0xSec

https://0xsec1.github.io/0xSecctfplayer, infosec, blog, redteamer 2026-04-29T06:34:08+00:00 0xSec https://0xsec1.github.io/ Jekyll © 2026 0xSec /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png MT7902: A Complete WiFi & Bluetooth Guide for Arch and Fedora2026-04-29T00:00:00+00:00 2026-04-29T00:00:00+00:00 https://0xsec1.github.io/posts/mt7902_installation_guide/ 0xSec

Introduction Figure: MT7902 Linux Patch If you have a laptop (mine is Asus Vivobook go 15) with the MediaTek MT7902 network card, you already know the struggle for its driver support. Native support for this chip is missing from the mainline Linux kernel (at least until Linux 7.x drops). Out of the box, you get no WiFi and no Bluetooth in order to get your internet working either you have to ...

RustyWater: Reverse Engineering MuddyWater’s Rust Toolkit2026-04-23T00:00:00+00:00 2026-04-23T00:00:00+00:00 https://0xsec1.github.io/posts/rustyWater/ 0xSec

Overview The MuddyWater attacks are primarily against Middle Eastern nations. However, its also observed attacks against surrounding nations and beyond, including targets in India and the USA. MuddyWater attacks are characterized by the use of a slowly evolving PowerShell-based first stage backdoor we call “POWERSTATS”. Despite broad scrutiny and reports on MuddyWater attacks, the activity cont...

AppDomain Hijacking: Analyzing a LNK malware2026-03-04T00:00:00+00:00 2026-03-04T09:01:12+00:00 https://0xsec1.github.io/posts/lnk_malware/ 0xSec

Overview Windows shortcut files use the .lnk file extension and function as a virtual link that allows people to easily access other files without having to navigate through multiple folders on a Windows host. The flexibility of LNK files makes them a powerful tool for attackers, as they can both execute malicious content and masquerade as legitimate files to deceive victims into unintentionall...

Operation Ghazwa: Disecting APT36's RAT2026-02-11T00:00:00+00:00 2026-02-11T07:26:59+00:00 https://0xsec1.github.io/posts/apt36/ 0xSec

Overview Operation C-Major aka: APT 36, APT36, C-Major, COPPER FIELDSTONE, Earth Karkaddan, Green Havildar, Mythic Leopard, ProjectM, Storm-0156, TMP.Lapis, Transparent Tribe Group targeting Indian Army or related assets in India, as well as activists and civil society in Pakistan. Attribution to a Pakistani connection has been made by TrendMicro and others. Technical Analysis After getting a...

Analysis of GonePostal: APT28’s Custom VBA Backdoor for Microsoft Outlook2026-02-09T00:00:00+00:00 2026-02-09T20:30:23+00:00 https://0xsec1.github.io/posts/gonepostal/ 0xSec

Overview KTA007, also known as Fancy Bear, APT28, and Pawn Storm, is a state sponsored political and economic espionage group associated with the Russian Military’s Main Intelligence Directorate (GRU) Unit 26165. The group has been implicated in several high-profile cyberattacks such as the 2016 Democratic National Committee breach, the International Olympic Committee, the Norwegian Parliament ...