drone detection with mesh-detect, uconsole, and mesh mapper api. remoteid alerting over mesh and real-time mapping. colonelpanic.tech

Brutal but true 💀

CVE-2025-55182: RSC RCE Full Unicode encoding can bypass certain WAFs that lack proper decoding or normalization capabilities. Please verify this on your end. #BugBounty Google HackerOne

New Evil-WinRM version (3.8). Awesome work of Luis Vacas de Santos and others involved. Thanks to all who contributed. Cool changes including Kerberos stuff and more! Ruby gem is available now "gem install evil-winrm" to update it as always.😈 github.com/Hackplayers/ev… #evilwinrm #hacking

During my research on CVE-2025-55182 and CVE-2025-66478. I managed to find 4 instances to be vulnerable. The thing that helped me most: Research link - slcyber.io/research-cente… Assetnote Checker - github.com/assetnote/reac… If you want to increase impact - github.com/zack0x01/CVE-2…

PrivKit is now in its best version! Built by Red Team beasts, for Red Teamers! Huge shoutout to NCV for completely overhauling PrivKit and turning it into a far more polished, battle-ready tool. github.com/mertdas/PrivKit

Yesterday I shared my proof-of-concept on disabling Bitlocker using undocumented COM objects. Albacore ☁️ decided to implement my code in C#.NET C: pastebin.com/raw/knQNbG4U C#: pastebin.com/raw/JhtcWPSM Behold the pain of C/C++ WINAPI vs. C#.NET.

Weird Al doing an actual cover and not a parody... And it's "killing in the name of" rage against the machine. I knew he was a good guy

from a good friend at the stripe offices in sf

As promised my second writeup is live now. From Default IIS Page to Critical SQL Injection: medium.com/p/from-default… #BugBounty #hackerone #idor #sqlinjection #bugbountytip #xss #injection

Packing the essentials for London Malware Village

For BreakFast you need a machine key. You can dump as described in the documentation (secretsdump, mimikatz) or with netexec smb --lsa. Supported encryption types from deepwiki.com/monsieurPale/B… If you are interested in attacking Kerberos FAST I can recommend this blog post (also

UPDATE !! 🚧 WAFs blocking your payloads? Not anymore. 🚀 NextRce v2.2 is out! Now featuring a specialized UTF-16LE Encoding Engine to bypass WAF signatures while exploiting CVE-2025-55182. 👻 The "Ghost Mode" encodes malicious JSON payloads to evade filters, but the Next.js

OPEN DRONE DETECTION - Open Acoustic CUAS Acoustic-Drones-Detection by orcohen9826 github.com/orcohen9826/Ac… I see too little material & here too we've pushed enough I'd say... #Jammer #Jamming #Spoofer #Spoofing #EW #ElectronicWarfar #Audio #Sound #Acoustic #TDoA #AoA #DoA

CVE-2025-59501 - POC that abuses SCCM's AdminService API when Entra ID integration is enabled to elevate to Full Administrator and takeover an SCCM hierarchy. - Garrett github.com/garrettfoster1…

New fav persistence method which works on Win11 25H2: Set the default key's value of HKCU\Software\Classes\CLSID\{18907f3b-9afb-4f87-b764-f9a4e16a21b8}\InprocServer32 to point to a malicious DLL and get shells from multiple programs even before a user logs in.

Find Malware Village on the Mezanine level at BSides London!

Big #Bugbountytip / #bugbountytips Google Services Hunting Google services are amazing, and for bug hunters, it's amazing as well. In some cases, you can get some P1-P2-P3 from these services, such as Workspaces / Sheets / Groups / Drives / Etc... In groups: you can access

Pretty far and pretty fast 🙂 We can't talk about numbers publicly, for obvious reasons, just know that we wake up everyday eager to make our gun a little more lethal than yesterday.

Stocking stuffers for the whole family!