MalDev | GaK3r

WindowsSentinel WindowsSentinel is a lightweight C# utility that continuously monitors key Windows system events—such as file, process, and registry changes—and logs them in real‑time for easy auditing and troubleshooting. 🔗 Link 🕹Subscribe to MalDev | GaK3r

Mini Shai-Hulud / Miasma / Hades 🚨 Malware is now weaponizing your own AI scanner against you. A new wave of worms — Mini Shai-Hulud, Miasma, and Hades — ship with a fake “CLASSIFIED BRIEFING” header stuffed with nuclear & bioweapon design text, placed as a non-executing JavaScript comment at the top of _index.js. The point isn’t to run anything — it’s to trip the safety refusals of LLM-based malware triage so the scanner bails before it ever reaches the obfuscated Hades payload below. Refusal → false negative → package ships clean. The campaign targets bioinformatics and MCP developers, with newer variants using .pth loaders and native extensions to drop Bun-powered stealers that scrape GCP, Azure, and CI/CD secrets on install. This is second-order alignment blindspots turned into a real-world evasion primitive. Lesson for anyone building an AI analysis pipeline: separate untrusted sample content from instructions, and never let a refusal silently equal “benign.” 👉 Full breakdown: https://socket.dev/blog/mini-shai-hulud-miasma-and-hades-worms-target-bioinformatics-and-mcp-developers-via-malicious 🔗 Link 🕹Subscribe to MalDev | GaK3r

HijackLibs.net 🚨 DLL Hijacking just got a lot easier to track (and exploit). HijackLibs.net is a curated database mapping vulnerable executables to exploitable DLLs—complete with metadata for defenders to detect attacks and red teamers to plan operations. It covers key techniques like DLL Sideloading, Phantom DLL Hijacking, and Search Order Hijacking—all critical for modern threat hunting and red teaming. 👉 Dive in: https://hijacklibs.net https://hijacklibs.net 🔗 Link 🕹Subscribe to MalDev | GaK3r

HijackLibs.net 🚨 DLL Hijacking just got way easier to track—and exploit. HijackLibs.net is a curated database mapping vulnerable executables to exploitable DLLs—perfect for red teamers hunting attack paths or defenders spotting suspicious load patterns. With clear breakdowns of sideloading, phantom hijacking, and search-order abuse (T1574.001), it’s the go-to resource for mastering this stealthy, often undetected technique. 👉 Dive in: https://hijacklibs.net https://hijacklibs.net 🔗 Link 🕹Subscribe to MalDev | GaK3r

Claude Code Source Code Leaked Online While publishing the packages, someone at Anthropic made a ✨slight miscalculation✨. An obfuscated cli.js build ended up in the public npm package alongside a full cli.js.map—something that definitely shouldn't have been there. Essentially, anyone who installed or downloaded the package could easily reconstruct the source code using the sourcemap. Naturally, the code spread across repositories almost instantly. Leading infosec communities have confirmed this isn't a fake or a simple API wrapper, but a truly advanced CLI platform. Link: https://github.com/instructkr/claude-code It turns out there are 1,906 TypeScript files and approximately 500k lines of code under the hood. Key Findings: • Unreleased Features: Hints at deep planning, persistent memory, and a "sleep" mode. • Multi-agent Architecture: You can see exactly how Anthropic handles multi-agent orchestration in coordinator/coordinatorMode.ts. • System Prompts: All system prompts are accessible in constants/prompts.ts.

Hacking Humans: Social Engineering and the Psychology - SpecterOps 🚀 Dive into the mind‑game of cyber‑attacks! In “Hacking Humans: Social Engineering and the Psychology,” John Wotton shows how the real breach starts the moment an employee decides “Who belongs here?” – from OSINT sleuthing to exploiting decision‑making patterns. 📖 Read the full insight and level up your human‑firewall: https://specterops.io/blog/2026/01/23/hacking-humans-social-engineering-and-the-psychology/ https://specterops.io/blog/2026/01/23/hacking-humans-social-engineering-and-the-psychology/ 🔗 Link 🕹Subscribe to MalDev | GaK3r

Hacking Humans: Social Engineering and the Psychology - SpecterOps Ever wondered how hackers bypass firewalls and cameras? They don’t need brute force—they exploit the human mind. This deep dive by SpecterOps reveals how social engineering preys on psychology, decision-making, and simple trust to bypass even the most secure systems. #CyberSecurity #SocialEngineering https://specterops.io/blog/2026/01/23/hacking-humans-social-engineering-and-the-psychology/ 🔗 Link 🕹Subscribe to MalDev | GaK3r

Hacking Humans: Social Engineering and the Psychology - SpecterOps Hackers don’t need to break into systems — they exploit the human mind. In Hacking Humans: Social Engineering and the Psychology, SpecterOps dives into how social engineers manipulate decision-making to bypass even the strongest physical and digital defenses. Learn how everyday trust, routine, and psychology become weaponized in real-world attacks — a must-read for security pros. 🔐🧠 #Infosec #SocialEngineering https://specterops.io/blog/2026/01/23/hacking-humans-social-engineering-and-the-psychology/ 🔗 Link 🕹Subscribe to MalDev | GaK3r

CVE-2025-54918-POC This GitHub project provides a proof-of-concept (POC) and technical demonstration for CVE-2025-54918, showcasing a security vulnerability in a system or application. It is intended for researchers and developers to understand the exploit mechanism and assess potential risks. 🔗 Link 🕹Subscribe to MalDev | GaK3r

Proxy-DLL-Loads This project demonstrates a proof of concept for intercepting and proxying DLL loads using undocumented Windows syscalls, enabling stealthy control over dynamic library loading. It's designed for advanced security research and potentially bypassing detection mechanisms. 🔗 Link 🕹Subscribe to MalDev | GaK3r

Woopsie Woopsie is a lightweight, cross-platform tool designed to simulate system crashes and handle error reporting in a controlled manner for testing and debugging purposes. It integrates with various platforms to capture crash data and generate detailed reports, aiding in the analysis of software reliability. 🔗 Link 🕹Subscribe to MalDev | GaK3r

Poopsie Poopsie is a lightweight, cross-platform tool designed to assist in post-exploitation tasks by providing a simple interface for executing commands and managing sessions on compromised systems. It's built for red team operations, offering stealthy command execution and minimal footprint to evade detection. 🔗 Link 🕹Subscribe to MalDev | GaK3r

ms-photosNTLMLeak This project demonstrates a new 0-day vulnerability that enables NTLM hash leakage from browsers via a single click, exploiting Microsoft Photos app's handling of file URLs. It highlights a critical security issue in how browsers and apps process certain URI schemes, allowing passive credential extraction. 🔗 Link 🕹Subscribe to MalDev | GaK3r

LSASS Dump – Windows Error Reporting 🚨 New vulnerability in Windows Error Reporting: Attackers can dump LSASS memory using WerFaultSecure—a Microsoft-signed binary running with PPL privileges. This flaw, found in Windows 8.1 and earlier, allows credential theft via MiniDumps due to unencrypted memory access. Stay alert—patch and monitor your environment! #CyberSecurity #WindowsSecurity #LSASSDump https://ipurple.team/2025/11/18/lsass-dump-windows-error-reporting/ 🔗 Link 🕹Subscribe to MalDev | GaK3r

SAMDump SAMDump is a tool that extracts the SAM and SYSTEM files from a Windows system using Volume Shadow Copy (VSS) API, offering multiple exfiltration methods and XOR obfuscation to evade detection. It's designed for incident response or forensic analysis, enabling secure and stealthy data retrieval. 🔗 Link 🕹Subscribe to MalDev | GaK3r