MatheuZ
@MatheuzSecurity
Red Team Operator Cyber Threat Intelligence Malware Researcher
github.com/MatheuZSecurit… Hey guys, I posted a really cool zine in pure TXT about Unhooking Linux EDR, attacking the cleanup_module function, to be able to remove any hook from an EDR for example. Feel free to read.

RingReaper can easily bypass Linux Sophos EDR. src: github.com/MatheuZSecurit… Currently, using this technique is FUD against (what I've tested); - TrendMicro EDR - Cortex XDR - Sophos EDR #ringreaper #io_uring #malware #c2 #poc #edr

We are being used to monitor a remotely driven car fleet from @vay_io. They needed reliable and safe Linux monitoring and we provide that with agentless @SandflySecurity. They have an awesome tech with cars in Vegas. I'll be trying one at Black Hat!
When it comes to the security of their Linux-powered car fleet, @vay_io makes no compromises. They chose Sandfly's agentless security for robust monitoring and absolute reliability. See how we deliver comprehensive protection: sandflysecurity.com/why-sandfly/ca…
RingReaper can bypass falco and modern linux EDRs. Check: github.com/MatheuZSecurit… Detailed article: matheuzsecurity.github.io/hacking/evadin… #malware #io_uring #edr #rootkit #falcon #linux

I just published a new post on Red Team Tactics: Evading EDR on Linux with io_uring, and also shared the RingReaper project I used for the POC. RingReaper: github.com/MatheuZSecurit… Article: matheuzsecurity.github.io/hacking/evadin… #malware #c2 #io_uring #redteam

Using io_uring to break LD_PRELOAD Rootkit Hooks. Join us: discord.gg/66N5ZQppU7 matheuzsecurity.github.io/hacking/using-… #rootkits #linux #io_uring #malware #ldpreload

Hello everyone! Today I published a really cool post about how to bypass LD_PRELOAD rootkit hooks using a very and simple technique. matheuzsecurity.github.io/hacking/bypass… #rootkit #ldpreload #linux #bypass

Article: matheuzsecurity.github.io/hacking/gcc/ Github: github.com/MatheuZSecurit… ElfDoor-gcc is an LD_PRELOAD that hijacks gcc to inject malicious code into binaries during linking, without touching the source code. #malware #gcc #ldpreload #linux

THE INFINITE AURA IN THIS ONE SCENE #SoloLeveling
Our member @MatheuzSecurity ' article is also available now in the fourth edition of tmpout, follow the link to check it out. tmpout.sh/4/10.html
Would you look at that, it's tmp.0ut Volume 4! Happy Friday, hope you enjoy this latest issue! tmpout.sh/4/
- beru sendo FODA - os rank s sendo humilhados - dark aria lv2 tocando de fundo essa cena não tinha como ser melhor, solo leveling é CINEMA