The Rust code behind the proof had memory safety bugs. We used this new attack surface to forge a proof that beats Google’s on every metric. Google patched it within days. Their quantum claims are unaffected. blog.trailofbits.com/2026/04/17/we-…

New exploit mitigation policy in the latest Canary build (ProcessBlockSmbNtlmPolicy? Not in the SDK, just what I'm calling it)! Like no child processes, managed via TokenFlags (not proc obj). Currently not used anywhere. Presumably flags are for block/audit/allow? I don't know!

Anthropic pays engineers $750,000+ a year to understand how LLMs work. Stanford just put a 2 hour lecture that covers 80% of it for FREE. Bookmark this. Give it 2 hours today. It might be the highest ROI thing you do this month:

Guru Rootkit, with valid Microsoft Windows Hardware Compatibility Publisher certificates, execute function pointers passed in by IOCTL IRPs from usermode

Finally, it is published 😁 Making Vulnerable Drivers Exploitable Without Hardware - my latest research on driver vulnerability hardware-gating, explaining the concept of hardware-dependent code and diving deep into creative deployment techniques - software-emulated phantom

I often need to explore Windows kernel crashdumps when I'm on Linux/macOS. WinDbg unfortunatelly doesn't work in Wine. So... I did a thing. It's multiplatform - doesn't depend on dbgeng.dll nor DIA. WinDbg-flavored. And it's fast. Really fast. github.com/vmi-rs/ephemera

There's an article (https://nefariousplan[.]com/posts/adobe-acrobat-cve-2026-34621-pdf-weaponizer/), as well as a script (https://github[.]com/NULL200OK/cve_2026_34621_advanced), claiming a "pop calc" style PoC for the Adobe Reader CVE-2026-34621 0day vulnerability. It looks

I've been building libghidra: a typed SDK for automating Ghidra from C++, Python, and Rust (mainly for AI agents). Decompile, rename, comment, inspect symbols/types/xrefs, save, close, and reopen projects from code. Treat Ghidra like infrastructure, not just a GUI. Under the

Just shipped an update to the WinDbg Decompile Extension via LLM. Decompilation is more accurate, large functions are handled better, the output language can follow your system or be fixed explicitly, and syntax highlighting inside WinDbg is now configurable.

LLMs have gotten good enough at reverse engineering to recover source code from obfuscated binaries with real accuracy. So we asked the obvious next question: how fast and cheap is it to use one to build obfuscation specifically designed to beat it? We benchmarked Claude Opus

Full research, benchmark methodology, scoring breakdown, and the obfuscation techniques that worked: go.es.io/3QSJGnI

IDA 9.3sp2 has been released. This update addresses... *reads notes* > idaclang: fixed an argument injection in CLANG_ARGV that could lead to arbitrary code execution when opening a malicious database oh

CVE-2026-33824: Remote Code Execution in Windows IKEv2 - the folks from TrendAI Research break down this wormable bug that was patched last week. The show root cause & offer detection guidance. Read the details as zerodayinitiative.com/blog/2026/4/22…

I checked and it's been 2 years since my last blog post??? So anyway, here's a quick blog post about KDP pool - the latest KDP feature that will replace the secure pool in future Windows versions: windows-internals.com/goodbye-secure…

Patch Diffing CVE-2026-21509 : Microsoft Office OLE Security Bypass blog.78researchlab.com/34cdb461-3e5b-…

Elemanın biri Dell bilgisayarlarında (şuan senin de bilgisayarında) Microsoft imzalı kernel driver'da Kuzey Kore Lazarus grubunun hunharca sömürdüğü ve tüm bilgisayar aktivitelerini takip ve kontrol ettikleri ciddi bir açık bulmuş, Dell'e bildirmiş. Dell de önce 'ya bu bize daha

So here is new local privilege escalation zero-day I discovered, not patched yet too :). In simple terms, if you have a service like RDP that exposes an RPC server, there many system services running as SYSTEM connect to it as RPC clients. If that service is turned off (RDP is

Lets write an 1-day Zero Click #exploit ! for CVE-2026-34159 llama.cpp and hack into #AI infrastructure ! blog post : pwntricks.com/ZeroClick-RCE-… exploit github.com/casp3r0x0/CVE-… #Cyber #Security #OSCP #ExploitDevelopment