the grugq's newsletter

Subscribe
Archives
July 14, 2025

July 14, 2025

July 14, 2025

Intelligence Group 13, embedded within the Shahid Kaveh Cyber Group, represents one of the most operationally aggressive and ideologically fortified units within the Islamic Revolutionary Guard Corps (IRGC) cyber arsenal. https://t.co/CImC9X04pM @DomainTools

— 780th Military Intelligence Brigade (Cyber) (@780thC) July 13, 2025

Pay2Key’s Resurgence: Iranian Cyber Warfare Targets the West | https://t.co/dnuNugnCig @morphisec

— 780th Military Intelligence Brigade (Cyber) (@780thC) July 13, 2025


The @USTreasury Office of Foreign Assets Control sanctioned Song Kum Hyok, (Song), a malicious cyber actor associated with the sanctioned Democratic People’s Republic of Korea Reconnaissance General Bureau hacking group Andariel. https://t.co/wNHzF80f36

— 780th Military Intelligence Brigade (Cyber) (@780thC) July 13, 2025


A relatively unknown but particularly stealthy technique to hide files on Linux hosts. On unhardened boxes, unprivileged users can conceal files from even the root user. Disk content remains in memory, hindering disk acquisition during forensic investigation. (1/7) 👇

— HaxRob (@haxrob) July 13, 2025

Hiding in plain sight - Mount namespaces

An exceptionally stealthy technique to hide files and masquerade processes on Linux systems


Our research on open tunneling servers got nominated for the Most Innovative Research award :)

The work will be presented by Angelos Beitis at Black Hat and also at USENIX Security

Brief summary and code: https://t.co/nM3obXt6E9
Paper: https://t.co/tPNgtacDDQ

— Mathy Vanhoef (@vanhoefm) July 12, 2025

GitHub - vanhoefm/tunneltester

Contribute to vanhoefm/tunneltester development by creating an account on GitHub.

https://papers.mathyvanhoef.com/usenix2025-tunnels.pdf


GitHub - APKLab/APKLab: Android Reverse-Engineering Workbench for VS Code

Android Reverse-Engineering Workbench for VS Code. Contribute to APKLab/APKLab development by creating an account on GitHub.


I'm happy to finally release NovaHypervisor! NovaHypervisor is a defensive hypervisor with the goal of protecting AV/EDR vendors and crucial kernel structures that are currently uncovered by VBS and PatchGuard.
Full explanation below 1/6.https://t.co/BGszXQ0Oi6

— Ido Veltzman (@Idov31) July 13, 2025

GitHub - Idov31/NovaHypervisor: NovaHypervisor is a defensive x64 Intel host based hypervisor. The goal of this project is to protect against kernel based attacks (either via Bring Your Own Vulnerable Driver (BYOVD) or other means) by safeguarding defense products (AntiVirus / Endpoint Protection) and kernel memory structures and preventing unauthorized access to kernel memory.

NovaHypervisor is a defensive x64 Intel host based hypervisor. The goal of this project is to protect against kernel based attacks (either via Bring Your Own Vulnerable Driver (BYOVD) or other mean...


https://t.co/HHLCVe4HYq

— Silas Cutler // p1nk (@silascutler) July 14, 2025


Don't miss what's next. Subscribe to the grugq's newsletter:
X