More exiting Azure research out of NetSPI this week, monoxgas found a deserialization issue on the Azure Service Bus (Relay) service that gave us remote code execution on Microsoft servers - netspi.com/blog/technical…

Sometimes simple is best. See how Sideway exploited a 9-year-old Linux kernel bug at #Pwn2Own Vancouver 2023! synacktiv.com/publications/o…

I wrote a detailed analysis of the recent Winrar vulnerability cve-2023-38831. For those who don't exactly what happen. This vuln has two sides: one is a programming mistake and another is a problem (or a feature :D) in ShellExecuteExW. #vulnerability aleeamini.com/cve-2023-38831…

CVE-2023-3389 - LinkedPoll Querijn Voet Qyn published an article about exploiting a race condition causing a use-after-free in the io_uring subsystem qyn.app/posts/CVE-2023…

learn.microsoft.com/en-us/windows-… This is a great article, even for non super-technical audience :-) Happy New Year folks!

Another MapUrlToZone vuln (CVE-2024-20652) that can be used to bypass Outlook's CVE-2023-23397 mitigation. James foresaw ;) this vulnerability in his blog post from 2016 googleprojectzero.blogspot.com/2016/02/the-de… The vulnerable path is \\;LanmanRedirector\akamai.com\..\abc James Forshaw

The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2023! portswigger.net/research/top-1…

''GitHub - S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet: A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.'' #infosec #pentest #redteam #blueteam github.com/S1ckB0y1337/Ac…

We are proud to finally share some great research by Arnau Ortega on a 1-click #Azure tenant takeover attack. You can read all about it in our latest blog post. It explains how we could take over any Azure tenant; just by clicking one legitimate link 😨 falconforce.nl/arbitrary-1-cl…

here are the slides for my typhooncon talk on finding bugs in the linux kernel (minus gifs 😩) github.com/sam4k/talk-sli…

I spent some time discussing several cases I reported recently with MSRC. I know logical-based vulnerabilities are a little hard to understand at first, especially when the tricks are not yet exposed, particularly the impact. In comparison, memory corruption is more intuitive.😂

✍️ Ancient Monkey: Pwning a 17-Year-Old Version of SpiderMonkey by pspaul blog.pspaul.de/posts/ancient-…

Microsoft Exchange checklist by Panos Gkatziroulis 🦄 github.com/netbiosX/Check…

✍️ Debugging the Windows Hypervisor: Inspecting SK Calls by Dor dor00tkit.github.io/Dor00tkit/post…

I published a post describing the exploitation process for CVE-2024-38193, a use-after-free vulnerability in the afd.sys Windows driver. Hope you enjoy it! :) blog.exodusintel.com/2024/12/02/win…

We would love to see submissions from anyone. Time is running out. Don’t let the ticket to RE//verse go to waste. For those who are stuck at the exploitation part, the picture we showed previously and this article will help a bit github.com/vp777/Windows-…

[$55000](CVE-2024-8904)[365376497][wasm][jspi] 😅Add regression test chromium.googlesource.com/v8/v8/+/208862…