Debugging – WinDBG & WinDBGX Fundamentals
Original text by corelanc0d3r
The article from Corelan Team explains the fundamentals of debugging with WinDbg and WinDbgX, focusing on how security researchers and reverse engineers can analyze Windows applications during runtime. It introduces the debugger architecture, explains the difference between the classic WinDbg and the newer WinDbgX interface, and describes how to attach to…
https://core-jmp.org/2026/03/debugging-windbg-windbgx-fundamentals/
Original text by corelanc0d3r
The article from Corelan Team explains the fundamentals of debugging with WinDbg and WinDbgX, focusing on how security researchers and reverse engineers can analyze Windows applications during runtime. It introduces the debugger architecture, explains the difference between the classic WinDbg and the newer WinDbgX interface, and describes how to attach to…
https://core-jmp.org/2026/03/debugging-windbg-windbgx-fundamentals/
👍10
This media is not supported in your browser
VIEW IN TELEGRAM
Подписывайся на нас в месседжере FUCKS
Ты с нами ? с нами ? не ? ну давай
Ты с нами ? с нами ? не ? ну давай
👍23🔥9
Report: Microsoft quietly blocks Windows 11 25H2, 24H2 performance boost hack for SSDs
Original text by Sayan Sen
The report describes how Microsoft Windows 11 recently blocked a popular performance tweak that allowed users to significantly increase NVMe SSD performance in versions 24H2 and 25H2. Enthusiasts had discovered a registry-based workaround that enabled a hidden native NVMe storage driver originally introduced for Windows Server. By activating several FeatureManagement…
https://core-jmp.org/2026/03/report-microsoft-quietly-blocks-windows-11-25h2-24h2-performance-boost-hack-for-ssds/
Original text by Sayan Sen
The report describes how Microsoft Windows 11 recently blocked a popular performance tweak that allowed users to significantly increase NVMe SSD performance in versions 24H2 and 25H2. Enthusiasts had discovered a registry-based workaround that enabled a hidden native NVMe storage driver originally introduced for Windows Server. By activating several FeatureManagement…
https://core-jmp.org/2026/03/report-microsoft-quietly-blocks-windows-11-25h2-24h2-performance-boost-hack-for-ssds/
👍6😱4🔥2
Breaking the Shield: Unpacking a VMProtected Windows Kernel Driver
Original text by eversinc33
The article explains a practical workflow for unpacking a Windows kernel driver protected with VMProtect and preparing it for reverse engineering. The author analyzes an anti-cheat driver (KSophon_x64.sys) protected by VMProtect v2–3 and demonstrates how to bypass its protection mechanisms to restore a usable binary for analysis. The main challenge comes…
https://core-jmp.org/2026/03/breaking-the-shield-unpacking-a-vmprotected-windows-kernel-driver/
Original text by eversinc33
The article explains a practical workflow for unpacking a Windows kernel driver protected with VMProtect and preparing it for reverse engineering. The author analyzes an anti-cheat driver (KSophon_x64.sys) protected by VMProtect v2–3 and demonstrates how to bypass its protection mechanisms to restore a usable binary for analysis. The main challenge comes…
https://core-jmp.org/2026/03/breaking-the-shield-unpacking-a-vmprotected-windows-kernel-driver/
🔥15
Ghost in LSASS: Inside the KslKatz Credential Dumping Framework
Original text by S1lkys
The GitHub project KslKatz introduces a credential-dumping tool designed for red-team operations and security research on Windows systems. The project combines techniques from multiple tools—most notably KslDump and GhostKatz—to extract credentials from the lsass.exe process, which stores authentication secrets used by Windows. Instead of relying on common approaches such as direct…
https://core-jmp.org/2026/03/ghost-in-lsass-inside-the-kslkatz-credential-dumping-framework/
Original text by S1lkys
The GitHub project KslKatz introduces a credential-dumping tool designed for red-team operations and security research on Windows systems. The project combines techniques from multiple tools—most notably KslDump and GhostKatz—to extract credentials from the lsass.exe process, which stores authentication secrets used by Windows. Instead of relying on common approaches such as direct…
https://core-jmp.org/2026/03/ghost-in-lsass-inside-the-kslkatz-credential-dumping-framework/
👍10
From PCAP to Passwords: Automating Kerberos Roast Extraction
Original text by jalvarezz13
Krb5RoastParser is an open-source Python tool created to simplify the extraction of Kerberos authentication hashes from captured network traffic. Instead of manually analyzing packets in Wireshark, the tool processes .pcap files and automatically identifies Kerberos authentication messages such as AS-REQ, AS-REP, and TGS-REP. Using tshark, the script parses these packets and…
https://core-jmp.org/2026/03/from-pcap-to-passwords-automating-kerberos-roast-extraction/
Original text by jalvarezz13
Krb5RoastParser is an open-source Python tool created to simplify the extraction of Kerberos authentication hashes from captured network traffic. Instead of manually analyzing packets in Wireshark, the tool processes .pcap files and automatically identifies Kerberos authentication messages such as AS-REQ, AS-REP, and TGS-REP. Using tshark, the script parses these packets and…
https://core-jmp.org/2026/03/from-pcap-to-passwords-automating-kerberos-roast-extraction/
🔥10😱5
Breaking the Flat Network: How Tiering Models Protect Active Directory
