🚨🚨DO NOT PANIC! I'm publishing my detailed analysis of CVE-2024-29855 which targets Veeam Recovery Orchestrator Authentication 🩸, this has a score of CVSS 9 🪲, but IMHO its not as severe, however, I like the technical details of it, so here we go 🔥 summoning.team/blog/veeam-rec…

Iconv, set the charset to RCE (part 2): Charles Fol exploits direct iconv() calls to hack the PHP engine, and its most popular webmail, @Roundcube (CVE-2024-2961). ambionics.io/blog/iconv-cve…

You can find my slides for "Offensive VBA" talk here github.com/X-C3LL/congres…

Added to Amsi Bypass Powershell! :-) Plus another one from cybersectroll, wich uses reflection to update the ScanContent method with a self defined function. github.com/S3cur3Th1sSh1t…

Here is my new blog post: MongoDB NoSQL Injection with Aggregation Pipelines soroush.me/blog/2024/06/m… Hopefully this will be useful to someone. #Appsec #NoSQLi #BugBounty

No te pierdas esta entrevista con X-C3LL durante la EuskalHack Security Congress VII y descubre más sobre las macros y cómo se han convertido en una de las herramientas de compromiso más comunes de los últimos tiempos #CiberTxoko EuskaDigital > youtu.be/YumLoyCrXK8

I will be presenting a technical talk at SANS HackFest 2024 along with 5h4d0w_hun73r Special thanks to Stephen Sims and Dr. Ch33r10 🙏😇

Awesome 😍🫡

During an assessment, I observed AD CS ESC15 vulnerable instance but faced some challenges during its exploitation. To perform ESC15 vulnerable template exploitation manually, I have written a blog post: mannulinux.org/2025/02/Curiou… Special thanks to Dominic Chell 👻 sir for his guidance 🙏

I've always heard that the open-source community is magical, so I’ve decided to open-source Vajra—a Burp Suite-like tool, but completely free! 🚀 I'm aiming for Vajra to be what Ghidra is to IDA—a powerful, free alternative to Burp Suite. github.com/axomsec/Vajra #CyberSecurity

Just released a new video: "Fixing DVWA Setup Issues". I've tried to cover the most common problems people have when first installing DVWA. youtube.com/watch?v=C-kig5…

Bypass AMSI in 2025, my newest blog post is published 🥳! A review on what changed over the last years and what's still efficient today. en.r-tec.net/r-tec-blog-byp…

This cropped up recently for me and hopefully save someone some time... If you're exploiting ADCS and get a KDC_ERR_CERTIFICATE_MISMATCH error, this is down to strong mapping enforcement. Just supply the SID + UPN during your cert request and gtg as normal

This ended up being a great applied research project with Dylan Tran on weaponizing a technique for fileless DCOM lateral movement based on the original work of James Forshaw. Excellent work, Dylan! - Blog: ibm.com/think/news/fil… - PoC: github.com/xforcered/Fors…

When you found ExecuteDCOM permissions e.G. in BloodHound on a server system your options are limited because most code execution CLSID's are only available on client systems or their permissions still don't allow Distributed DCOM Users to invoke them. #Pentest #RedTeam

DVWA just got a dark mode, thanks to github.com/eoto88

You have got a valid NTLM relay but SMB and LDAP are signed, LDAPS has got Channel Binding and ESC8 is not available... What about WinRMS ? :D Blogpost: sensepost.com/blog/2025/is-t… Tool: github.com/fortra/impacke… And also, big thanks to jmk (Joe Mondloch) for the collab' :D!

Pretty cool! If you use the tool with a public client and scope from entrascopes.com you can add this to roadtx interactiveauth with the -url parameter to catch the resulting token 😀

Today MSRC fixed two vulnerabilities I reported a couple months ago. EoP in Windows Update service (affects only windows 11/10 with at least 2 drives) msrc.microsoft.com/update-guide/v… EoP in Microsoft PC Manager msrc.microsoft.com/update-guide/v… PoC for CVE-2025-48799: github.com/Wh04m1001/CVE-…

I have launched YSoNet (ysonet.net) and added #SharePoint CVE-2025-49704 payload generator to it as the first thing. Here is how this can work: Running command: ``` ysonet.exe -p sharepoint --cve=CVE-2025-49704 -var 1 -c "calc" ``` Running C# code: ``` ysonet.exe