core-jmp

core-jmp

death of core jump

  • Home
  • windows
  • Reverse Engineering
  • exploitation
  • shellcode
  • About
  • Privacy Policy
  • CE SSRF VERIF 20260615-001 – Share Token Test
  • CE PageEditor VERIF 20260615-002 – Share Token Test

HomeHooking

Posts in category: Hooking

From MessageBox to Rootkit: A Practical Journey Through Windows Malware Internals

From MessageBox to Rootkit: A Practical Journey Through Windows Malware Internals

April 27, 2026
by oxfemale APCDriverHookingInjectionIOCTLIRPkernelPEBshellcodewinapiwinapiwindows

The article walks through Windows malware development from dynamic API resolution and PEB walking to injection, APC execution, driver basics, DKOM process hiding, and kernel callback abuse.

Read More
HOOKING WINDOWS NAMED PIPES

HOOKING WINDOWS NAMED PIPES

April 22, 2026
by oxfemale ACLHookingIPCpipewindows

The article shows how insecure Windows Named Pipes can enable interception or MITM-style abuse, and presents a Frida-based tool to hook, inspect, modify, and inject pipe traffic across several I/O models.

Read More
WSL, COM Hooking, & RTTI

WSL, COM Hooking, & RTTI

March 17, 2026
by oxfemale COMcppHookingPoCpowershellpowershellReverse EngineeringRTTIwinapiwinapiwindowsWSL

The article demonstrates how to hook COM methods in Windows Subsystem for Linux by leveraging C++ RTTI metadata to reconstruct class layouts and locate virtual methods, enabling precise COM instrumentation without symbols.

Read More

Recent Posts

  • DCOMIllusionist — Fileless Windows Lateral Movement via .NET DCOM Server Deserialization
  • From Prompt to Pwned: Chaining LLM and Web Bugs into Admin Takeover
  • CVE-2025-8088 — Russia-Linked APTs Are Still Pwning Unpatched WinRAR Installs in Ukraine
  • Vulnerabilities in Enterprise Audiovisual Hardware — Aver Cameras and Crestron TSW-1060 Tablets
  • Factoring “Short-Sleeve” RSA Keys with Polynomials

Archives

  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • November 2025
  • September 2025

Active Directory byovd bypass CVE Defense Evasion EDR EDR Bypass EDR Evasion Endpoint Security Exploit Development Ghidra IoT Security Kernel Driver Kernel Exploitation Linux Kernel Local Privilege Escalation macOS Security Malware Analysis Malware Development Memory Corruption NTLM Relay Offensive Security Post-Exploitation PPL Privilege Escalation Process Injection Race Condition RCE red team Red Teaming Red Team Techniques remote code execution Reverse Engineering ROP Security Research shellcode Threat Detection Vulnerability Research WinDBG windows Windows 11 Windows Internals Windows Kernel Windows Kernel Exploitation Windows security

Categories

  • .NET
  • access
  • ACE
  • ACL
  • Active Directory
  • Active Directory
  • AD CS
  • Administrator
  • AI Agents
  • AI Security Research
  • alloc
  • ALPC
  • AMSI
  • Android
  • Antivirus
  • Apache Tomcat
  • APC
  • Apple Silicon
  • Application Security
  • ASM
  • ASR
  • attaks
  • Audio
  • AV
  • BIOS
  • BitLocker
  • Blue team
  • Bluetooth
  • Boot ROM
  • Broadcom
  • BSoD
  • buffer overflow
  • BYOUD
  • BYOVD
  • Bypassing
  • Cache
  • Callbacks
  • Camera
  • CI/CD
  • CIMOM
  • Cisco
  • Citrix
  • Claude AI
  • CLFS
  • cmd
  • COM
  • Command Injection
  • Containers
  • Copilot
  • Cortex XDR
  • CPL
  • cpp
  • CPU
  • Credential Attacks
  • Crypt
  • Cryptography
  • CryptoPro
  • CSRF
  • Cybersecurity
  • DCOM
  • Debug
  • Defender
  • DEP
  • Deserialization
  • DFIR
  • DLL Sideloading
  • DMA
  • DNS
  • Driver
  • dump
  • EDR
  • EDR Evasion
  • Embedded
  • Encryption
  • Escalation
  • ESP32
  • ESXi
  • Evasion
  • Eventlog
  • Exploit Development
  • exploitation
  • filesystem
  • Firewall
  • firmware
  • Flash
  • FreeBSD
  • Fuzzing
  • Gadgets
  • GATT
  • Ghidra
  • Hardware
  • Hooking
  • Hyper-V
  • Hypervisor
  • Impacket
  • impact
  • Injection
  • IOCTL
  • iOS Security
  • IoT
  • IPC
  • IRP
  • Java
  • JIT
  • JWT Security
  • Kerberos
  • kernel
  • kernel-mode
  • LDAP Relay
  • Library
  • Linux
  • LLM
  • LLM Exploit Development
  • LNK
  • Loader
  • LOLExfil
  • LSA
  • LSASS
  • Machine Learning
  • MacOS
  • Malware
  • Malware Development
  • MCP
  • Memory Management
  • Mobile Security
  • MS-DOS
  • MS-EVEN
  • MS-LSAD
  • MS-SAMR
  • Network
  • NTLM Relay
  • NVMe
  • ODR
  • Operating Systems
  • Palo Alto
  • PBA
  • PCI
  • PEB
  • Penetration Testing
  • pets
  • PHP
  • pipe
  • Plugins
  • PoC
  • powershell
  • powershell
  • PPL
  • Privilege
  • Privilege Escalation
  • Process Injection
  • Protection
  • PXE
  • Python
  • QEMU
  • Race Condition
  • radare2
  • RCE
  • Recall
  • Recovery mode
  • Red Team Operations
  • RedTeam
  • Registry
  • Reverse Engineering
  • root
  • ROP
  • RPC
  • RTTI
  • Rust
  • SAM
  • Secure Boot
  • Security
  • Security
  • shellcode
  • Shortcut
  • SMB
  • SMTP
  • SPI Flash
  • SSDT
  • Stack Overflow
  • STM32H5
  • Systems Programming
  • TCP/IP
  • TEB
  • Telegram
  • Telnetd
  • Threat Intelligence
  • TPM
  • UAC
  • UART
  • UEFI
  • Uncategorized
  • USB
  • Use-After-Free
  • user-mode
  • Virtualization
  • VMProtect
  • VMware
  • Vulnerability Analysis
  • Warbird
  • WASM
  • WEB
  • winapi
  • winapi
  • WinDBG
  • windows
  • Windows Admin Center
  • Winsock
  • WMI
  • WML
  • Wordpress
  • WSL
  • XenServer
  • Xiaomi
  • XML
  • XNU Kernel
  • XSS
  • XXE
Log in
    © 2026 core-jmp. All rights reserved.
    Shopping Basket