Original text by Aurelien Chalot
The article explains why many enterprise networks remain vulnerable due to flat network architectures, where systems and administrative privileges are poorly segmented. Drawing on years of internal penetration-testing experience, the author shows that even organizations equipped with modern security tools can still be compromised if attackers gain an initial foothold.…
https://core-jmp.org/2026/03/breaking-the-flat-network-how-tiering-models-protect-active-directory/
Original text by Aurelien Chalot
The article explains why many enterprise networks remain vulnerable due to flat network architectures, where systems and administrative privileges are poorly segmented. Drawing on years of internal penetration-testing experience, the author shows that even organizations equipped with modern security tools can still be compromised if attackers gain an initial foothold.…
https://core-jmp.org/2026/03/breaking-the-flat-network-how-tiering-models-protect-active-directory/
🔥10👍1
Out-of-Cancel: A New Linux Kernel Race Condition Bug Class
Original text by v4bel
The article introduces a newly identified Linux kernel vulnerability pattern called “Out-of-Cancel”, which arises from incorrect assumptions about the behavior of workqueue cancellation APIs. The author analyzes how functions such as cancel_work_sync() or cancel_delayed_work_sync() are often used in kernel teardown paths to stop asynchronous work before freeing an object. However, these…
https://core-jmp.org/2026/03/out-of-cancel-a-new-linux-kernel-race-condition-bug-class/
Original text by v4bel
The article introduces a newly identified Linux kernel vulnerability pattern called “Out-of-Cancel”, which arises from incorrect assumptions about the behavior of workqueue cancellation APIs. The author analyzes how functions such as cancel_work_sync() or cancel_delayed_work_sync() are often used in kernel teardown paths to stop asynchronous work before freeing an object. However, these…
https://core-jmp.org/2026/03/out-of-cancel-a-new-linux-kernel-race-condition-bug-class/
👍8
When DNS Forwarding Meets Recursion: Understanding Conditional Forwarders in Windows
Original text by https://it-pro-berlin.de
The article analyzes how conditional forwarders and recursion interact in Windows DNS servers, clarifying a common misconception among administrators. The author investigates a claim that disabling recursion globally on a Windows DNS server would also disable conditional forwarders. Through experiments and configuration analysis, the article shows that conditional forwarders can actually…
https://core-jmp.org/2026/03/when-dns-forwarding-meets-recursion-understanding-conditional-forwarders-in-windows/
Original text by https://it-pro-berlin.de
The article analyzes how conditional forwarders and recursion interact in Windows DNS servers, clarifying a common misconception among administrators. The author investigates a claim that disabling recursion globally on a Windows DNS server would also disable conditional forwarders. Through experiments and configuration analysis, the article shows that conditional forwarders can actually…
https://core-jmp.org/2026/03/when-dns-forwarding-meets-recursion-understanding-conditional-forwarders-in-windows/
👍6
Relaying Trust: Exploiting NTLM Authentication to Compromise Active Directory
Original text by SecCoreGmbH
The article explains how NTLM relay attacks can be used to gain unauthorized access in Active Directory environments when certain security protections are not enforced. The author demonstrates a practical attack scenario where an attacker captures NTLM authentication from a Windows system and relays it to another service such as LDAP…
https://core-jmp.org/2026/03/relaying-trust-exploiting-ntlm-authentication-to-compromise-active-directory/
Original text by SecCoreGmbH
The article explains how NTLM relay attacks can be used to gain unauthorized access in Active Directory environments when certain security protections are not enforced. The author demonstrates a practical attack scenario where an attacker captures NTLM authentication from a Windows system and relays it to another service such as LDAP…
https://core-jmp.org/2026/03/relaying-trust-exploiting-ntlm-authentication-to-compromise-active-directory/
👍9
Stealth Injection with ROP: Thread Hijacking Without Executable Memory
Original text by Umarex
The article introduces a technique called T(ROP)H (Thread Hijacking with ROP), which enables DLL injection into a remote Windows process without allocating executable memory. Traditional thread hijacking typically allocates memory with execute permissions and places shellcode there before redirecting a thread’s instruction pointer to the payload. However, allocating executable memory is…
https://core-jmp.org/2026/03/stealth-injection-with-rop-thread-hijacking-without-executable-memory/
Original text by Umarex
The article introduces a technique called T(ROP)H (Thread Hijacking with ROP), which enables DLL injection into a remote Windows process without allocating executable memory. Traditional thread hijacking typically allocates memory with execute permissions and places shellcode there before redirecting a thread’s instruction pointer to the payload. However, allocating executable memory is…
https://core-jmp.org/2026/03/stealth-injection-with-rop-thread-hijacking-without-executable-memory/
👍7🔥4
Breaking the Firmware Trust: Disabling Security in a Locked BIOS
Original text by Craig S. Blackie.
