core-jmp

core-jmp

death of core jump

  • Home
  • windows
  • Reverse Engineering
  • exploitation
  • shellcode
  • About
  • Privacy Policy
  • CE SSRF VERIF 20260615-001 – Share Token Test
  • CE PageEditor VERIF 20260615-002 – Share Token Test
  • Tools

Home

Monthly Archives: April 2026

Fail Open, Game Over: Turning a One-LineTomcat Fix into Unauthenticated RCE

Fail Open, Game Over: Turning a One-LineTomcat Fix into Unauthenticated RCE

A flaw in Apache Tomcat Tribes clustering allows attackers to send crafted cluster messages that bypass authentication and trigger unsafe deserialization, leading to unauthenticated remote code execution on exposed servers.

Read More
Inside the Trojanized CPU-Z Campaign: DLL Sideloading, Zig Malware, and Multi-Layer Persistence

Inside the Trojanized CPU-Z Campaign: DLL Sideloading, Zig Malware, and Multi-Layer Persistence

A trojanized CPU-Z package installs malware through CRYPTBASE.dll sideloading. The Zig-compiled DLL decodes an embedded payload, loads a reflective backdoor, connects to C2, and establishes persistence using PowerShell, COM hijacking, and scheduled tasks.

Read More
AI vs Reverse Engineering: How Claude Helped Find a radare2 0-Day

AI vs Reverse Engineering: How Claude Helped Find a radare2 0-Day

Researchers used Claude AI to discover a command-injection 0-day in radare2. A crafted PDB symbol name allowed arbitrary command execution when a binary was analyzed, showing the power of AI-assisted vulnerability discovery.

Read More
BullFrog DNS Pipelining: Smuggling Data Past CI/CD Egress Filters

BullFrog DNS Pipelining: Smuggling Data Past CI/CD Egress Filters

A parsing flaw in BullFrog’s DNS-over-TCP handling allows attackers to bypass CI/CD egress filtering by pipelining DNS queries. The filter validates only the first query, letting malicious queries slip through.

Read More
Windows Recall: A Perfect Memory or a Perfect Data Leak?

Windows Recall: A Perfect Memory or a Perfect Data Leak?

An in-depth look at Windows Recall on Copilot+ PCs, how its SQLite and embedding databases store screen history, and how the TotalRecall tool can extract that data—revealing serious security and privacy implications.

Read More
What Windows Server 2025 Quietly Did to Your NTLM Relay

What Windows Server 2025 Quietly Did to Your NTLM Relay

Windows Server 2025 quietly breaks a classic NTLM relay technique by enforcing changes inside msv1_0.dll. The update prevents attackers from abusing NTLMv1 and stripping MIC to relay authentication to LDAPS.

Read More
The 49-Day macOS Time Bomb: How a TCP Timer Overflow Breaks the Network Stack

The 49-Day macOS Time Bomb: How a TCP Timer Overflow Breaks the Network Stack

A bug in macOS’s TCP stack causes networking to fail after about 49.7 days of uptime. A 32-bit timer overflow freezes the TCP clock, preventing cleanup of closed connections and eventually exhausting ephemeral ports.

Read More
Tutorial: Adaptix C2 with ShellcodePack and MacroPack

Tutorial: Adaptix C2 with ShellcodePack and MacroPack

This tutorial shows how to weaponize Adaptix C2 agents using ShellcodePack and MacroPack, converting payloads into shellcode and packaging them in evasive loaders to improve stealth and bypass EDR during red-team operations.

Read More
Recovery Mode Breakdown: Turning macOS Recovery Safari into Root Persistence

Recovery Mode Breakdown: Turning macOS Recovery Safari into Root Persistence

A macOS Recovery Mode Safari flaw allowed attackers to write arbitrary files to system partitions. By placing a malicious LaunchDaemon in /Library/LaunchDaemons, an attacker could achieve persistent root execution after reboot.

Read More
COMouflage: Stealthy DLL Surrogate Injection for Process Tree Evasion

COMouflage: Stealthy DLL Surrogate Injection for Process Tree Evasion

COMouflage is a stealthy Windows injection technique that abuses COM DLL Surrogates to execute malicious DLLs inside dllhost.exe, making svchost.exe appear as the parent process and hiding the attacker’s process from detection.

