Loading video...

Video Failed to Load

Go Home

🚨 I'm looking for a Job🚨 A user-mode code and its rootkit that will Kill EDR Processes permanently by leveraging the power of Process Creation Blocking Kernel Callback Routine registering and ZwTerminateProcess. Project : =========== Looking for roles in User/Kernel mode Malware Dev, Evasion, Reverse Eng, Kernel Exploit Weaponization,...

d1rkmtr's profile picture

Saad AHLA

8,397 subscribers

17,113 views • 1 year ago •via X (Twitter)

LIVE

Anya Rossi• Live Now

Private livecam show

7 Comments

Fawaz - بوجابر's profile picture
Fawaz - بوجابر1 year ago

I was just mentioning your work to a couple of Moroccan friends a few hours ago Great work

Saad AHLA's profile picture
Saad AHLA1 year ago

Thanks, I appreciate it, Fawaz 😁

jian liu's profile picture
jian liu1 year ago

Please PM me, I have a lot of work to do.

jian liu's profile picture
jian liu1 year ago

Hi bro

nemo's profile picture
nemo1 year ago

kool and you will find your job boss

Moppel Mat's profile picture
Moppel Mat1 year ago

No CrowdStrike kill?

Janus Pannonius's profile picture
Janus Pannonius1 year ago

How you signed the driver?

Related Videos

Kernel Mode vs User Mode explained by a retired Windows developer!
16:23

Kernel Mode vs User Mode explained by a retired Windows developer!

Dave W Plummer

126,524 views • 1 year ago

🚨 THREAT INTELLIGENCE ALERT 🚨 The tool 🇨🇳 KernelGhost820 is being actively sold on the underground market for US$ 2,500, complete with full source code. This is a professional-grade suite with an intuitive graphical interface and six advanced modules, specifically designed for EDR evasion and sophisticated ransomware operations with efficient lateral movement: • EDR Removal Engine: Automatically detects and terminates more than 40 security products (including CrowdStrike, SentinelOne, Microsoft Defender, Kaspersky, and others). Supports Kernel, UserMode, and NTDLL termination modes, kernel driver loading for protected processes, disabling Windows Defender, and blocking telemetry connections. • Ransomware Module: Dual encryption using AES256CBC + RSA2048, supporting over 70 file types (documents, images, databases, backups, etc.). Automatically deletes Volume Shadow Copies to prevent recovery, generates custom ransom notes with Bitcoin addresses and contact emails, and changes the desktop wallpaper. • Remote Operations & Mass Deployment: Connects to remote devices on the local network via WMI (requires username and password). Scans installed software on target hosts, performs process termination, and enables one-click full tool deployment. Includes full-network scanning for open SMB port 445 with real-time progress tracking. • Detailed Process Manager and full Operation Logger (exportable to TXT). This tool significantly lowers the technical barrier for advanced ransomware actors targeting corporate environments. Immediate monitoring recommendations: • Evaluate the resilience of your EDR/XDR controls against kernel-mode bypass techniques • Intensify monitoring of anomalous SMB (port 445) traffic and WMI connections • Strengthen network segmentation and the principle of least privilege Our team is actively tracking this tool and any emerging variants. #ThreatIntelligence #Ransomware #EDRBypass #CyberSecurity #InfoSec #CyberThreat
3:20

🚨 THREAT INTELLIGENCE ALERT 🚨 The tool 🇨🇳 KernelGhost820 is being actively sold on the underground market for US$ 2,500, complete with full source code. This is a professional-grade suite with an intuitive graphical interface and six advanced modules, specifically designed for EDR evasion and sophisticated ransomware operations with efficient lateral movement: • EDR Removal Engine: Automatically detects and terminates more than 40 security products (including CrowdStrike, SentinelOne, Microsoft Defender, Kaspersky, and others). Supports Kernel, UserMode, and NTDLL termination modes, kernel driver loading for protected processes, disabling Windows Defender, and blocking telemetry connections. • Ransomware Module: Dual encryption using AES256CBC + RSA2048, supporting over 70 file types (documents, images, databases, backups, etc.). Automatically deletes Volume Shadow Copies to prevent recovery, generates custom ransom notes with Bitcoin addresses and contact emails, and changes the desktop wallpaper. • Remote Operations & Mass Deployment: Connects to remote devices on the local network via WMI (requires username and password). Scans installed software on target hosts, performs process termination, and enables one-click full tool deployment. Includes full-network scanning for open SMB port 445 with real-time progress tracking. • Detailed Process Manager and full Operation Logger (exportable to TXT). This tool significantly lowers the technical barrier for advanced ransomware actors targeting corporate environments. Immediate monitoring recommendations: • Evaluate the resilience of your EDR/XDR controls against kernel-mode bypass techniques • Intensify monitoring of anomalous SMB (port 445) traffic and WMI connections • Strengthen network segmentation and the principle of least privilege Our team is actively tracking this tool and any emerging variants. #ThreatIntelligence #Ransomware #EDRBypass #CyberSecurity #InfoSec #CyberThreat

