Cryptography6 Factoring “Short-Sleeve” RSA Keys with Polynomials
Trail of Bits and the badkeys project found hundreds of RSA and DSA keys in the wild whose moduli have regularly spaced…
Cryptography6 Trail of Bits and the badkeys project found hundreds of RSA and DSA keys in the wild whose moduli have regularly spaced…
Exploit Development24 CVE-2026-40369 is an unprivileged arbitrary 12-byte kernel write in nt!ExpGetProcessInformation, reachable from Chrome/Edge/Firefox renderer sandboxes via NtQuerySystemInformation. A walk through the unchecked…
Exploit Development12 A SYSTEM shell is the top of the user-mode pile, but it is not the kernel. This walkthrough of Windows HVCI in…
Exploit Development13 Part 2 of NCC Group's CVE-2018-8611 series by Aaron Adams: a full walk-through of the Kernel Transaction Manager patch, including how to…
Exploit Development14 CVE-2018-8611 is a race-condition LPE in the Windows Kernel Transaction Manager (KTM), originally caught in the wild by Kaspersky’s AEP in October…
EDR Evasion5 cocomelonc’s tabby is a tiny teaching framework for writing position-independent Windows x64 shellcode in C, with indirect NT syscalls and no IAT,…
AI Security Research3 CuSafe is a GPU memory sanitizer for off-the-shelf NVIDIA hardware. It combines pointer tagging with in-band buffer bounds via an LLVM 21…
Exploit Development13 CVE-2024-1065 is a physical-page use-after-free in the ARM Mali GPU kernel driver. Because the freed page lands in MIGRATE_MOVABLE, Dirty Pagetable and…
Active Directory15 A walkthrough of a classic-but-still-effective Active Directory attack: how write access to an SMB share — plus a single .lnk file —…
EDR Evasion3 Praetorian’s Centurion is a virtualized loader built around a custom x86-64-inspired ISA and freestanding C runtime, where the PE loader, TLS stack…
buffer overflow10 When a Windows stack overflow gives you ~250 bytes of crash-buffer space but a useful Meterpreter payload is 400+ bytes, the answer…
Exploit Development12 CVE-2021-1732 is a Win32k local privilege escalation in win32kfull.sys. By flipping the 0x800 bit on tagWND with NtUserConsoleControl and returning a fake…