H2C Smuggling is a seriously cool HTTP/2 attack technique. It won't directly feature in my upcoming presentation, but you should still check it out: labs.bishopfox.com/tech-blog/h2c-… blog.assetnote.io/2021/03/18/h2c…

🚨 New advisory was just published! 🚨 A vulnerability exists in processing IRP_MJ_CREATE requests in driver clfs.sys which could lead to privilege escalation: ssd-disclosure.com/ssd-advisory-w…

APK Url Grep When gathering information about a company, it is worth researching not only its website, but also its mobile apps (to find subdomains of the main website and potentially related websites). github.com/ndelphit/apkur… Creator Giuseppe Attardi #go

reconFTW v2.9 is released! New features: - API leaks - 3rd party misconfigurations - JS source maps - IIS Shortnames - Mindmap updated - p1radup added - Nuclei fuzzing As always, a ton of fixes and improvements :) github.com/six2dez/reconf… #reconftw #bugbounty #hacking #recon

First CTF challenge in a few months (Akasec), featuring a recent arbitrary code execution vuln in PDF.js (CVE-2024-4367) 👀 youtu.be/XrSOaHoeJCo

[CVE-2024-26229] Windows #LPE (PoC) CWE-781: Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code in the csc.sys driver github.com/varwara/CVE-20…

CVE-2024-29824 Deep Dive: Ivanti EPM SQL Injection Remote Code Execution Vulnerability horizon3.ai/attack-researc…

How you can hide #payload in .text section to help in evading #EDRs - explained by Moritz L. Thomas at #x33fcon

#يوم_عرفة 🤍 صيامه يكفر سنتين السنة الماضية والسنة القادمة فلا تنشغل عن هذا اليوم وأكثر من قول لا إله إلا الله وحده لا شريك له له الملك وله الحمد وهو على كل شيء قدير كن سبب في تذكير غيرك فالدال على الخير كفاعله

You can find my slides for "Offensive VBA" talk here github.com/X-C3LL/congres…

How to Achieve Eternal Persistence Part 1 huntandhackett.com/blog/how-to-ac… Part 2: huntandhackett.com/blog/how-to-ac… Part 3: huntandhackett.com/blog/how-to-ac…

23 new Windows endpoint behavior detections/protections added - covering a variety of TTPs (including #grimresource shellghost and more) github.com/elastic/protec…

CPython internals: A ten-hour codewalk through the Python interpreter source code. This is some really nice C code. youtube.com/playlist?list=…

How Ph1R3574R73r won the Defcon Generative Red Team 2 Competition! 🚀 He dives into the tools, tactics, and takeaways from the event. 💀We hacked together for 48 hours straight💀 Fun read! AI Village @ DEF CON Ai2 @AISafetyInst bugcrowd dreadnode Google AI

POV building an AI startup

New CS Blog - Revisiting the UDRL Part 3: cobaltstrike.com/blog/revisitin… If you like the idea of loading a custom c2 channel in your UDRL then this blog may be of interest 👀

Creating a new kernel object type part 3: scorpiosoftware.net/2024/09/05/let…

Microsoft just released the patch for CVE-2025-33073, a critical vulnerability allowing a standard user to remotely compromise any machine with SMB signing not enforced! Checkout the details in the blogpost by Guillaume André and Wil. synacktiv.com/publications/n…

101 Chrome Exploitation — Part 1: Architecture We have published a new article on Chrome exploitation where the author describes the browser's architecture and its core components (Blink rendering engine, V8 JavaScript engine, network stack) and offers an exercise of adding a

Eternal-Tux: Crafting a Linux Kernel KSMBD 0-Click RCE Exploit from N-Days William Liu Crusaders of Rust posted an article about exploiting a slab object overflow (CVE-2023-52440) and remote infoleak (CVE-2023-4130) in the kernel SMB3 daemon to gain RCE willsroot.io/2025/09/ksmbd-…