Clandestine

40,505 views • 1 month ago

🚨 New advisory was just published! 🚨 An out-of-bounds write vulnerability in the Linux kernel achieves local privilege escalation on Ubuntu 22.04 for active user sessions:
2:06

🚨 New advisory was just published! 🚨 An out-of-bounds write vulnerability in the Linux kernel achieves local privilege escalation on Ubuntu 22.04 for active user sessions:

SSD Secure Disclosure

174,881 views • 1 year ago

🎥 QEMU Dev Starter guide, Part 1 The QEMU codebase can be quite daunting for new developers, Anton with this talk aims to give an overview of both the major APIs one might encounter as well as the high control flow of user-mode emulation.
37:41

🎥 QEMU Dev Starter guide, Part 1 The QEMU codebase can be quite daunting for new developers, Anton with this talk aims to give an overview of both the major APIs one might encounter as well as the high control flow of user-mode emulation.

rev.ng

21,797 views • 3 months ago

At Black Hat tomorrow!! "Close Encounters of the Advanced Persistent Kind: Leveraging Rootkits for Post-Exploitation" by b33f | 🇺🇦✊ and I. Come if you want to learn cool kernel techniques and evade those pesky mitigations. Sneak peak demo: leveraging 0-day to load our rootkit 😎
0:44

At Black Hat tomorrow!! "Close Encounters of the Advanced Persistent Kind: Leveraging Rootkits for Post-Exploitation" by b33f | 🇺🇦✊ and I. Come if you want to learn cool kernel techniques and evade those pesky mitigations. Sneak peak demo: leveraging 0-day to load our rootkit 😎

chompie

101,403 views • 2 years ago

WIRED DEV UPDATE There's a lot of developments going on for the Wired Project. I'll highlight some in this thread! Firstly (and finally), WIRED Trigger: User Clicks User
0:37

WIRED DEV UPDATE There's a lot of developments going on for the Wired Project. I'll highlight some in this thread! Firstly (and finally), WIRED Trigger: User Clicks User

Jonas

31,931 views • 1 year ago

Join the Tooling, Process and Training Team to help develop the equipment that will help build a world of amazing abundance – Design advanced tooling – Streamline service processes – Deliver new training approaches to maximize fleet health Roles based in Hayward, California
0:52

Join the Tooling, Process and Training Team to help develop the equipment that will help build a world of amazing abundance – Design advanced tooling – Streamline service processes – Deliver new training approaches to maximize fleet health Roles based in Hayward, California

Tesla Recruiting

59,509 views • 3 months ago

#Config2023 Launch 1: Dev Mode A new space in Figma for developers with features that help translate design into code, faster. Read more: Here are all the ways you can use Dev Mode 👇
0:43

#Config2023 Launch 1: Dev Mode A new space in Figma for developers with features that help translate design into code, faster. Read more: Here are all the ways you can use Dev Mode 👇

Figma

617,318 views • 3 years ago

PS4 8.00 No USB Jailbreak Lapse Kernel Exploit!
0:29

PS4 8.00 No USB Jailbreak Lapse Kernel Exploit!

Andrew2007

13,981 views • 1 year ago

A cheat code that can be unlocked in CS2 Premier mode has just been detected. It is not recommended to play Premier mode for a while. Each user can open a cheat with 1 code.
0:23

A cheat code that can be unlocked in CS2 Premier mode has just been detected. It is not recommended to play Premier mode for a while. Each user can open a cheat with 1 code.

CS2 NEWS

905,778 views • 2 years ago

Geometry of Machine Learning Models - Gaussian Process Kernel In 1948 Norbert Wiener framed prediction as a correlation problem, and in the 1970s George Wahba clarified that picking a smoothness preference is the same as picking a kernel. The motivation is that whenever data i s sparse and noisy, you don't just want a fit, you want a fit with calibrated uncertainty.
0:30

Geometry of Machine Learning Models - Gaussian Process Kernel In 1948 Norbert Wiener framed prediction as a correlation problem, and in the 1970s George Wahba clarified that picking a smoothness preference is the same as picking a kernel. The motivation is that whenever data i s sparse and noisy, you don't just want a fit, you want a fit with calibrated uncertainty.

