Skip to content
View JM00NJ's full-sized avatar
👾
./🛸
👾
./🛸
22 followers · 1 following

Achievements

Achievement: Starstruckx2

Achievements

Achievement: Starstruckx2

Block or report JM00NJ

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
JM00NJ/README.md
Typing SVG

🛡️ Whoami

jm00nj@localhost:~$ cat /var/log/identity

I am a low-level systems researcher and malware developer focusing on offensive security, operating strictly below the API layer. My research dissects modern detection mechanisms (EDR/NDR) and builds unhooked, zero-dependency solutions in pure x86-64 Assembly.

  • 🔭 Currently Researching: In-memory PIC injection, DPCM-RLE hybrid compression, and Falco/Suricata evasion.
  • ⚙️ Weapon of Choice: Pure x64 Assembly (Libc-free).
  • 🧠 Philosophy: "If it touches the disk, it's already dead."

🧰 The Arsenal

C Linux Python Bash ASM

📡 Active Operations & Research

  • ICMP-Ghost: A fileless, libc-free x64 Assembly C2 agent utilizing DPCM-RLE hybrid compression and rolling XOR for deep DPI evasion.
  • Phantom Loader: hantom-Evasion-Loader is a standalone, pure x64 Assembly injection engine engineered to minimize the detection surface of modern EDR/XDR solutions and Kernel-level monitors like Falco (eBPF). It leverages advanced techniques such as SROP and Zero-Copy Injection to deliver payloads as a ghost in the machine
  • Vesqer-Baremetal-Compressor: A standalone DPCM-RLE hybrid compression engine built for strict memory constraints.

📊 Threat Telemetry

"Operating outside the userland."

Pinned Loading

  1. CVE-2025-6019-udisks2-XFS-Resize-TOCTOU-Privilege-Escalation CVE-2025-6019-udisks2-XFS-Resize-TOCTOU-Privilege-Escalation Public

    CVE-2025-6019: udisks2 XFS Resize TOCTOU Privilege Escalation

    Python 1

  2. Nested-ICMP-Exploitation Nested-ICMP-Exploitation Public

    A technical Proof-of-Concept (PoC) exploring the behavior of nested ICMP structures in network security research. Designed to analyze protocol vulnerabilities and packet encapsulation

    Assembly 2 1

  3. ICMP-Ghost-A-Fileless-x64-Assembly-C2-Agent ICMP-Ghost-A-Fileless-x64-Assembly-C2-Agent Public

    Fileless C2 agent written in pure x64 Assembly for Linux. Features stealth ICMP tunneling, memory-only execution via memfd_create, and terminal-independent daemonization.

    Assembly 180 25

  4. Phantom-Evasion-Loader Phantom-Evasion-Loader Public

    Phantom-Evasion-Loader is a standalone, pure x64 Assembly injection engine engineered to minimize the detection surface of modern EDR/XDR solutions and Kernel-level monitors like Falco (eBPF). It l…

    Assembly 42 5

  5. Vesqer-Baremetal-Compressor-DPCM-RLE-Hybrid-Engine Vesqer-Baremetal-Compressor-DPCM-RLE-Hybrid-Engine Public

    A standalone, pure x86-64 Assembly implementation of a DPCM+RLE hybrid compression and decompression engine. Built with zero external dependencies (no libc), this tool provides extremely low-level,…

    Assembly