I wrote a fun, little blog post. Remote pre-auth file deletion in SolarWinds ARM allowed to achieve LPE on AD machines 🙃

#CVE-2024-49194 Databricks JDBC Driver via JAAS, Make JDBC Attack Great Again!! I’ve included the link to my write-up below. Enjoy!! blog.pyn3rd.com/2024/12/13/Dat…

I'm happy to announce that I have recently joined watchTowr as a Principal Vulnerability Researcher. The break is over, it's time to do some new research 🫡

We are back at offensivecon again this year. Tickets for our flagship training Hunting Zero-Days in Embedded Devices is on sale now. 12-15.05.2025 Berlin, Germany Don’t wait too long, last time it was sold out really fast. offensivecon.org/trainings/2025…

Last year, I committed to uncovering critical vulnerabilities in Maven repositories. Now it’s time to share the findings: RCE in Sonatype Nexus, Cache Poisoning in JFrog Artifactory, and more! Read it all below 🧵

Two new posts from James Forshaw today: googleprojectzero.blogspot.com/2025/01/window… on reviving a memory trapping primitive from his 2021 post. googleprojectzero.blogspot.com/2025/01/window… where he shares a bug class and demonstrates how you can get a COM object trapped in a more privileged process. Happy Reading! 📚

Announcing #Pwn2Own Berlin! We're moving our enterprise-focused event to offensivecon and introducing an AI category. More than $1,000,000 in cash & prizes (Incl. a Tesla) are available to win. Check out the details at zerodayinitiative.com/blog/2025/2/24…

My first watchTowr post is out! It was my first take on a CMS solution and I was able to get some interesting pre-auth RCE chains on Kentico Xperience. 😎

You might have noticed that the recent SAML writeups omit some crucial details. In "SAML roulette: the hacker always wins", we share everything you need to know for a complete unauthenticated exploit on ruby-saml, using GitLab as a case-study. portswigger.net/research/saml-…

After many hours of development my Smalidea fork supports: - parameters and variables with type information - conditional breakpoints - change parameters and variables via "expression" or "setValue". Quite happy with the results 😀

2025 agenda is out! offensivecon.org/agenda/2025.ht…

Arrived in Berlin for offensivecon . Don’t be shy and say hi! Looking forward to meet old and new friends👍

Amazing talk from our browser wizards John rac !!! 🪄🪄🪄

Continuing the series of "chase my idols for a selfie", look who's here! The legends Matthias (Matthias Kaiser) and Sam (Sam Thomas), but we are missing Piotr Bazydło and ϻг_ϻε to have a full chain,we miss you guys!

"Advanced .NET Exploitation" June edition at REcon is confirmed! We've hit 10 registered students, so the class is happening for sure. If you’ve been thinking about joining, there’s 5 more space to learn some deserialization Magic! summoning.team