Stealth Injection with ROP: Thread Hijacking Without Executable Memory
Original text by Umarex
The article introduces a technique called T(ROP)H (Thread Hijacking with ROP), which enables DLL injection into a remote Windows process without allocating executable memory. Traditional thread hijacking typically allocates memory with execute permissions and places shellcode there before redirecting a thread’s instruction pointer to the payload. However, allocating executable memory is…
https://core-jmp.org/2026/03/stealth-injection-with-rop-thread-hijacking-without-executable-memory/
Original text by Umarex
The article introduces a technique called T(ROP)H (Thread Hijacking with ROP), which enables DLL injection into a remote Windows process without allocating executable memory. Traditional thread hijacking typically allocates memory with execute permissions and places shellcode there before redirecting a thread’s instruction pointer to the payload. However, allocating executable memory is…
https://core-jmp.org/2026/03/stealth-injection-with-rop-thread-hijacking-without-executable-memory/
👍7🔥4
Breaking the Firmware Trust: Disabling Security in a Locked BIOS
Original text by Craig S. Blackie.
The article demonstrates how firmware-level modifications can undermine system security even when the BIOS/UEFI interface is locked with a password. The research focuses on modifying a UEFI firmware image directly at the flash level, allowing an attacker with physical access to disable security features while leaving the BIOS interface…
https://core-jmp.org/2026/03/breaking-the-firmware-trust-disabling-security-in-a-locked-bios/
Original text by Craig S. Blackie.
The article demonstrates how firmware-level modifications can undermine system security even when the BIOS/UEFI interface is locked with a password. The research focuses on modifying a UEFI firmware image directly at the flash level, allowing an attacker with physical access to disable security features while leaving the BIOS interface…
https://core-jmp.org/2026/03/breaking-the-firmware-trust-disabling-security-in-a-locked-bios/
🔥7👍1
Backup to SYSTEM: Exploiting the IDrive Client Privilege Escalation Flaw
Original text by Ddos
The article describes a local privilege escalation vulnerability in the IDrive Cloud Backup Client for Windows, tracked as CVE-2026-1995. The flaw arises from insecure permission settings in files used by the backup client service. The service process id_service.exe runs with SYSTEM privileges and periodically reads configuration files located in C:ProgramDataIDrive. These…
https://core-jmp.org/2026/03/backup-to-system-exploiting-the-idrive-client-privilege-escalation-flaw/
Original text by Ddos
The article describes a local privilege escalation vulnerability in the IDrive Cloud Backup Client for Windows, tracked as CVE-2026-1995. The flaw arises from insecure permission settings in files used by the backup client service. The service process id_service.exe runs with SYSTEM privileges and periodically reads configuration files located in C:ProgramDataIDrive. These…
https://core-jmp.org/2026/03/backup-to-system-exploiting-the-idrive-client-privilege-escalation-flaw/
👍5
Inside WMI: Tracing Windows Management from Consumers to COM Providers
Original text by Jonathan Johnson
The two-part article explores the internal architecture of Windows Management Instrumentation (WMI) and explains how management queries and actions are executed inside Windows. WMI is Microsoft’s implementation of WBEM (Web-Based Enterprise Management) and provides a standardized way for applications and administrators to query system information or manage resources such as…
https://core-jmp.org/2026/03/inside-wmi-tracing-windows-management-from-consumers-to-com-providers/
Original text by Jonathan Johnson
The two-part article explores the internal architecture of Windows Management Instrumentation (WMI) and explains how management queries and actions are executed inside Windows. WMI is Microsoft’s implementation of WBEM (Web-Based Enterprise Management) and provides a standardized way for applications and administrators to query system information or manage resources such as…
https://core-jmp.org/2026/03/inside-wmi-tracing-windows-management-from-consumers-to-com-providers/
👍3
Hidden Bugs in Plain Sight: Hunting Vulnerabilities Inside Shared Libraries
Original text by Grzegorz Wypych (h0rac)
The article explains how security researchers can discover vulnerabilities that hide not in the main application binary but inside the shared libraries it depends on. The author presents the concept behind the ByteRay vulnerability hunting engine, which focuses on tracking how input data flows across program boundaries—from the main…
https://core-jmp.org/2026/03/hidden-bugs-in-plain-sight-hunting-vulnerabilities-inside-shared-libraries/
Original text by Grzegorz Wypych (h0rac)
The article explains how security researchers can discover vulnerabilities that hide not in the main application binary but inside the shared libraries it depends on. The author presents the concept behind the ByteRay vulnerability hunting engine, which focuses on tracking how input data flows across program boundaries—from the main…
https://core-jmp.org/2026/03/hidden-bugs-in-plain-sight-hunting-vulnerabilities-inside-shared-libraries/
👍2
Bypassing Code Integrity Using BYOVD for Kernel R/W Primitives
Original text by S12 – 0x12Dark Development
The article demonstrates how attackers can bypass Windows Kernel Code Integrity protections by abusing the BYOVD (Bring Your Own Vulnerable Driver) technique to obtain powerful kernel read/write primitives. Instead of loading a malicious unsigned driver, the attacker loads a legitimate but vulnerable signed driver that contains exploitable IOCTL…
https://core-jmp.org/2026/03/bypassing-code-integrity-using-byovd-for-kernel-r-w-primitives/
Original text by S12 – 0x12Dark Development
The article demonstrates how attackers can bypass Windows Kernel Code Integrity protections by abusing the BYOVD (Bring Your Own Vulnerable Driver) technique to obtain powerful kernel read/write primitives. Instead of loading a malicious unsigned driver, the attacker loads a legitimate but vulnerable signed driver that contains exploitable IOCTL…
https://core-jmp.org/2026/03/bypassing-code-integrity-using-byovd-for-kernel-r-w-primitives/
😱3👍1
This media is not supported in your browser
VIEW IN TELEGRAM
Kali Linux New Tools 2026
• AdaptixC2 — Post-exploitation
• Atomic-Operator — Atomic tests
• Fluxion — Social engineering
• GEF — GDB debugger
• MetasploitMCP — Metasploit MCP
• SSTImap — SSTI scanner
• WPProbe — WP plugin enum
• XSStrike — XSS scanner
👍32
Reflecting on Your Tier Model: CVE-2025-33073 and the One-Hop Problem
Original text by Rahul Saranjame
The False Sense of Security
SMB signing on domain controllers has become standard practice across most Active Directory environments. But this hardening may have created a false sense of security. CVE-2025-33073 changes the calculus by removing the prerequisite of admin access, enabling NTLM relay attack Active Directory exploitation through unconstrained…
https://core-jmp.org/2026/03/reflecting-on-your-tier-model-cve-2025-33073-and-the-one-hop-problem/
Original text by Rahul Saranjame
The False Sense of Security
SMB signing on domain controllers has become standard practice across most Active Directory environments. But this hardening may have created a false sense of security. CVE-2025-33073 changes the calculus by removing the prerequisite of admin access, enabling NTLM relay attack Active Directory exploitation through unconstrained…
https://core-jmp.org/2026/03/reflecting-on-your-tier-model-cve-2025-33073-and-the-one-hop-problem/
👍5🔥3