core-jmp

core-jmp

death of core jump

  • Home
  • windows
  • Reverse Engineering
  • exploitation
  • shellcode
  • About
  • Privacy Policy

Homewindows

Posts in category: windows

Patchless AMSI Bypass via Page Guard Exceptions

Patchless AMSI Bypass via Page Guard Exceptions

April 29, 2026
by oxfemale AMSIBypassingwindows

The article shows a patchless AMSI bypass using Page Guard exceptions and VEH to intercept AmsiScanBuffer, force an early clean return, and avoid direct code patching.

Read More
How Kernel Anti-Cheats Work: A Deep Dive into Modern Game Protection

How Kernel Anti-Cheats Work: A Deep Dive into Modern Game Protection

April 27, 2026
by oxfemale BYOVDDriverIOCTLkernelkernel-modewinapiwinapiwindows

The article explains how kernel anti-cheats monitor games from Ring 0 using callbacks, handle filtering, memory scans, driver checks, anti-debugging, VM detection, and hardware fingerprinting.

Read More
A Shortcut to Coercion: Incomplete Patch of APT28's Zero-Day Leads to CVE-2026-32202

A Shortcut to Coercion: Incomplete Patch of APT28’s Zero-Day Leads to CVE-2026-32202

April 27, 2026
by oxfemale CPLLNKwindows

Akamai shows how Microsoft’s incomplete fix for an APT28 LNK exploit left CVE-2026-32202: a zero-click UNC path issue that coerces SMB/NTLM authentication via Explorer icon parsing.

Read More
From MessageBox to Rootkit: A Practical Journey Through Windows Malware Internals

From MessageBox to Rootkit: A Practical Journey Through Windows Malware Internals

April 27, 2026
by oxfemale APCDriverHookingInjectionIOCTLIRPkernelPEBshellcodewinapiwinapiwindows

The article walks through Windows malware development from dynamic API resolution and PEB walking to injection, APC execution, driver basics, DKOM process hiding, and kernel callback abuse.

Read More
Plug me If you can : Exploiting USB Printer Drivers in Windows

Plug me If you can : Exploiting USB Printer Drivers in Windows

April 27, 2026
by oxfemale DriverEscalationexploitationHardwareIOCTLkernelUSBwinapiwindows

ENKI analyzes CVE-2026-32223, a heap overflow in Windows usbprint.sys triggered by malformed USB printer descriptors, leading to SYSTEM privilege escalation via crafted USB device.

Read More
Enumerating Windows Process Creation Callbacks

Enumerating Windows Process Creation Callbacks

April 24, 2026
by oxfemale BYOVDcppEDRIOCTLkernelwindows

The article shows how to enumerate Windows process creation callbacks by reading PspCreateProcessNotifyRoutine from kernel memory using a BYOVD read primitive and mapping callbacks to drivers.

Read More
Jenny was a Friend of Mine - MCPs and Friends

Jenny was a Friend of Mine – MCPs and Friends

April 24, 2026
by oxfemale Claude AIExploit DevelopmentGhidraLLMLLM Exploit DevelopmentRedTeamReverse EngineeringWinDBG

The article shows how Claude Code plus MCP can automate vulnerability hunting with RE, fuzzing, RAG, bounty scoring, and strict validation gates to reduce LLM hallucinations and confirm real bugs.

Read More
HOOKING WINDOWS NAMED PIPES

HOOKING WINDOWS NAMED PIPES

April 22, 2026
by oxfemale ACLHookingIPCpipewindows

The article shows how insecure Windows Named Pipes can enable interception or MITM-style abuse, and presents a Frida-based tool to hook, inspect, modify, and inject pipe traffic across several I/O models.

Read More
CVE-2026-33829: How a Deep Link in Windows Can Expose Net-NTLM Credentials

CVE-2026-33829: How a Deep Link in Windows Can Expose Net-NTLM Credentials

April 16, 2026
by oxfemale Credential AttacksNTLM RelaySecuritywindows

This vulnerability in the Windows Snipping Tool allows attackers to trigger NTLM authentication through the ms-screensketch protocol, forcing a connection to a remote SMB server and leaking the user’s Net-NTLM hash via a crafted link.

Read More
Vulnerability: When Microsoft Defender Becomes the Primitive - RedSun PoC.

Vulnerability: When Microsoft Defender Becomes the Primitive – RedSun PoC.

April 16, 2026
by oxfemale DefenderexploitationPoCPrivilegePrivilege EscalationRedTeamwinapiwindows

This vulnerability shows how Windows Defender file handling can be abused through filesystem races, Cloud Files APIs, and reparse points to redirect privileged writes and escalate from a low-privileged user to SYSTEM.

