CVE-2022-23253: MS Windows VPN denial of service vulnerability, discovered by i4mchr00t. No authentication required & affects all default configurations of Windows Server and Desktop VPN. labs.nettitude.com/blog/cve-2022-…

Very happy to say my first blog post is now live 👌 CVE-2022-23253 – Windows VPN Remote Kernel Null Pointer Dereference labs.nettitude.com/blog/cve-2022-…

Introducing SharpWSUS! SharpWSUS is a .NET exploitation tool by Phil K, which allows red teamers to laterally move via Windows updates. It builds on existing tools to allow easy use over C2 channels. labs.nettitude.com/blog/introduci…

CVE-2022-21972: Windows Server VPN - remote kernel use after free vulnerability, by i4mchr00t. This one has RCE potential. Patch just released on Patch Tuesday. Apply it now. labs.nettitude.com/blog/cve-2022-…

This ICSE'22 paper brings up a very important point in fuzzer evaluation --- the observation that spending more time in the more destructive, "havoc" mutation stage, can lead to higher observed coverage shadowmydx.github.io/papers/icse22-… 1/n

Remote kernel heap overflow in the PlayStation 5: hackerone.com/reports/1350653

Nice writeup, I also found and reported this bug

Today's write up is a deep dive into CVE-2022-23270, another remote Microsoft Windows VPN vulnerability, by i4mchr00t. Learn how to identify and trigger Use after Free vulnerabilities in production code! labs.nettitude.com/blog/cve-2022-…

CVE-2022-23253 - PPTP Null Pointer Dereference. Thanks i4mchr00t.

Decided to vent the pain of building my own windows kernel fuzzer through the creation of overly specific memes….

Check out the scrolling MVR list that played at the MSRC Black Hat party! Yuki Chen aloft Callum wtm Mohammad Deilamy (MDM) zhiniang peng bee13oy SinSinology p3rr0 RyeLv Kasif Dekel Quan Jin Ngo Wei Lin Mikhail Medvedev Ronen Shustin Yanir Tsarimi NEURON TEAM Dlive Dr. Nestori Syynimaa

I just released the source code of Paracosme: a zero-click remote memory corruption exploit I demonstrated at Pwn2Own 2022 Miami 🐛🐜🪲 github.com/0vercl0k/parac…

#OffensiveCon23 will take place on the 19th-20th of May 2023. Stay tuned for further updates!

Learn four of the most effective network relaying attacks against Windows domains. Defenders - learn how to mitigate against them! By Paul Finger. labs.nettitude.com/blog/network-r…

Just opened 8 bugs I found in Windows Credential Guard. Ranged from arbitrary code exec in VSM to Kerberos key disclosure attacks. Probably my favorite was abusing the NTLMv1 API to leak an AES128 key which is what I was cracking in the quoted tweet😁 bugs.chromium.org/p/project-zero…

Promised myself I would stop modifying my host kernel modules and instead run all my KVM hacks in a nested VM. Long story short after setting everything up I still need to modify my host KVM to make that possible 🙃