Mathelirium

15,625 views • 3 months ago

Did you know that you can use GitHub Copilot in notebooks? Accept and run generated code with just a click. You can even attach variables from the Jupyter kernel in your requests ✨
0:36

Did you know that you can use GitHub Copilot in notebooks? Accept and run generated code with just a click. You can even attach variables from the Jupyter kernel in your requests ✨

Visual Studio Code

44,339 views • 1 year ago

An anonymous user preserved a whopping 23 Konami i-mode games, including the the keitai-exclusive Gradius NEO and its sequel Gradius NEO Imperial. The full list of games is in the replies. The DoJa 5.1 SDK does not run these games very well, in addition to poor sound emulation.
1:13

An anonymous user preserved a whopping 23 Konami i-mode games, including the the keitai-exclusive Gradius NEO and its sequel Gradius NEO Imperial. The full list of games is in the replies. The DoJa 5.1 SDK does not run these games very well, in addition to poor sound emulation.

RockmanCosmo

21,265 views • 1 year ago

Writing a CUDA kernel requires a shift in mental model. Instead of one fast processor, you manage thousands of tiny threads. Here is the code and the logic explained for Matrix Multiplication.
4:10

Writing a CUDA kernel requires a shift in mental model. Instead of one fast processor, you manage thousands of tiny threads. Here is the code and the logic explained for Matrix Multiplication.

Ashutosh Maheshwari

189,009 views • 6 months ago

❗️Chronomaly: Android kernel exploit for CVE-2025-38352, previously exploited in-the-wild. Targets vulnerable Linux kernels v5.10.x. GitHub:
0:23

❗️Chronomaly: Android kernel exploit for CVE-2025-38352, previously exploited in-the-wild. Targets vulnerable Linux kernels v5.10.x. GitHub:

Dark Web Informer

12,625 views • 4 months ago

Coming next week: New features in Dev Mode to bring design + dev closer. Annotations (!!), improvements to diffing, plugins, and the VS Code extension. What's shipping January 31 as Dev Mode moves out of free beta →
1:03

Coming next week: New features in Dev Mode to bring design + dev closer. Annotations (!!), improvements to diffing, plugins, and the VS Code extension. What's shipping January 31 as Dev Mode moves out of free beta →

Figma

789,287 views • 2 years ago

Sanctions Hit Linux Kernel, Russian Programmers Banned Biden's Executive Order 14071, forbids Russians from working with or using GPL'd software made in the USA. And that includes the Linux Kernel.
16:40

Sanctions Hit Linux Kernel, Russian Programmers Banned Biden's Executive Order 14071, forbids Russians from working with or using GPL'd software made in the USA. And that includes the Linux Kernel.

The Lunduke Journal

19,412 views • 1 year ago

On a previous #TeawithGaryVee I was asked "I'm looking for a job and I constantly interview. I'm working a seasonal job I hate too. How can I kill the interview and get that job?" If you have a question for me, drop it here so my team can add it to the next Rapid Fire Q&A and follow me on
10:46

On a previous #TeawithGaryVee I was asked "I'm looking for a job and I constantly interview. I'm working a seasonal job I hate too. How can I kill the interview and get that job?" If you have a question for me, drop it here so my team can add it to the next Rapid Fire Q&A and follow me on

Gary Vaynerchuk

18,075 views • 3 months ago

I just released the exploit and technical analysis of my CVE-2023-36424 - Windows Kernel Pool (clfs.sys) Corruption Privilege Escalation. Happy Reading. #exploit #cybersecurity #news
0:33

I just released the exploit and technical analysis of my CVE-2023-36424 - Windows Kernel Pool (clfs.sys) Corruption Privilege Escalation. Happy Reading. #exploit #cybersecurity #news

Pikala

45,647 views • 2 years ago

Fake PS4 jailbreak. And fake PS5 dup alternative for poopsploit. This is to show how randoms that come along claiming they have a WebKit exploit or kernel exploit or a jailbreak. Are in reality sending a few notifications at an ass of a camera angle while using a userland exploit
0:44

Fake PS4 jailbreak. And fake PS5 dup alternative for poopsploit. This is to show how randoms that come along claiming they have a WebKit exploit or kernel exploit or a jailbreak. Are in reality sending a few notifications at an ass of a camera angle while using a userland exploit

Dr.Yenyen

78,578 views • 2 months ago