A cool privilege escalation hunt for linux hosts. 🚀 Link: docs.velociraptor.app/exchange/artif… Reference: dfir.ch/posts/linux_ca… Since Linux 2.6.24, setcap can attach fine-grained privilege bits to executables, letting them perform the specific privileged actions they require instead of

every single thing that people in the exploit business tell you about the importance of ethics and their vetting of customers is a lie because they can’t even keep their tools to themselves

Just noticed a defensive patch, most likely a direct result of this kCTF exploit: git.kernel.org/pub/scm/linux/… Makes this vulnerability completely unexploitable at least😅

LINE CTF 2025 Writeups blog.hamayanhamayan.com/entry/2025/10/…

On top of this, central banks are stocking up on gold while disregarding technicals. On October 13th, gold posted its highest monthly RSI reading in HISTORY, at 91.8. Physical gold demand this year has proven that buyers are ignoring technicals. We don't see this changing.

Released my write for gaining a fundamental understanding of the Windows _SECURITY_DESCRIPTOR structure. I then created a custom Windows Kernel shellcode stub to perform process injection for privilege escalation which is also implemented in Sickle :P wetw0rk.github.io/posts/understa…

“Russia is lying to everyone that it’s winning,” said Zelensky “But that’s not true. They’ve lost more than a million people — 1.3 million, yes. And their economy is collapsing.”

CVE-2025-59287 - 9.8, WSUS Remote Code Execution Write-up and PoC hawktrace.com/blog/CVE-2025-…

🇷🇺 losses in 🇺🇦

X64 Syscall Shellcode via ASM I wrote it for ekoparty2025_challenge. So its also a writeUp for BinaryGecko Reach the blog at the link below -> enessakircolak.netlify.app/posts/2025/sys… #Shellcode #Assembly #Windows #binarygecko #exploit #reverseengineering #microsoft #x64

rolled out a bof for getting the dpapi_system key used by mimikatz /system: when ingesting master keys. If that's something you need it's live at github.com/trustedsec/CS-…

Just why?

Driver Reverse Engineering 101 eversinc33.com/posts/driver-r…

"I don't understand how we got ransomwared! We never saw anything in our consoles, there were no alerts, nothing that would make us think that this was happening! The consoles:

We are pleased to confirm that the Auth Bypass bug in Apache Brooklyn Server reported by our co-worker Jiantao Li has been successfully patched by the Apache team Fix details: github.com/apache/brookly… Great work to the Apache Brooklyn team for their prompt response.

ISC released urgent patches for three BIND 9 flaws. Two cache poisoning bugs (CVE-2025-40780/40778) allow remote DNS spoofing on resolvers by predicting query IDs or injecting forged records. #BIND9 #DNSSecurity #CachePoisoning #PatchNow securityonline.info/isc-patches-mu…

I put a camera on my cat's collar and found out that he has six different girlfriends

🔥 NOW: BlackRock spot Ethereum ETF bought 28,600 $ETH worth $110.7M on Oct. 22.

you'll know more about malware than any analyst you know

Signal The Iranian gov has recently started blocking Signal activation SMS sent to people during signup. It would be crucial and very helpful to have an alternative verification available beside SMS. Voice calls perhaps?