Today I am happy to release a new blog post about Pointer Authentication (PAC) on Windows ARM64! This post takes a look at the Windows implementation of PAC in both user-mode and kernel-mode. I must say, I have REALLY been enjoying Windows on ARM!! preludesecurity.com/blog/windows-a…

Latest ≠ Greatest? A Retrospective Analysis of CVE-2025-59287 in Microsoft WSUS from our very own Markus Wulftange who loves converting n-days to 0-days code-white.com/blog/wsus-cve-…

New research from John U: a clean loader-lock escape using the PEB's PostProcessInitRoutine. Read the analysis and PoC code 📃 preludesecurity.com/blog/escaping-…

The KB5067036 update is now available on Windows 11 computers running 24H2 &25H2 and includes the Administrator Protection feature. This feature leverages Windows Hello (PIN or biometric) for administrator actions and uses a temporary token which is destroyed after use. This

My first blog!!!!! rohannk.com/posts/Code-in-…

It’s time to publish the blog post about the bug that won at P2O Berlin 2025. Enjoy! With this post, I mark my last moment as a researcher at Out of Bounds. I’m moving on to a new place for a fresh start.🔥🦎 oobs.io/posts/four-byt…

🚨 We uncovered #security #vulnerabilities in #Windows graphics. #CVE-2025-30388 and CVE-2025-53766 are #BufferOverflows enabling #RemoteCodeExecution. CVE-2025-47984 leaks memory over the network due to an incomplete fix. 👇research.checkpoint.com/2025/drawn-to-…

Whatever the fuck is going on with this repo

Many tradeoffs exist in managing the flow of offensive cyber capabilities. Winnona 💾, James Shires, JD Work, Michele Campobasso, et al. Dive into Access-as-a-Service markets and how it shapes these transactions in atlanticcouncil.org/in-depth-resea…

First blogpost in a while, check it out! PoC is a Crystal Palace shared library, format inspired by Rasta Mouse's LibTP x.com/AlmondOffSec/s…

If you wanted to show a party trick to your friend or just leak kernel addresses via admin privileges you can use this repository: github.com/Idov31/EtwLeak… Since it can only leak addresses and only using administrative privileges, it isn't breaking a security boundary. 1/3

Unit 42 uncovered LANDFALL, previously unknown Android spyware that exploited a zero-day vulnerability CVE-2025-21042 in Samsung Android’s image processing library. This is the first public analysis of the campaign and the implant. Read more: bit.ly/47rwbS0

During my research into COM/DCOM I stumbled upon a vulnerability that deletes the Boot Configuration Data (BCD) in the registry as low privileged user. For this vulnerability CVE-2025-59253 was assigned by Microsoft. warpnet.nl/blog/deleting-…

I wanted to understand what information is available in .pdb files, so I made a tool for it 🔎🪲 Welcome DiaSymbolView - a debug symbol hierarchy and properties viewer based on MSDIA: github.com/diversenok/Dia…

Publishing github.com/SAERXCIT/LibTP…! It's a generalisation of LibTPLoadLib to proxy APIs with an arbitrary number of args. Provided as a Crystal Palace shared library. API made compatible with Rasta Mouse 's LibTP. Hooks are provided to show off the newest Crystal Palace features

Black Hat published my talk on reverse engineering Qualcomm Hexagon hardware debugging magic, with an introduction by bunnie: youtube.com/watch?v=pGyeWf… @blackhatevents Apple uses Snapdragon chips for cellular modem in 16-17 (again), I'm an iPhone baseband security

⌛ It's been a while since I published a "real" blog, hope you enjoy it! 👉 cloud.google.com/blog/topics/th… This was part of the material we delivered at our DEFCON33 workshop too :)

New on the blog: Michael Barclay revives registry-based tradecraft using a telemetry gap in the hive restoration process. The blog also includes PoC code and detection guidance. 📃 preludesecurity.com/blog/rehabilit…

Trellix: The Evolution of Russian Physical-Cyber Espionage | Moscow’s intelligence services continue to rely on close access operations that blur the line between cyber and physical espionage. trellix.com/blogs/research… Trellix

Releasing SILVERPICK, a Windows shellcode development framework using C/C++. github.com/winterknife/SI…