core-jmp

core-jmp

death of core jump

  • Home
  • windows
  • Reverse Engineering
  • exploitation
  • shellcode
  • About
  • Privacy Policy
  • CE SSRF VERIF 20260615-001 – Share Token Test
  • CE PageEditor VERIF 20260615-002 – Share Token Test
  • Tools

Home

Monthly Archives: April 2026

89 vulnerabilities in XAPI / Citrix XenServer

89 vulnerabilities in XAPI / Citrix XenServer

Shittrix discloses 89 XAPI/Citrix XenServer flaws caused by unvalidated metadata fields, enabling low-privileged users to mount host disks, inject storage commands, redirect storage, and compromise pools.

Read More
Patchless AMSI Bypass via Page Guard Exceptions

Patchless AMSI Bypass via Page Guard Exceptions

The article shows a patchless AMSI bypass using Page Guard exceptions and VEH to intercept AmsiScanBuffer, force an early clean return, and avoid direct code patching.

Read More
A Step-by-Step Guide to Uncovering Vulnerabilities in a Mobile App

A Step-by-Step Guide to Uncovering Vulnerabilities in a Mobile App

The article shows how APK decompilation with Jadx exposed Cordova JavaScript code, hardcoded database keys, CryptoJS-derived secrets, backend endpoints, and a critical LFI flaw.

Read More
How Kernel Anti-Cheats Work: A Deep Dive into Modern Game Protection

How Kernel Anti-Cheats Work: A Deep Dive into Modern Game Protection

The article explains how kernel anti-cheats monitor games from Ring 0 using callbacks, handle filtering, memory scans, driver checks, anti-debugging, VM detection, and hardware fingerprinting.

Read More
A Shortcut to Coercion: Incomplete Patch of APT28's Zero-Day Leads to CVE-2026-32202

A Shortcut to Coercion: Incomplete Patch of APT28’s Zero-Day Leads to CVE-2026-32202

Akamai shows how Microsoft’s incomplete fix for an APT28 LNK exploit left CVE-2026-32202: a zero-click UNC path issue that coerces SMB/NTLM authentication via Explorer icon parsing.

Read More
From MessageBox to Rootkit: A Practical Journey Through Windows Malware Internals

From MessageBox to Rootkit: A Practical Journey Through Windows Malware Internals

The article walks through Windows malware development from dynamic API resolution and PEB walking to injection, APC execution, driver basics, DKOM process hiding, and kernel callback abuse.

Read More
Plug me If you can : Exploiting USB Printer Drivers in Windows

Plug me If you can : Exploiting USB Printer Drivers in Windows

ENKI analyzes CVE-2026-32223, a heap overflow in Windows usbprint.sys triggered by malformed USB printer descriptors, leading to SYSTEM privilege escalation via crafted USB device.

Read More
Kyber Ransomware Double Trouble: Windows and ESXi Attacks Explained

Kyber Ransomware Double Trouble: Windows and ESXi Attacks Explained

Rapid7 analyzes Kyber ransomware’s Windows and ESXi variants, showing coordinated attacks on VM infrastructure, file systems, backups, recovery tools, and cryptographic claims.

Read More
JWT, Part 13: XSS + JWT = Full Account Takeover

JWT, Part 13: XSS + JWT = Full Account Takeover

The article shows how XSS can steal or abuse JWTs from localStorage, sessionStorage, cookies, or memory, and recommends HttpOnly cookies, DPoP, BFF, rotation, and Token Sidejacking.

Read More
Secure Code Review: Finding XML vulnerabilities in Code

Secure Code Review: Finding XML vulnerabilities in Code

The article explains how to spot XXE risks during C++ secure code review by checking XML parser configuration, especially Xerces-C++ entity handling and DTD resolution settings.

Read More
  • 1
  • 2
  • 3
  • ...
  • 5
  • Next
  • Last

Recent Posts

  • Harnessing LLM Harnesses: AI Orchestration for Offensive Security Research
  • Process Parameter Poisoning: EDR Evasion via Windows Process Startup Parameters
  • The Dark Side of WebAssembly: Cryptomining, Keyloggers, and Browser Exploitation
  • Debugging the Pixel 8 Kernel via KGDB
  • How to Use Ghidra to Analyse Shellcode and Extract Cobalt Strike Command & Control Servers

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • November 2025
  • September 2025

