core-jmp

core-jmp

death of core jump

  • Home
  • windows
  • Reverse Engineering
  • exploitation
  • shellcode
  • About
  • Privacy Policy

HomeVMProtect

Posts in category: VMProtect

Breaking the Shield: Unpacking a VMProtected Windows Kernel Driver

Breaking the Shield: Unpacking a VMProtected Windows Kernel Driver

March 25, 2026
by oxfemale DebugDriverkernelkernel-modePythonReverse EngineeringVMProtectWinDBGwindows

A technical walkthrough showing how to unpack a VMProtected Windows kernel driver using WinDbg and dynamic analysis. The guide demonstrates restoring the hidden Import Address Table and dumping a clean driver for reverse engineering.

Read More

Recent Posts

  • Out-of-Cancel: A New Linux Kernel Race Condition Bug Class
  • Breaking the Flat Network: How Tiering Models Protect Active Directory
  • From PCAP to Passwords: Automating Kerberos Roast Extraction
  • Ghost in LSASS: Inside the KslKatz Credential Dumping Framework
  • Breaking the Shield: Unpacking a VMProtected Windows Kernel Driver

Archives

  • March 2026
  • February 2026
  • January 2026
  • November 2025
  • September 2025

Active Directory Binary Analysis byovd bypass cpp Detection Engineering EDR EDRBypass EDR Evasion EDREvasion Embedded Security Embedded Systems Exploit Development firmware Firmware Analysis Firmware Security Hardware Hacking injection IoT Security Kernel Debugging Malware Development Offensive Security poc Post-Exploitation PPL Privilege Escalation red team RedTeam Red Teaming remote code execution Reverse Engineering ROP Secure Boot Security Research shellcode TPM Vulnerability Research winapi WinDBG windows Windows 11 Windows Internals Windows Kernel Windows security WindowsSecurity

Categories

  • .NET
  • access
  • ACE
  • ACL
  • Active Directory
  • Active Directory
  • AD CS
  • Administrator
  • AI Agents
  • alloc
  • ALPC
  • Antivirus
  • APC
  • Apple Silicon
  • ASM
  • ASR
  • attaks
  • Audio
  • AV
  • BitLocker
  • Blue team
  • Bluetooth
  • Boot ROM
  • Broadcom
  • BSoD
  • buffer overflow
  • BYOUD
  • BYOVD
  • Bypassing
  • Cache
  • Callbacks
  • CLFS
  • cmd
  • COM
  • Containers
  • Cortex XDR
  • cpp
  • CPU
  • Credential Attacks
  • Crypt
  • Cryptography
  • CryptoPro
  • Debug
  • Defender
  • DEP
  • Deserialization
  • DFIR
  • DMA
  • DNS
  • Driver
  • dump
  • EDR
  • Embedded
  • Encryption
  • Escalation
  • ESP32
  • Evasion
  • Eventlog
  • Exploit Development
  • exploitation
  • filesystem
  • firmware
  • Flash
  • Gadgets
  • GATT
  • Ghidra
  • Hardware
  • Hooking
  • impact
  • Injection
  • IOCTL
  • IoT
  • Kerberos
  • kernel
  • kernel-mode
  • Library
  • Linux
  • LLM
  • LNK
  • Loader
  • LOLExfil
  • LSA
  • LSASS
  • MacOS
  • Malware
  • MCP
  • MS-DOS
  • MS-EVEN
  • MS-LSAD
  • MS-SAMR
  • Network
  • NVMe
  • ODR
  • Palo Alto
  • PBA
  • PCI
  • PEB
  • Penetration Testing
  • PHP
  • Plugins
  • PoC
  • powershell
  • powershell
  • PPL
  • Privilege
  • Protection
  • PXE
  • Python
  • QEMU
  • Race Condition
  • RCE
  • RedTeam
  • Registry
  • Reverse Engineering
  • root
  • ROP
  • RPC
  • RTTI
  • Rust
  • SAM
  • Secure Boot
  • Security
  • Security
  • shellcode
  • Shortcut
  • STM32H5
  • TCP/IP
  • TEB
  • Telegram
  • Telnetd
  • TPM
  • UAC
  • UART
  • Uncategorized
  • Use-After-Free
  • user-mode
  • VMProtect
  • VMware
  • Warbird
  • WASM
  • WEB
  • winapi
  • winapi
  • WinDBG
  • windows
  • Windows Admin Center
  • Winsock
  • Wordpress
  • WSL
  • XNU Kernel
Log in
    © 2026 core-jmp. All rights reserved.
    Shopping Basket