core-jmp

core-jmp

death of core jump

  • Home
  • windows
  • Reverse Engineering
  • exploitation
  • shellcode
  • About
  • Privacy Policy
  • CE SSRF VERIF 20260615-001 – Share Token Test
  • CE PageEditor VERIF 20260615-002 – Share Token Test

HomeAMSI

Posts in category: AMSI

Weaponized abuse of SYLK file format

Weaponized abuse of SYLK file format

May 21, 2026
by oxfemale AMSIMalwarewindows

SYLK is an ancient spreadsheet format, but Excel still supports it. GhostWolf Lab shows how .slk files can carry XLM macros, masquerade as CSV, bypass weak detections, and revive legacy macro abuse.

Read More
Patchless AMSI Bypass via Page Guard Exceptions

Patchless AMSI Bypass via Page Guard Exceptions

May 5, 2026
by oxfemale AMSIBypassingEDRpowershellRedTeamshellcodewinapiwindows

The article shows a patchless AMSI bypass using Page Guard exceptions and VEH to intercept AmsiScanBuffer, force an early clean return, and avoid direct code patching.

Read More
Patchless AMSI Bypass via Page Guard Exceptions

Patchless AMSI Bypass via Page Guard Exceptions

April 29, 2026
by oxfemale AMSIBypassingwindows

The article shows a patchless AMSI bypass using Page Guard exceptions and VEH to intercept AmsiScanBuffer, force an early clean return, and avoid direct code patching.

Read More

Recent Posts

  • CVE-2018-8611 — Exploiting the Windows Kernel Transaction Manager (Part 1/5: Introduction)
  • tabby — A Minimal Position-Independent Windows x64 Shellcode Framework, Built Entirely on Linux
  • CuSafe — Catching Memory Corruption on Commodity NVIDIA GPUs (USENIX Security ’26)
  • Exploiting CVE-2024-1065 via the Page Cache — A Physical-Page UAF in the ARM Mali GPU Driver
  • Weaponizing Writable SMB Shares to Steal Domain Credentials

Archives

  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • November 2025
  • September 2025

Active Directory byovd bypass CVE Defense Evasion EDR EDR Bypass EDR Evasion Endpoint Security Exploit Development Ghidra IoT Security kernel Kernel Driver Kernel Exploitation Linux Kernel Linux Kernel Exploitation Local Privilege Escalation macOS Security Malware Analysis Malware Development Memory Corruption NTLM Relay Offensive Security Post-Exploitation PPL Privilege Escalation Process Injection RCE red team Red Teaming Red Team Techniques remote code execution Reverse Engineering ROP Security Research shellcode Threat Detection Vulnerability Research WinDBG windows Windows 11 Windows Internals Windows Kernel Windows security

Categories

  • .NET
  • access
  • ACE
  • ACL
  • Active Directory
  • Active Directory
  • AD CS
  • Administrator
  • AI Agents
  • AI Security Research
  • alloc
  • ALPC
  • AMSI
  • Android
  • Antivirus
  • Apache Tomcat
  • APC
  • Apple Silicon
  • Application Security
  • ASM
  • ASR
  • attaks
  • Audio
  • AV
  • BIOS
  • BitLocker
  • Blue team
  • Bluetooth
  • Boot ROM
  • Broadcom
  • BSoD
  • buffer overflow
  • BYOUD
  • BYOVD
  • Bypassing
  • Cache
  • Callbacks
  • Camera
  • CI/CD
  • CIMOM
  • Cisco
  • Citrix
  • Claude AI
  • CLFS
  • cmd
  • COM
  • Command Injection
  • Containers
  • Copilot
  • Cortex XDR
  • CPL
  • cpp
  • CPU
  • Credential Attacks
  • Crypt
  • Cryptography
  • CryptoPro
  • CSRF
  • Cybersecurity
  • DCOM
  • Debug
  • Defender
  • DEP
  • Deserialization
  • DFIR
  • DLL Sideloading
  • DMA
  • DNS
  • Driver
  • dump
  • EDR
  • EDR Evasion
  • Embedded
  • Encryption
  • Escalation
  • ESP32
  • ESXi
  • Evasion
  • Eventlog
  • Exploit Development
  • exploitation
  • filesystem
  • Firewall
  • firmware
  • Flash
  • FreeBSD
  • Fuzzing
  • Gadgets
  • GATT
  • Ghidra
  • Hardware
  • Hooking
  • Hyper-V
  • Hypervisor
  • Impacket
  • impact
  • Injection
  • IOCTL
  • iOS Security
  • IoT
  • IPC
  • IRP
  • Java
  • JIT
  • JWT Security
  • Kerberos
  • kernel
  • kernel-mode
  • LDAP Relay
  • Library
  • Linux
  • LLM
  • LLM Exploit Development
  • LNK
  • Loader
  • LOLExfil
  • LSA
  • LSASS
  • Machine Learning
  • MacOS
  • Malware
  • Malware Development
  • MCP
  • Memory Management
  • Mobile Security
  • MS-DOS
  • MS-EVEN
  • MS-LSAD
  • MS-SAMR
  • Network
  • NTLM Relay
  • NVMe
  • ODR
  • Operating Systems
  • Palo Alto
  • PBA
  • PCI
  • PEB
  • Penetration Testing
  • pets
  • PHP
  • pipe
  • Plugins
  • PoC
  • powershell
  • powershell
  • PPL
  • Privilege
  • Privilege Escalation
  • Process Injection
  • Protection
  • PXE
  • Python
  • QEMU
  • Race Condition
  • radare2
  • RCE
  • Recall
  • Recovery mode
  • Red Team Operations
  • RedTeam
  • Registry
  • Reverse Engineering
  • root
  • ROP
  • RPC
  • RTTI
  • Rust
  • SAM
  • Secure Boot
  • Security
  • Security
  • shellcode
  • Shortcut
  • SMB
  • SMTP
  • SPI Flash
  • SSDT
  • Stack Overflow
  • STM32H5
  • Systems Programming
  • TCP/IP
  • TEB
  • Telegram
  • Telnetd
  • Threat Intelligence
  • TPM
  • UAC
  • UART
  • UEFI
  • Uncategorized
  • USB
  • Use-After-Free
  • user-mode
  • Virtualization
  • VMProtect
  • VMware
  • Vulnerability Analysis
  • Warbird
  • WASM
  • WEB
  • winapi
  • winapi
  • WinDBG
  • windows
  • Windows Admin Center
  • Winsock
  • WMI
  • WML
  • Wordpress
  • WSL
  • XenServer
  • Xiaomi
  • XML
  • XNU Kernel
  • XSS
  • XXE
Log in
    © 2026 core-jmp. All rights reserved.
    Shopping Basket