The article demonstrates how firmware-level modifications can undermine system security even when the BIOS/UEFI interface is locked with a password. The research focuses on modifying a UEFI firmware image directly at the flash level, allowing an attacker with physical access to disable security features while leaving the BIOS interface…
https://core-jmp.org/2026/03/breaking-the-firmware-trust-disabling-security-in-a-locked-bios/
Original text by Craig S. Blackie.
The article demonstrates how firmware-level modifications can undermine system security even when the BIOS/UEFI interface is locked with a password. The research focuses on modifying a UEFI firmware image directly at the flash level, allowing an attacker with physical access to disable security features while leaving the BIOS interface…
https://core-jmp.org/2026/03/breaking-the-firmware-trust-disabling-security-in-a-locked-bios/
🔥7👍1
Backup to SYSTEM: Exploiting the IDrive Client Privilege Escalation Flaw
Original text by Ddos
The article describes a local privilege escalation vulnerability in the IDrive Cloud Backup Client for Windows, tracked as CVE-2026-1995. The flaw arises from insecure permission settings in files used by the backup client service. The service process id_service.exe runs with SYSTEM privileges and periodically reads configuration files located in C:ProgramDataIDrive. These…
https://core-jmp.org/2026/03/backup-to-system-exploiting-the-idrive-client-privilege-escalation-flaw/
Original text by Ddos
The article describes a local privilege escalation vulnerability in the IDrive Cloud Backup Client for Windows, tracked as CVE-2026-1995. The flaw arises from insecure permission settings in files used by the backup client service. The service process id_service.exe runs with SYSTEM privileges and periodically reads configuration files located in C:ProgramDataIDrive. These…
https://core-jmp.org/2026/03/backup-to-system-exploiting-the-idrive-client-privilege-escalation-flaw/
👍5
Inside WMI: Tracing Windows Management from Consumers to COM Providers
Original text by Jonathan Johnson
The two-part article explores the internal architecture of Windows Management Instrumentation (WMI) and explains how management queries and actions are executed inside Windows. WMI is Microsoft’s implementation of WBEM (Web-Based Enterprise Management) and provides a standardized way for applications and administrators to query system information or manage resources such as…
https://core-jmp.org/2026/03/inside-wmi-tracing-windows-management-from-consumers-to-com-providers/
Original text by Jonathan Johnson
The two-part article explores the internal architecture of Windows Management Instrumentation (WMI) and explains how management queries and actions are executed inside Windows. WMI is Microsoft’s implementation of WBEM (Web-Based Enterprise Management) and provides a standardized way for applications and administrators to query system information or manage resources such as…
https://core-jmp.org/2026/03/inside-wmi-tracing-windows-management-from-consumers-to-com-providers/
👍3
Hidden Bugs in Plain Sight: Hunting Vulnerabilities Inside Shared Libraries
Original text by Grzegorz Wypych (h0rac)
The article explains how security researchers can discover vulnerabilities that hide not in the main application binary but inside the shared libraries it depends on. The author presents the concept behind the ByteRay vulnerability hunting engine, which focuses on tracking how input data flows across program boundaries—from the main…
https://core-jmp.org/2026/03/hidden-bugs-in-plain-sight-hunting-vulnerabilities-inside-shared-libraries/
Original text by Grzegorz Wypych (h0rac)
The article explains how security researchers can discover vulnerabilities that hide not in the main application binary but inside the shared libraries it depends on. The author presents the concept behind the ByteRay vulnerability hunting engine, which focuses on tracking how input data flows across program boundaries—from the main…
https://core-jmp.org/2026/03/hidden-bugs-in-plain-sight-hunting-vulnerabilities-inside-shared-libraries/
👍2