core-jmp

core-jmp

death of core jump

  • Home
  • windows
  • Reverse Engineering
  • exploitation
  • shellcode
  • About
  • Privacy Policy

HomeRecovery mode

Posts in category: Recovery mode

Recovery Mode Breakdown: Turning macOS Recovery Safari into Root Persistence

Recovery Mode Breakdown: Turning macOS Recovery Safari into Root Persistence

April 7, 2026
by oxfemale MacOSPrivilege EscalationRecovery modeSecurity

A macOS Recovery Mode Safari flaw allowed attackers to write arbitrary files to system partitions. By placing a malicious LaunchDaemon in /Library/LaunchDaemons, an attacker could achieve persistent root execution after reboot.

Read More

Recent Posts

  • Recovery Mode Breakdown: Turning macOS Recovery Safari into Root Persistence
  • COMouflage: Stealthy DLL Surrogate Injection for Process Tree Evasion
  • BlueHammer: Exploiting Microsoft Defender Update Workflow to Leak SAM and Escalate to SYSTEM
  • PoisonX: Terminating Protected Windows Processes via BYOVD
  • Signed to Kill: Reverse Engineering a 0-Day Used to Disable CrowdStrike EDR

Archives

  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • November 2025
  • September 2025

Active Directory Active Directory Security byovd bypass cpp EDR EDR Bypass EDR Evasion EDREvasion Embedded Security Embedded Systems Exploit Development Firmware Reverse Engineering Hardware Hacking Hardware Security injection IoT Security Kernel Debugging Kernel Exploitation lsass Malware Development Memory Corruption Offensive Security poc Post-Exploitation PPL Privilege Escalation Process Injection red team RedTeam Red Teaming Red Team Techniques remote code execution Reverse Engineering ROP Security Research shellcode Vulnerability Research winapi WinDBG windows Windows Internals Windows Kernel Windows security WindowsSecurity

Categories

  • .NET
  • access
  • ACE
  • ACL
  • Active Directory
  • Active Directory
  • AD CS
  • Administrator
  • AI Agents
  • AI Security Research
  • alloc
  • ALPC
  • Antivirus
  • APC
  • Apple Silicon
  • ASM
  • ASR
  • attaks
  • Audio
  • AV
  • BIOS
  • BitLocker
  • Blue team
  • Bluetooth
  • Boot ROM
  • Broadcom
  • BSoD
  • buffer overflow
  • BYOUD
  • BYOVD
  • Bypassing
  • Cache
  • Callbacks
  • Camera
  • CIMOM
  • Cisco
  • CLFS
  • cmd
  • COM
  • Containers
  • Cortex XDR
  • cpp
  • CPU
  • Credential Attacks
  • Crypt
  • Cryptography
  • CryptoPro
  • DCOM
  • Debug
  • Defender
  • DEP
  • Deserialization
  • DFIR
  • DMA
  • DNS
  • Driver
  • dump
  • EDR
  • Embedded
  • Encryption
  • Escalation
  • ESP32
  • Evasion
  • Eventlog
  • Exploit Development
  • exploitation
  • filesystem
  • firmware
  • Flash
  • FreeBSD
  • Gadgets
  • GATT
  • Ghidra
  • Hardware
  • Hooking
  • Hypervisor
  • Impacket
  • impact
  • Injection
  • IOCTL
  • IoT
  • JIT
  • Kerberos
  • kernel
  • kernel-mode
  • LDAP Relay
  • Library
  • Linux
  • LLM
  • LLM Exploit Development
  • LNK
  • Loader
  • LOLExfil
  • LSA
  • LSASS
  • MacOS
  • Malware
  • MCP
  • MS-DOS
  • MS-EVEN
  • MS-LSAD
  • MS-SAMR
  • Network
  • NTLM Relay
  • NVMe
  • ODR
  • Palo Alto
  • PBA
  • PCI
  • PEB
  • Penetration Testing
  • PHP
  • Plugins
  • PoC
  • powershell
  • powershell
  • PPL
  • Privilege
  • Privilege Escalation
  • Protection
  • PXE
  • Python
  • QEMU
  • Race Condition
  • RCE
  • Recovery mode
  • RedTeam
  • Registry
  • Reverse Engineering
  • root
  • ROP
  • RPC
  • RTTI
  • Rust
  • SAM
  • Secure Boot
  • Security
  • Security
  • shellcode
  • Shortcut
  • SPI Flash
  • Stack Overflow
  • STM32H5
  • TCP/IP
  • TEB
  • Telegram
  • Telnetd
  • TPM
  • UAC
  • UART
  • UEFI
  • Uncategorized
  • Use-After-Free
  • user-mode
  • Virtualization
  • VMProtect
  • VMware
  • Warbird
  • WASM
  • WEB
  • winapi
  • winapi
  • WinDBG
  • windows
  • Windows Admin Center
  • Winsock
  • WMI
  • Wordpress
  • WSL
  • Xiaomi
  • XNU Kernel
Log in
    © 2026 core-jmp. All rights reserved.
    Shopping Basket