Read More
  • 1
  • 2
  • 3
  • ...
  • 10
  • Next
  • Last

Recent Posts

  • 89 vulnerabilities in XAPI / Citrix XenServer
  • Patchless AMSI Bypass via Page Guard Exceptions
  • A Step-by-Step Guide to Uncovering Vulnerabilities in a Mobile App
  • How Kernel Anti-Cheats Work: A Deep Dive into Modern Game Protection
  • A Shortcut to Coercion: Incomplete Patch of APT28’s Zero-Day Leads to CVE-2026-32202

Archives

  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • November 2025
  • September 2025

Active Directory Active Directory Security Application Security byovd bypass cpp EDR EDR Bypass EDR Evasion EDREvasion Embedded Security Endpoint Security Exploit Development Firmware Reverse Engineering Hardware Hacking Hardware Security injection IoT Security Kernel Debugging Kernel Exploitation macOS Security Malware Analysis Malware Development Memory Corruption Offensive Security Post-Exploitation PPL Privilege Escalation Process Injection red team RedTeam Red Teaming Red Team Techniques remote code execution Reverse Engineering Security Research shellcode Vulnerability Research WinDBG windows Windows 11 Windows Internals Windows Kernel Windows security WindowsSecurity

Categories

  • .NET
  • access
  • ACE
  • ACL
  • Active Directory
  • Active Directory
  • AD CS
  • Administrator
  • AI Agents
  • AI Security Research
  • alloc
  • ALPC
  • AMSI
  • Android
  • Antivirus
  • Apache Tomcat
  • APC
  • Apple Silicon
  • ASM
  • ASR
  • attaks
  • Audio
  • AV
  • BIOS
  • BitLocker
  • Blue team
  • Bluetooth
  • Boot ROM
  • Broadcom
  • BSoD
  • buffer overflow
  • BYOUD
  • BYOVD
  • Bypassing
  • Cache
  • Callbacks
  • Camera
  • CI/CD
  • CIMOM
  • Cisco
  • Citrix
  • Claude AI
  • CLFS
  • cmd
  • COM
  • Command Injection
  • Containers
  • Copilot
  • Cortex XDR
  • CPL
  • cpp
  • CPU
  • Credential Attacks
  • Crypt
  • Cryptography
  • CryptoPro
  • CSRF
  • DCOM
  • Debug
  • Defender
  • DEP
  • Deserialization
  • DFIR
  • DLL Sideloading
  • DMA
  • DNS
  • Driver
  • dump
  • EDR
  • Embedded
  • Encryption
  • Escalation
  • ESP32
  • ESXi
  • Evasion
  • Eventlog
  • Exploit Development
  • exploitation
  • filesystem
  • firmware
  • Flash
  • FreeBSD
  • Gadgets
  • GATT
  • Ghidra
  • Hardware
  • Hooking
  • Hyper-V
  • Hypervisor
  • Impacket
  • impact
  • Injection
  • IOCTL
  • IoT
  • IPC
  • IRP
  • Java
  • JIT
  • JWT Security
  • Kerberos
  • kernel
  • kernel-mode
  • LDAP Relay
  • Library
  • Linux
  • LLM
  • LLM Exploit Development
  • LNK
  • Loader
  • LOLExfil
  • LSA
  • LSASS
  • Machine Learning
  • MacOS
  • Malware
  • MCP
  • MS-DOS
  • MS-EVEN
  • MS-LSAD
  • MS-SAMR
  • Network
  • NTLM Relay
  • NVMe
  • ODR
  • Palo Alto
  • PBA
  • PCI
  • PEB
  • Penetration Testing
  • PHP
  • pipe
  • Plugins
  • PoC
  • powershell
  • powershell
  • PPL
  • Privilege
  • Privilege Escalation
  • Protection
  • PXE
  • Python
  • QEMU
  • Race Condition
  • radare2
  • RCE
  • Recall
  • Recovery mode
  • RedTeam
  • Registry
  • Reverse Engineering
  • root
  • ROP
  • RPC
  • RTTI
  • Rust
  • SAM
  • Secure Boot
  • Security
  • Security
  • shellcode
  • Shortcut
  • SPI Flash
  • Stack Overflow
  • STM32H5
  • TCP/IP
  • TEB
  • Telegram
  • Telnetd
  • TPM
  • UAC
  • UART
  • UEFI
  • Uncategorized
  • USB
  • Use-After-Free
  • user-mode
  • Virtualization
  • VMProtect
  • VMware
  • Warbird
  • WASM
  • WEB
  • winapi
  • winapi
  • WinDBG
  • windows
  • Windows Admin Center
  • Winsock
  • WMI
  • WML
  • Wordpress
  • WSL
  • XenServer
  • Xiaomi
  • XML
  • XNU Kernel
  • XSS
  • XXE
Log in
    © 2026 core-jmp. All rights reserved.
    Shopping Basket