ITSEC Newsletter 2025-12-04

Author

Henrik Falk
December 04, 2025

Field Notes on Malware: C2 Evasion Evolution and Detection Implications

RISC-V VM is an open-source transpiler built on LLVM that would enable much stealthier operations. It virtualizes code rather than executing in the traditional sense, making it inherently less malicious-looking (no RW/X, or requirements for sleep obfuscation).

deceptiq.com/blog/field-notes-on-malware

How to Research & Reverse Web Vulnerabilities 101

This blog serves as a detailed methodology guide for analyzing, reversing, and researching web vulnerabilities, particularly those with CVEs assigned. The content outlines repeatable processes used to evaluate vague advisories, analyze vulnerable software, and ultimately recreate or validate security flaws. The objective is to establish a structured, replicable approach to web vulnerability research.

projectdiscovery.io/blog/how-to-research-web-vulnerabilities

From Zero to SYSTEM: Building PrintSpoofer from Scratch

I had one week to do some research and i was inspired by a collegue to dig into PrintSpoofer thrn decided to go about it from scratch to truly understand how we can pass from a user With SeImpersonate privilege set to Windows privilege escalation. What started as “how do Named Pipes work?” turned into a deep dive into Windows internals, token manipulation, RPC, and eventually… bypassing Windows Defender. The journey: IIS APPPOOL\DefaultAppPool → NT AUTHORITY\SYSTEM with Defender enabled.

bl4ckarch.github.io/posts/PrintSpoofer_from_scratch