core-jmp

RPC Proxy Injection Part II: Breaking Elastic EDR Telemetry

February 23, 2026

by oxfemale Bypassing cpp EDR exploitation Injection Library RedTeam RPC Security shellcode user-mode winapi winapi windows

The article explains enhancing RPC Proxy Injection to evade Elastic EDR telemetry by avoiding common API calls like WriteProcessMemory and CreateRemoteThread, using custom shellcode delivery via thread descriptions and APCs to hide malicious behavior.

EventLog-in: Propagating With Weak Credentials Using the Eventlog Service in Microsoft Windows (CVE-2025-29969)

February 23, 2026

by oxfemale Active Directory Eventlog impact MS-EVEN Network RCE RPC windows

SafeBreach Labs disclosed a critical RCE in the MS-EVEN RPC service (CVE-2025-29969) that lets low-privilege users write arbitrary files remotely on Windows 11/Server 2025, bypassing share limits. Patched May 2025.

ALPC Uncovered: The Hidden Backbone of Local RPC in Windows 11 and Server 2025

February 23, 2026

by oxfemale ALPC kernel RPC winapi windows

This article explores ALPC in Windows 11 and Windows Server 2025, covering hardened server design, message attributes, section-based transfer, and its role in Local RPC. It also analyzes ALPC as a security boundary and attack surface.

core-jmp

Posts in category: RPC

RPC Proxy Injection Part II: Breaking Elastic EDR Telemetry

EventLog-in: Propagating With Weak Credentials Using the Eventlog Service in Microsoft Windows (CVE-2025-29969)

ALPC Uncovered: The Hidden Backbone of Local RPC in Windows 11 and Server 2025

Recent Posts

Recent Comments

Archives

Categories