Releasing SILVERPICK, a Windows shellcode development framework using C/C++. github.com/winterknife/SI…

Exploiting Reversing (ER) series: article 09 | Exploitation Techniques: CVE-2024-30085 (part 03) Today I am releasing the nineth article in the Exploiting Reversing Series (ERS). In “Exploitation Techniques | CVE-2024-30085 (Part 09)” I provide a 106-page deep dive and a

GrapheneOS is immune to the Copy Fail vulnerability due to the deep integration of SELinux in the Android Open Source Project (AOSP). AOSP only permits using specific types of sockets throughout the OS. It only permits the dumpstate process used to create bug report zips to

malware moves in silence OR 𝙳𝙴𝙱𝚄𝙶("𝚟𝚒օ𝚕𝚎𝚗𝚌𝚎").

> new cpanel cve thingie > proof of concept released > neat > check on internet degenerates > tons of united states gov thingies compromised > tax places compromised > another day of internet schizophrenia

This is some really nice work. A deep dive into what legitimate Windows network traffic looks like and how Impacket differs. Lots of goodness for both red and blue. Nice job Abdul Mhanni!

I've released Puzzle, a research project on deploying malware in monitored environments by abusing Windows minifilters functionality. It includes several utilities and PoCs to interact with minifilters and explore static and runtime analysis evasion 👐 github.com/Kudaes/Puzzle

This week in cybersecurity: - cPanel auth bypass - CopyFail linux privesc - 89 vulnerabilities in XAPI / Citrix XenServer: shittrix.moksha.dk - 17 vulnerabilities in Omi: kasparovabi.github.io/security-resea… - Thousands of vibe coded apps have their DBs publicly readable:

Bypass NX on ARM64 and execute your shellcode using mprotect(). Check out the full blog here: 8ksec.io/arm64-reversin… Follow 8kSec for more practical security content

Microsoft Edge loads all your saved passwords into memory in cleartext — even when you’re not using them.

Here's the thing no one wants to tell you about AI: 1. It's the worlds largest Python script 2. It runs on Linux, Windows Defender slows it down 3. It uses lots of numbers (nobody knows why) 4. It requires a bunch of GPUs (for gaming) 5. No, you can't have sex with it

Windows 11 24H2 LPE vulnerability (CVE-2026-21250) → Local privilege escalation → Potential SYSTEM access Exploit PoC is public 👇 exploit-db.com/exploits/52546 Patch or mitigate ASAP. #CyberSecurity #Infosec #Pentesting

Google paid us $57,000 for two bugs in Chrome. We’re not doing this for the bounty, but it’s always fun to get rewarded. These bugs were found using nothing fancier than a $20/month AI subscription. If you’re curious, come check out our talk at the Real World AI Security

Finding Zero-Days With Any Model Blog: provos.org/p/finding-zero… Author: Niels Provos

I've got a really silly idea for malware. Windows 11 now have Windows.Graphics from the Windows Runtime API. You can use it for taking screenshots. It's supposed to be better than the native WINAPI method because something about GPU rendering stuff, I don't know, I can't

Fuzzing to Zero-Day: Pwning V8CTF With TurboFan Type Confusion, CVE-2025-2135 - Zellic zellic.io/blog/pwning-v8…

The initial proof-of-concept was released in C-sharp. Using this method to dump credentials is iffy because it requires administrative access and some security access tokens which can raise some flags. First, Edge is Chromium based. This is a Chromium thing but (if my memory

GitHub is for nerds. Share your code as a text file on some shitty HTML site. It's what God would want