In our latest MindShaRE blog, renorobert describes how to use Binary Ninja’s MLIL to establish a data flow graph by tracing interactions between a specific memory allocation in order to find UAF bugs. He includes source code so you can, too. zerodayinitiative.com/blog/2025/3/20…

I just published a blog post where I try to explain and demystify Kerberos relay attacks. I hope it’s a good and comprehensive starting point for anyone looking to learn more about this topic. ➡️decoder.cloud/2025/04/24/fro…

👇 github.com/ly4k/Certipy/d…

Outstanding! Nguyen Hoang Thach (Thach Nguyen Hoang 🇻🇳) of STARLabs SG used a single integer overflow to exploit #VMware ESXi - a first in #Pwn2Own history. He earns $150,000 and 15 Master of Pwn points. #P2OBerlin

💡 If you're on the OSEP journey or planning to take it soon, bookmark this repository, build your home lab, and start experimenting. 🔗github.com/beauknowstech/… Reference: LinkedIn

updated my ADCS cheatsheet seriotonctf.github.io/ADCS-Attacks-w…

Installing a SharePoint server is really annoying.

CVE-2025-21479 Meta Quest 3 privilege escalation Exploit poc - github.com/FreeXR/eureka_… #root #MobileSecurity #infosec #dfir

Recently updated Proof-of-Concepts github.com/0xMarcio/cve

We can exploit the #securityvulnerability of Windows Error Reporting to put EDRs and #antimalware into a coma-like state. By using the EDR-Freeze #redteam tool: Github: TwoSevenOneT/EDR-Freeze

S2 Grupo's intelligence team LAB52 reports a new Outlook backdoor, named NotDoor and attributed to APT28, that watches for specific trigger words and then exfiltrates data, uploads files, and executes commands on victim hosts. lab52.io/blog/analyzing…

🚨 New APT26 IOCs were just dropped by Chinese researchers at 360. Turns out they’re using a new RAT developed in Golang. MD5(Linux) e1b4572ea0780c963043819016f4c7a8 aff4b4f121aba5046f781fc6aafe8de2 10b7139952e3daae8f9d7ee407696ccf 311f9894297fb1624a2c99ac5c8d8abf

Small update on "printerbugnew:" added a description of how to exploit CVE-2025-54918: DCs running 2025 allow reflection RPC->LDAPS - from a standard user to DA before patch😃 github.com/decoder-it/pri…

GitHub - D4m0n/CVE-2025-50168-pwn2own-berlin-2025: CVE-2025-50168 Exploit PoC — Pwn2Own Berlin 2025 winning bug. - github.com/D4m0n/CVE-2025…

I found a new one click NTLM leakage vulnerability / technique from a browser. A web server can redirect a client to a ms-photos URI handler followed by a fileName parameter. If the parameter value is a UNC path instead of a local path, photos.exe will leak the client’s

New BOF to run native PE in the Cobalt Strike beacon without console allocation or pipe creation. Like BOF_Spawn, this BOF is malleable with proxy/spoof for LoadLibraryA, allocation methods (Heap, VirtualAlloc, Module Stomping) and some other tweaks :) github.com/NtDallas/BOF_R…

We suggest assigning such vulnerable templates the new ESC number 17 (ESC17) to help identify and mitigate these risks. You can read our blog post here: blog.digitrace.de/2026/01/using-… 2/2🧵

Extract data from modern Chrome versions, including refresh tokens, cookies, saved credentials, autofill data, browsing history, and bookmarks github.com/Maldev-Academy…

Confirmed! Mia Miku Deutsch (Mia) exploited a stack-based buffer overflow against the Alpine iLX‑F511, earning $10,000 USD and 2 Master of Pwn points. #Pwn2Own #P2OAuto

At #Pwn2Own Berlin 2025, a full exploit chain against VMware Workstation was demonstrated via a heap overflow in the PVSCSI controller. Despite Windows 11 LFH mitigations, advanced heap shaping and side-channel techniques enabled a reliable exploit. 🔍 Full technical write-up 👇