Command & Conquer'd: Worming RCEs through a classic multiplayer game. Check out the full writeup from our DistrictCon Junkyard submission here: buff.ly/tp7EzQ8 By Bryan Alexander and Jordan Whitehead #Security #modding #rce

Ahmed Ehab ϻг_ϻε AI agents are getting really good at bug hunting and helping you reach vulnerable code, developing triggers etc. So right now a researcher needs to know about novel surfaces to stand out and find the impactful bugs that have a better shelf life.

GatewayToHeaven: Finding a Cross-Tenant Vulnerability in Google Cloud's Apigee omeramiad.com/posts/gatewayt…

medium.com/@adarshpandey1…

I am pleased to announce the publication of the sixth article in the Exploiting Reversing Series (ERS). Titled "A Deep Dive Into Exploiting a Minifilter Driver (N-day)", this 251-page article provides a comprehensive look at a past vulnerability in a mini-filter driver:

Endpoint Evasion Techniques (2020–2025): The Evolution of Attacks Bypassing EDR windshock.github.io/en/post/2025-0…

"If it inspires one person, it's worth doing." – Jack Butcher

> be nerds > look into persona (used by discord) > kyc (know your customer) service > used for age verification > search on internet (shodan) > find weird server > image 1 > openai-watchlistdb.withpersona > openai-watchlistdb-testing.withpersona > lolwtf > look inside > supposed

I've wanted to write a book for years. I love sharing knowledge (that’s how PentesterLab started), but I kept getting stuck. Last year I changed my approach after reading a "Concise Advice" book on a flight. Short. Practical. High signal.

🧵 The Kernel Boot Blind Spot: Why EDR/AVs are "Brainless" in Phase 0 (SERVICE_BOOT_START) If you think the Windows Registry is fully available when Kernel Drivers initialize, you’re mistaken. If you think the Filesystem as you are familiar with is fully initialized during the

I reverse-engineered Intel ME so you don't have to: A decade of Ring -3 vulnerabilities that your EDR can't see sbytec.com/vulnerabilitie…

We promised we'd be back! Join us on our journey, from repro'ing N-days to stumbling into 0-days in SolarWinds Web Help Desk, eventually achieving pre-auth RCE. This research fuels the watchTowr Platform, our Preemptive Exposure Management technology. labs.watchtowr.com/buy-a-help-des…

✨ Launching Clawned.io - free, community, no signup Stop blindly installing OpenClaw skills like Maniac. My friend mass-installed OpenClaw skills for a client project last month. Two days later his AWS bill exploded. A skill that looked totally legit was quietly

Friendly reminder: Fuck Netanyahu.

Khamenei has left the server

Sometimes a stupid idea get stuck in your head. And will not disappear after a while. Anyway, here is a new blogpost, just a little hoax this time. badoption.eu/blog/2026/02/2…

Introduction to Windows Kernel Exploitation for Beginners Part 1: mdanilor.github.io/posts/hevd-0/ Part 2: mdanilor.github.io/posts/hevd-1/ Part 3: mdanilor.github.io/posts/hevd-2/ Part 4: mdanilor.github.io/posts/hevd-3/ Part 5: mdanilor.github.io/posts/hevd-4/ #windows #infosec #kernal