BitLocker20 GreatXML: Bypassing BitLocker on Windows 11 via a Recovery-Partition unattend.xml
GreatXML is a one-file BitLocker bypass against Windows 11 24H2. Drop an attacker-controlled unattend.xml and ReAgent.xml into the root of the recovery…
BitLocker20 GreatXML is a one-file BitLocker bypass against Windows 11 24H2. Drop an attacker-controlled unattend.xml and ReAgent.xml into the root of the recovery…
kernel16 A defender-side surface map of Windows kernel/user-mode covert channels — mailslots and ALPC, firmware-table providers and WNF, dispatch tables and writable .data…
Exploit Development9 zer0matt's Milan0day 2026 talk walks through a clean BYOVD chain: ThrottleStop.sys (CVE-2025-7771) gives arbitrary physical-memory R/W via MmMapIoSpace, used to inline-patch NtAddAtom…
Red Team Operations3 Walkthrough of an initial-access chain that ships a signed Microsoft binary (wab.exe / Windows Address Book) and a hidden CRYPTDLG.dll proxy in…
Defender6 Microsoft Defender now audits inbound remote RPC calls at OpNum-level granularity through a Windows Filtering Platform integration, surfacing telemetry in Advanced Hunting…
Exploit Development8 A missing bounds check in binutils' FR30 relocation handler lets a single crafted object file turn objdump -g into a one-shot exploit…
EDR Evasion8 BusyWork is a Rust library that swaps every sleep() call for a randomized cocktail of real work across seven categories — compute,…
Red Team Operations8 Cobalt Strike 4.13 ships a new BEACON_INLINE_EXECUTE Aggressor hook that lets operators rewrite Beacon Object File bytes on the fly. Combined with…
kernel9 Walk-through of Lukas Maar’s page-level use-after-free in the Linux kernel’s QAIC (Qualcomm AI Accelerator) DRM driver: the missing VMA boundary check in…
Hardware6 A BadUSB-ETH device can silently create a rogue network interface on locked PCs, capture NetNTLM hashes, expose real-time logs over Wi-Fi, and…
Red Team Operations1 Walk-through of Xyrem's reversing.info analysis of Valorant’s Vanguard Guarded Regions: how Vanguard hides game state behind a private "shadow" PML4 entry that’s…
Red Team Operations5 Walk-through of Jack Halon's "Utilizing Syscalls in C# — Part 2" post: building a direct-syscall NtCreateFile PoC in C# .NET 3.5, extracting…