Active Directory byovd bypass CVE Defense Evasion EDR EDR Bypass EDR Evasion Endpoint Security Exploit Development Ghidra IoT Security kernel Kernel Debugging Kernel Driver Kernel Exploitation Linux Kernel Linux Kernel Exploitation Local Privilege Escalation Malware Analysis Malware Development Memory Corruption NTLM Relay Offensive Security PPL Privilege Escalation Process Injection Race Condition RCE red team Red Teaming Red Team Techniques remote code execution Reverse Engineering ROP Security Research shellcode Vulnerability Research WinDBG windows Windows 11 Windows Internals Windows Kernel Windows Kernel Exploitation Windows security

Categories

  • .NET
  • access
  • ACE
  • ACL
  • Active Directory
  • Active Directory
  • AD CS
  • Administrator
  • AI Agents
  • AI Security Research
  • alloc
  • ALPC
  • AMSI
  • Android
  • Antivirus
  • Apache Tomcat
  • APC
  • Apple Silicon
  • Application Security
  • ASM
  • ASR
  • attaks
  • Audio
  • AV
  • BIOS
  • BitLocker
  • Blue team
  • Bluetooth
  • Boot ROM
  • Broadcom
  • BSoD
  • buffer overflow
  • BYOUD
  • BYOVD
  • Bypassing
  • Cache
  • Callbacks
  • Camera
  • CI/CD
  • CIMOM
  • Cisco
  • Citrix
  • Claude AI
  • CLFS
  • cmd
  • COM
  • Command Injection
  • Containers
  • Copilot
  • Cortex XDR
  • CPL
  • cpp
  • CPU
  • Credential Attacks
  • Crypt
  • Cryptography
  • CryptoPro
  • CSRF
  • Cybersecurity
  • DCOM
  • Debug
  • Defender
  • DEP
  • Deserialization
  • DFIR
  • DLL Sideloading
  • DMA
  • DNS
  • Driver
  • dump
  • EDR
  • EDR Evasion
  • Embedded
  • Encryption
  • Escalation
  • ESP32
  • ESXi
  • Evasion
  • Eventlog
  • Exploit Development
  • exploitation
  • filesystem
  • Firewall
  • firmware
  • Flash
  • FreeBSD
  • Fuzzing
  • Gadgets
  • GATT
  • Ghidra
  • Hardware
  • Hooking
  • Hyper-V
  • Hypervisor
  • Impacket
  • impact
  • Initial Access
  • Injection
  • IOCTL
  • iOS Security
  • IoT
  • IPC
  • IRP
  • Java
  • JIT
  • JWT Security
  • Kerberos
  • kernel
  • kernel-mode
  • LDAP Relay
  • Library
  • Linux
  • LLM
  • LLM Exploit Development
  • LNK
  • Loader
  • LOLExfil
  • LSA
  • LSASS
  • Machine Learning
  • MacOS
  • Malware
  • Malware Development
  • MCP
  • Memory Management
  • Mobile Security
  • MS-DOS
  • MS-EVEN
  • MS-LSAD
  • MS-SAMR
  • Network
  • NTLM Relay
  • NVMe
  • ODR
  • Operating Systems
  • Palo Alto
  • PBA
  • PCI
  • PEB
  • Penetration Testing
  • pets
  • PHP
  • pipe
  • Plugins
  • PoC
  • powershell
  • powershell
  • PPL
  • Privilege
  • Privilege Escalation
  • Process Injection
  • Protection
  • PXE
  • Python
  • QEMU
  • Race Condition
  • radare2
  • RCE
  • Recall
  • Recovery mode
  • Red Team Operations
  • RedTeam
  • Registry
  • Reverse Engineering
  • root
  • ROP
  • RPC
  • RTTI
  • Rust
  • SAM
  • Secure Boot
  • Security
  • Security
  • shellcode
  • Shortcut
  • SMB
  • SMTP
  • SPI Flash
  • SSDT
  • Stack Overflow
  • STM32H5
  • Systems Programming
  • TCP/IP
  • TEB
  • Telegram
  • Telnetd
  • Threat Intelligence
  • TPM
  • UAC
  • UART
  • UEFI
  • Uncategorized
  • USB
  • Use-After-Free
  • user-mode
  • Virtualization
  • VMProtect
  • VMware
  • Vulnerability Analysis
  • Warbird
  • WASM
  • WEB
  • winapi
  • winapi
  • WinDBG
  • windows
  • Windows Admin Center
  • Winsock
  • WMI
  • WML
  • Wordpress
  • WSL
  • XenServer
  • Xiaomi
  • XML
  • XNU Kernel
  • XSS
  • XXE
Log in
    © 2026 core-jmp. All rights reserved.
    Shopping Basket