Read More
  • First
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
  • Last

Recent Posts

  • Harnessing LLM Harnesses: AI Orchestration for Offensive Security Research
  • Process Parameter Poisoning: EDR Evasion via Windows Process Startup Parameters
  • The Dark Side of WebAssembly: Cryptomining, Keyloggers, and Browser Exploitation
  • Debugging the Pixel 8 Kernel via KGDB
  • How to Use Ghidra to Analyse Shellcode and Extract Cobalt Strike Command & Control Servers

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • November 2025
  • September 2025

Active Directory byovd bypass CVE Defense Evasion EDR EDR Bypass EDR Evasion Endpoint Security Exploit Development Ghidra IoT Security kernel Kernel Debugging Kernel Driver Kernel Exploitation Linux Kernel Linux Kernel Exploitation Local Privilege Escalation Malware Analysis Malware Development Memory Corruption NTLM Relay Offensive Security PPL Privilege Escalation Process Injection Race Condition RCE red team Red Teaming Red Team Techniques remote code execution Reverse Engineering ROP Security Research shellcode Vulnerability Research WinDBG windows Windows 11 Windows Internals Windows Kernel Windows Kernel Exploitation Windows security

Categories

  • .NET
  • access
  • ACE
  • ACL
  • Active Directory
  • Active Directory
  • AD CS
  • Administrator
  • AI Agents
  • AI Security Research
  • alloc
  • ALPC
  • AMSI
  • Android
  • Antivirus
  • Apache Tomcat
  • APC
  • Apple Silicon
  • Application Security
  • ASM
  • ASR
  • attaks
  • Audio
  • AV
  • BIOS
  • BitLocker
  • Blue team
  • Bluetooth
  • Boot ROM
  • Broadcom
  • BSoD
  • buffer overflow
  • BYOUD
  • BYOVD
  • Bypassing
  • Cache
  • Callbacks
  • Camera
  • CI/CD
  • CIMOM
  • Cisco
  • Citrix
  • Claude AI
  • CLFS
  • cmd
  • COM
  • Command Injection
  • Containers
  • Copilot
  • Cortex XDR
  • CPL
  • cpp
  • CPU
  • Credential Attacks
  • Crypt
  • Cryptography
  • CryptoPro
  • CSRF
  • Cybersecurity
  • DCOM
  • Debug
  • Defender
  • DEP
  • Deserialization
  • DFIR
  • DLL Sideloading
  • DMA
  • DNS
  • Driver
  • dump
  • EDR
  • EDR Evasion
  • Embedded
  • Encryption
  • Escalation
  • ESP32
  • ESXi
  • Evasion
  • Eventlog
  • Exploit Development
  • exploitation
  • filesystem
  • Firewall
  • firmware
  • Flash
  • FreeBSD
  • Fuzzing
  • Gadgets
  • GATT
  • Ghidra
  • Hardware
  • Hooking
  • Hyper-V
  • Hypervisor
  • Impacket
  • impact
  • Initial Access
  • Injection
  • IOCTL
  • iOS Security
  • IoT
  • IPC
  • IRP
  • Java
  • JIT
  • JWT Security
  • Kerberos
  • kernel
  • kernel-mode
  • LDAP Relay
  • Library
  • Linux
  • LLM
  • LLM Exploit Development
  • LNK
  • Loader
  • LOLExfil
  • LSA
  • LSASS
  • Machine Learning
  • MacOS
  • Malware
  • Malware Development
  • MCP
  • Memory Management
  • Mobile Security
  • MS-DOS
  • MS-EVEN
  • MS-LSAD
  • MS-SAMR
  • Network
  • NTLM Relay
  • NVMe
  • ODR
  • Operating Systems
  • Palo Alto
  • PBA
  • PCI
  • PEB
  • Penetration Testing
  • pets
  • PHP
  • pipe
  • Plugins
  • PoC
  • powershell
  • powershell
  • PPL
  • Privilege
  • Privilege Escalation
  • Process Injection
  • Protection
  • PXE
  • Python
  • QEMU
  • Race Condition
  • radare2
  • RCE
  • Recall
  • Recovery mode
  • Red Team Operations
  • RedTeam
  • Registry
  • Reverse Engineering
  • root
  • ROP
  • RPC
  • RTTI
  • Rust
  • SAM
  • Secure Boot
  • Security
  • Security
  • shellcode
  • Shortcut
  • SMB
  • SMTP
  • SPI Flash
  • SSDT
  • Stack Overflow
  • STM32H5
  • Systems Programming
  • TCP/IP
  • TEB
  • Telegram
  • Telnetd
  • Threat Intelligence
  • TPM
  • UAC
  • UART
  • UEFI
  • Uncategorized
  • USB
  • Use-After-Free
  • user-mode
  • Virtualization
  • VMProtect
  • VMware
  • Vulnerability Analysis
  • Warbird
  • WASM
  • WEB
  • winapi
  • winapi
  • WinDBG
  • windows
  • Windows Admin Center
  • Winsock
  • WMI
  • WML
  • Wordpress
  • WSL
  • XenServer
  • Xiaomi
  • XML
  • XNU Kernel
  • XSS
  • XXE
Log in
    © 2026 core-jmp. All rights reserved.
    Shopping Basket