Somebody asked if you can run a dll directly without rundll32 as you would do with an exe. You just need to remove the IMAGE_FILE_DLL flag from IMAGE_FILE_HEADER->Characteristics, which can be done with the option -e of github.com/Kudaes/CustomE…. Don't see much use for it tho ^^

Analyzing Firefox Animation CVE-2024-9680 dimitrifourny.github.io/2024/11/14/fir…

An advisory for a bug I found in 7-Zip was released! zerodayinitiative.com/advisories/ZDI…

youtu.be/i5L9xEk_adw

ZDI Threat Hunting 2024: Highlights, Trends, & Challenges - Peter Girnus 🦅 takes a look at the key achievements of our Threat Hunting team. He also looks at in-the-wild vuln trends and industry challenges we encountered in 2024 that will continue into 2025. zerodayinitiative.com/blog/2025/1/8/…

Following our #38c3 talk about exploiting security software for privilege escalation, we're excited to kick off a new blog series! 🎊 Check out our first blog post on our journey to 💥 exploit five reputable security products to gain privileges via COM hijacking:

(A new class of symlink attacks is mentioned below.) According to Microsoft (MSRC), attacks involving symlinks stored on removable drives or in file system images (like VHDX) are not vulnerabilities. If an unprivileged user manages to quickly replace a regular file... 1/7

[ZDI-25-151|CVE-2025-1758] Progress Software Kemp LoadMaster mangle Stack-based Buffer Overflow Remote Code Execution Vulnerability (CVSS 9.8; Credit: Nicholas Zubrisky (Nicholas Zubrisky) of Trend Micro Security Research) zerodayinitiative.com/advisories/ZDI…

CimFS: Crashing in memory, Finding SYSTEM! chiefpie dug into Microsoft CimFS, found a sneaky 0-day, and guess what? The fix by Microsoft was just locking the door 🔐on unprivileged users. 😂 Dive into the adventure with us: starlabs.sg/blog/2025/03-c…

blog.flomb.net/posts/ingressn…

From iframes and file reads to full RCE. 🔥 We found an HTML-to-PDF API allowing file reads and SSRF - then chained it into remote code execution via a Chromium 62 WebView exploit. 👉 Read the full write-up here: neodyme.io/en/blog/html_r…

🤔 zerodayinitiative.com/advisories/upc… Nicholas Zubrisky

Today MSRC fixed two vulnerabilities I reported a couple months ago. EoP in Windows Update service (affects only windows 11/10 with at least 2 drives) msrc.microsoft.com/update-guide/v… EoP in Microsoft PC Manager msrc.microsoft.com/update-guide/v… PoC for CVE-2025-48799: github.com/Wh04m1001/CVE-…

(ZDI-CAN-27661)[ksmbd]Send multiple session setup requests to ksmbd -> Preauh_HashValue race condition github.com/torvalds/linux… Reported by Nicholas Zubrisky (Nicholas Zubrisky)

Say hello to Eternal Tux🐧, a 0-click RCE exploit against the Linux kernel from KSMBD N-Days (CVE-2023-52440 & CVE-2023-4130) willsroot.io/2025/09/ksmbd-… Cheers to Pumpkin 🎃 for finding these CVEs + the OffensiveCon talk from gteissier & Quentin Minster Picavet for inspiration!

[ZDI-25-916|CVE-2025-38561] Linux Kernel ksmbd smb2_sess_setup Preauth_HashValue Race Condition Remote Code Execution Vulnerability (CVSS 8.5; Credit: Nicholas Zubrisky (Nicholas Zubrisky) of Trend Research) zerodayinitiative.com/advisories/ZDI…

[ZDI-25-981|CVE-2025-12488] oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability (CVSS 9.8; Credit: Nicholas Zubrisky (Nicholas Zubrisky) of Trend Micro Security Research) zerodayinitiative.com/advisories/ZDI…

[ZDI-25-982|CVE-2025-12487] oobabooga text-generation-webui trust_remote_code Reliance on Untrusted Inputs Remote Code Execution Vulnerability (CVSS 9.8; Credit: Nicholas Zubrisky (Nicholas Zubrisky) of Trend Micro Security Research) zerodayinitiative.com/advisories/ZDI…

I made a write up diffing and triggering a use after free vulnerability in AFD.sys that was fixed in this month’s patch Tuesday: bad-jubies.github.io/cve-2026-21241…