📄 You open a tax doc. 💻 Windows quietly loads malware. 🛑 Your AV dies. 💀 You’re owned. That’s how Winos 4.0 and HoldingHands RAT are spreading right now — using Windows’ own Task Scheduler against it. Details here ↓ thehackernews.com/2025/10/silver…

🚨CVE-2025-21420: Proof of Concept for Windows Disk Cleanup Tool EoP GitHub: github.com/moiz-2x/CVE-20…

A Story About Bypassing Air Canada's In-flight Network Restrictions ramsayleung.github.io/en/post/2025/a…

Coercing machine authentication on Windows 11 /2025 using the MS-PRN/PrinterBug DCERPC edition, since named pipes are no longer used. Kerberos fails in this case due to a bad SPN from the spooler, forcing NTLM fallback.

💥 0xMarcio/cve - Latest CVEs with their Proof of Concept exploits. Github: github.com/0xMarcio/cve author: 0xMarc

Cross Site Scripting (XSS) Akamai WAF Bypass try this payload : <!--><svg+onload=%27top[%2fal%2f%2esource%2b%2fert%2f%2esource](document.cookie)%27> Credit: NullSecurityX #BugBounty #XSS #bugbountytips #infosec

🚨PoC for SysAid PreAuth RCE Chain (CVE-2025-2775, CVE-2025-2776, CVE-2025-2777, CVE-2025-2778) GitHub: github.com/watchtowrlabs/… Write-up: labs.watchtowr.com/sysowned-your-…

Cross Site Scripting (XSS) Akamai WAF Bypass try this payload : <!--><svg+onload=%27top[%2fal%2f%2esource%2b%2fert%2f%2esource](document.cookie)%27> #BugBounty #XSS #bugbountytips

A new phishing technique dubbed 'CoPhish' weaponizes Microsoft Copilot Studio agents to deliver fraudulent OAuth consent requests via legitimate and trusted Microsoft domains. Microsoft told BleepingComputer they plan on fixing it in a future update. bleepingcomputer.com/news/security/…

A DNS takeover is not the same as a subdomain takeover.  DNS takeovers have become a popular but often misunderstood vulnerability.  In this blog, you will learn: ✅ The difference between a DNS and subdomain takeover: A subdomain takeover exploits a service a domain points

GoDefender: Anti Virtulization, Anti Debugging, AntiVM, Anti Virtual Machine, Anti Debug, Anti Sandboxie, Anti Sandbox, VM Detect package github.com/EvilBytecode/G… #BlueTeam

xbz0n@sh:~# Living Off the Land: Windows Post-Exploitation Without Tools xbz0n.sh/blog/living-of…

LLM red teaming promptfoo.dev/docs/red-team/

[BLOG] The latest Crystal Palace update solved a big issue I had with merging raw assembly into PIC. I cover the new linkfunc command and the updated addhook command. rastamouse.me/pic-symphony/

LibPicoManager - a unified PICO management framework designed as a Crystal Palace shared library for C2 implant development github.com/pard0p/LibPico…

Pushed a big update to Crystal Kit. github.com/rasta-mouse/Cr…

Malware development series - Learn the basics of DLL Injection. crow.rip/nest/mal/dev/i…

Google dorking is an effective recon method for discovering new hosts, paths & parameters! 🤠 Google Dorks for Bug Bounty is a list of the most common Google search queries to perform content discovery. It also comes with a tool to pre-fill your queries based on your target! 👀

Agent for AdaptixC2 containing lateral movement capabilities (WMI, SCM, WinRM, DCOM), bof/dotnet/shellocde in memory executions, postex modules with shellcode and bof with possibilities of fork executions (spawn/explicit) github.com/entropy-z/Khar…

Fridagate - hackpuntes.com/posts/fridagat…