core-jmp

Three-stage TREVEX workflow: Test Case Generation, Execution and Leakage Detection, Result Classification

TREVEX: Black-Box CPU Fuzzing Finds FP-DSS, New FPVI Variants, and Zero-at-ret

May 23, 2026

by oxfemale Hardware Security Vulnerability Analysis

TREVEX is a post-silicon black-box CPU fuzzer from CISPA designed to discover data-flow transient execution vulnerabilities without needing RTL access, an ISA emulator, or a leakage contract. The framework runs across 20 microarchitectures from Intel, AMD, and Zhaoxin and uncovers a new TEA — Floating Point Divider State Sampling (FP-DSS, CVE-2025-54505) — on AMD Zen and Zen+, a new FPVI variant on AMD that does not need denormal inputs, three instances of Zero-at-ret on Intel, and FPVI on Zhaoxin. The authors weaponise FP-DSS from native code, the Linux kernel, and a Chrome JavaScript exploit.
{“_yoast_wpseo_title”: “TREVEX: Black-Box CPU Fuzzer Finds FP-DSS (CVE-2025-54505)”, “_yoast_wpseo_metadesc”: “TREVEX black-box CPU fuzzer (CISPA, S&P 2026) finds FP-DSS (CVE-2025-54505), new FPVI variants, and Zero-at-ret across 20 Intel, AMD, Zhaoxin microarchitectures.”, “rank_math_title”: “TREVEX: Black-Box CPU Fuzzer Finds FP-DSS (CVE-2025-54505)”, “rank_math_description”: “TREVEX black-box CPU fuzzer (CISPA, S&P 2026) finds FP-DSS (CVE-2025-54505), new FPVI variants, and Zero-at-ret across 20 Intel, AMD, Zhaoxin microarchitectures.”}

Cover image for CVE-2025-54539 Apache.NMS.AMQP deserialization policy bypass to RCE

CVE-2025-54539: Apache.NMS.AMQP Deserialization Policy Bypass to Unauthenticated RCE in .NET

May 23, 2026

by oxfemale Exploit Development Security Vulnerability Analysis

CVE-2025-54539 is a deserialization policy bypass in Apache.NMS.AMQP (≤ 2.3.0) that lets a single 290-byte AMQP message reach BinaryFormatter inside an unsuspecting .NET client and execute arbitrary commands.

Automating MS-RPC vulnerability research

May 17, 2026

by oxfemale RPC Security winapi winapi windows

Automating MS-RPC research shows how NtObjectManager, dynamic RPC clients, fuzzing, canary tracing, ProcMon and Neo4j can map interfaces, test procedures, find crashes and uncover coercion-style Windows bugs.

CVE-2026-33829: How a Deep Link in Windows Can Expose Net-NTLM Credentials

April 16, 2026

by oxfemale Credential Attacks NTLM Relay Security windows

This vulnerability in the Windows Snipping Tool allows attackers to trigger NTLM authentication through the ms-screensketch protocol, forcing a connection to a remote SMB server and leaking the user’s Net-NTLM hash via a crafted link.

Windows Recall: A Perfect Memory or a Perfect Data Leak?

April 9, 2026

by oxfemale Copilot Recall Security windows

An in-depth look at Windows Recall on Copilot+ PCs, how its SQLite and embedding databases store screen history, and how the TotalRecall tool can extract that data—revealing serious security and privacy implications.

BlueHammer: Exploiting Microsoft Defender Update Workflow to Leak SAM and Escalate to SYSTEM

April 7, 2026

by oxfemale Antivirus attaks Defender Escalation Exploit Development exploitation PoC Privilege Security Security winapi winapi windows

BlueHammer shows how Microsoft Defender’s update workflow can be abused to redirect privileged file access to a Volume Shadow Copy. By exploiting filesystem races and NT namespace tricks, the technique leaks the SAM hive, extracts NTLM hashes, and enables privilege escalation to SYSTEM.

Relaying Trust: Exploiting NTLM Authentication to Compromise Active Directory

March 26, 2026

by oxfemale Active Directory Containers Impacket Kerberos LDAP Relay Network NTLM Relay Security windows

he article demonstrates an NTLM relay attack against Active Directory using tools like ntlmrelayx and PetitPotam. By relaying authentication to LDAP, attackers can create accounts, abuse delegation, and gain administrative access.

LOLExfil: Stealthy Data Exfiltration Using Living-Off-the-Land Techniques

March 16, 2026

by oxfemale Bypassing EDR LOLExfil RedTeam Security windows

The article introduces LOLExfil, a Living-Off-the-Land data exfiltration technique that abuses legitimate system tools and trusted services to stealthily extract data, blending malicious activity with normal system behavior.

Ghost in the PPL – LSASS Memory Dump

March 15, 2026

by oxfemale Debug exploitation LSASS PoC PPL Reverse Engineering Security winapi winapi windows

The article explains a technique for dumping memory from the protected LSASS process (PPL). It analyzes limitations of PPL protection and demonstrates how MiniDumpWriteDump and existing process handles can be used to extract credential data.

Reverse engineering undocumented Windows Kernel features to work with the EDR

March 14, 2026

by oxfemale Antivirus Bypassing Defender EDR Eventlog kernel Malware Protection Reverse Engineering Security winapi winapi WinDBG windows

This article demonstrates how to reverse engineer the Windows 11 kernel to understand undocumented internals behind memory operations and ETW Threat Intelligence events, helping security engineers improve EDR telemetry and detect remote process memory writes.