signify modern infostealer tactics that blend covert operations into legitimate system activities. Detection strategies discussed in the article emphasize the necessity for proactive monitoring of PowerShell execution patterns, AutoIt usage, email attachment security, and recognizing child process anomalies. The case underscores the evolution of infostealer attacks into comprehensive execution frameworks designed to maximize stealth, persistence, and efficacy in credential theft and data exfiltration, highlighting the growing sophistication of cyber threats.

Funny enough the dude who did the "jailbreak" to get it to produce anything malicious that led to this merely got a reverse shell back that used some gadgets and shellcode post disabling aslr. It's still very very basic and at that dogshit written malware.

CVE-2024-1065 is a physical-page use-after-free in the ARM Mali GPU kernel driver. Because the freed page lands in MIGRATE_MOVABLE, Dirty Pagetable and Dirty Cred do not apply — so this writeup uses a page-cache spray to swap the freed page into the in-memory copy of /usr/bin/passwd and gets root via execve() without touching disk. core-jmp.org/2026/06/cve-202… #ARMMaliGPU #ARM64 #CVE20241065 #DirtyPagetable #kernel #KernelExploit #KernelExploitation #KernelShellcode #KernelUAF #LinuxKernel #LinuxKernelExploitation #LocalPrivilegeEscalation #MaliExploitation #MIGRATE_MOVABLE #PageCacheCorruption #PageCacheExploitation #PhysicalPageUAF #PrivilegeEscalation #ProjectZero #shellcode #SUIDExploitation #UseAfterFree

Disable ASLR for your shellcode? Holy shit it's 2012 again. youtu.be/5vSUV1nii5k

Yes, shellcode, kernel, and OT security are much more difficult for me right now and the community is so small, but that’s exactly why I want to master them. I hope my electrical engineering background can help me get into OT although I didn’t get excellent grades in school.