iOS 18.5 Beta 4(and below) MobileCoreService persistence exploit. Discovered by me! - cr4zyengineer/EvilWorkspace

In this stream, we performed malware research with the MalwareBazaar MCP server from Kevin Thomas https://github.com/mytechnotalent/MalwareBazaar_MCP , unpacked a loader malware variant with x64dbg and analyzed the unpacked loader with the BinjaLattice MCP…

A comprehensive technical walkthrough of Windows 11 Alternate Syscalls: allocating executable thunks, building the dispatch table, patching PspServiceDescriptorGroupTable, handling PspSyscallProviderServiceDispatchGeneric, and caching syscall arguments. Includes…

Guest post by Dillon Franke, Senior Security Engineer, 20% time on Project Zero Every second, highly-privileged MacOS system daemons accept and proces...

Malware Development Tutorial: Bypassing Windows Defender with SMB Staging

In this step-by-step malware development tutorial, you’ll discover how to bypass Windows Defender using a powerful technique called SMB staging. By delivering shellcode over a remote…

Binary code-coverage fuzzer for macOS, based on libFuzzer and LLVM - ant4g0nist/ManuFuzzer

1day practice - Escape macOS sandbox (partial) using RemoteViewServices - wh1te4ever/CVE-2025-31258-PoC

The Threat Actor in focus is Mustang Panda a.k.a. Stately Taurus, a well-documented Chinese APT group known for cyber-espionage campaigns targeting governments, NGOs, and political entities across Southeast Asia. This lab emulates a targeted intrusion aligned…

This blog post explains the basics of Ancillary Function Driver API and how it can help explore networking activity on Windows systems.

CVE-2025-32421

prod. by hnrk - https://www.soundcloud.com/hnrk93

www.TeamSESH.com

Download PAIDPROGRAMMING - https://tinyurl.com/maj89xx

In this stream we reverse engineered a malware loader with IDA Pro, including its anti-analysis, persistence, COM UAC Bypass, command-line spoofing, C2, process injection, and TCP proxy functionality.

Learn how to reverse engineer malware: https://train…

In-depth research into Windows Kernel Streaming vulnerabilities, revealing MDL misuse, buffer misalignment, and exploitation techniques used in CVE-2024-38238 and others.

IDA Python Script to Get All function names from Event Constructor (VCL) - Coldzer0/IDA-For-Delphi

Good morning! As we saw in last week’s blog post, the use of NtQuerySystemInformation() to bypass kASLR and the changes introduced in version 24H2 have effectively taken away that convenient method we used to rely on to simplify things.

In this post I’ll show you how I found a zeroday vulnerability in the Linux kernel using OpenAI’s o3 model. I found the vulnerability with nothing more complicated than the o3 API &#821…

Alisa Esage is a professional hacker and solo owner of Zero Day Engineering Research & Training. https://zerodayengineering.com

Alisa taught herself CPU assembly and binary reverse engineering at the age of 15, got hyped by the government of the United States…