core-jmp

core-jmp

death of core jump

  • Home
  • windows
  • Reverse Engineering
  • exploitation
  • shellcode
  • About
  • Privacy Policy
  • CE SSRF VERIF 20260615-001 – Share Token Test
  • CE PageEditor VERIF 20260615-002 – Share Token Test
  • Tools

HomeBYOUD

Posts in category: BYOUD

PoisonX: Terminating Protected Windows Processes via BYOVD

PoisonX: Terminating Protected Windows Processes via BYOVD

April 7, 2026
by oxfemale BYOUDBYOVDExploit DevelopmentexploitationPPLwinapiwinapiwindows

PoisonX is a Bring Your Own Vulnerable Driver (BYOVD) research tool that leverages a signed Microsoft kernel driver to terminate any Windows process — including PP (Protected Processes) and PPL (Protected Process Light) processes such as EDR/AV services.

Read More
Invisible Execution: Hiding Malware with Unwind Metadata Manipulation

Invisible Execution: Hiding Malware with Unwind Metadata Manipulation

March 20, 2026
by oxfemale BYOUDEDRMalwarewindows

The article introduces BYOUD, a Windows evasion technique that manipulates unwind metadata to spoof call stacks without altering return addresses, allowing malware to bypass EDR stack inspection and appear as legitimate execution.

Read More

Recent Posts

  • How LLMs Actually Work: A Transformer Internals Walkthrough
  • JSC Exploitation Primitives Part 1: From One OOB to Cage-Free Arbitrary R/W
  • LACUNA Chain: Ghost Frames Defeat Every Layer of EDR Call-Stack Detection
  • Windows ARM64 Internals: Pardon The Interruption — Interrupts on Windows for ARM
  • Autonomous Vulnerability Hunting with MCP: Inside a Self-Improving 0-Day Pipeline

Archives

  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • November 2025
  • September 2025

Active Directory Active Directory Security byovd bypass CVE Defense Evasion EDR EDR Bypass EDR Evasion Endpoint Security Exploit Development Ghidra IoT Security Kernel Debugging Kernel Driver Kernel Exploitation Local Privilege Escalation macOS Security Malware Analysis Malware Development Memory Corruption NTLM Relay Offensive Security Post-Exploitation PPL Privilege Escalation Process Injection RCE red team Red Teaming Red Team Techniques remote code execution Reverse Engineering ROP Security Research shellcode Threat Detection Vulnerability Research WinDBG windows Windows 11 Windows Internals Windows Kernel Windows Kernel Exploitation Windows security

Categories

  • .NET
  • access
  • ACE
  • ACL
  • Active Directory
  • Active Directory
  • AD CS
  • Administrator
  • AI Agents
  • AI Security Research
  • alloc
  • ALPC
  • AMSI
  • Android
  • Antivirus
  • Apache Tomcat
  • APC
  • Apple Silicon
  • Application Security
  • ASM
  • ASR
  • attaks
  • Audio
  • AV
  • BIOS
  • BitLocker
  • Blue team
  • Bluetooth
  • Boot ROM
  • Broadcom
  • BSoD
  • buffer overflow
  • BYOUD
  • BYOVD
  • Bypassing
  • Cache
  • Callbacks
  • Camera
  • CI/CD
  • CIMOM
  • Cisco
  • Citrix
  • Claude AI
  • CLFS
  • cmd
  • COM
  • Command Injection
  • Containers
  • Copilot
  • Cortex XDR
  • CPL
  • cpp
  • CPU
  • Credential Attacks
  • Crypt
  • Cryptography
  • CryptoPro
  • CSRF
  • Cybersecurity
  • DCOM
  • Debug
  • Defender
  • DEP
  • Deserialization
  • DFIR
  • DLL Sideloading
  • DMA
  • DNS
  • Driver
  • dump
  • EDR
  • EDR Evasion
  • Embedded
  • Encryption
  • Escalation
  • ESP32
  • ESXi
  • Evasion
  • Eventlog
  • Exploit Development
  • exploitation
  • filesystem
  • Firewall
  • firmware
  • Flash
  • FreeBSD
  • Fuzzing
  • Gadgets
  • GATT
  • Ghidra
  • Hardware
  • Hooking
  • Hyper-V
  • Hypervisor
  • Impacket
  • impact
  • Injection
  • IOCTL
  • iOS Security
  • IoT
  • IPC
  • IRP
  • Java
  • JIT
  • JWT Security
  • Kerberos
  • kernel
  • kernel-mode
  • LDAP Relay
  • Library
  • Linux
  • LLM
  • LLM Exploit Development
  • LNK
  • Loader
  • LOLExfil
  • LSA
  • LSASS
  • Machine Learning
  • MacOS
  • Malware
  • Malware Development
  • MCP
  • Memory Management
  • Mobile Security
  • MS-DOS
  • MS-EVEN
  • MS-LSAD
  • MS-SAMR
  • Network
  • NTLM Relay
  • NVMe
  • ODR
  • Operating Systems
  • Palo Alto
  • PBA
  • PCI
  • PEB
  • Penetration Testing
  • pets
  • PHP
  • pipe
  • Plugins
  • PoC
  • powershell
  • powershell
  • PPL
  • Privilege
  • Privilege Escalation
  • Process Injection
  • Protection
  • PXE
  • Python
  • QEMU
  • Race Condition
  • radare2
  • RCE
  • Recall
  • Recovery mode
  • Red Team Operations
  • RedTeam
  • Registry
  • Reverse Engineering
  • root
  • ROP
  • RPC
  • RTTI
  • Rust
  • SAM
  • Secure Boot
  • Security
  • Security
  • shellcode
  • Shortcut
  • SMB
  • SMTP
  • SPI Flash
  • SSDT
  • Stack Overflow
  • STM32H5
  • Systems Programming
  • TCP/IP
  • TEB
  • Telegram
  • Telnetd
  • Threat Intelligence
  • TPM
  • UAC
  • UART
  • UEFI
  • Uncategorized
  • USB
  • Use-After-Free
  • user-mode
  • Virtualization
  • VMProtect
  • VMware
  • Vulnerability Analysis
  • Warbird
  • WASM
  • WEB
  • winapi
  • winapi
  • WinDBG
  • windows
  • Windows Admin Center
  • Winsock
  • WMI
  • WML
  • Wordpress
  • WSL
  • XenServer
  • Xiaomi
  • XML
  • XNU Kernel
  • XSS
  • XXE
Log in
    © 2026 core-jmp. All rights reserved.
    Shopping Basket