Linux CR Pinning was meant to stop old SMEP/SMAP bypass tricks, but this research shows a clever two-shot path back: abuse the tiny CR4 write gap with KProbes, register a handler, and execute kernel shellcode before fixup.
NGINX Rift: The 18-Year-Old Rewrite Bug That Turned a Single HTTP Request into Potential RCE
NGINX Rift is a heap overflow in the rewrite module that may crash workers or enable RCE under specific configs. Public PoC exists, so patching and config audits are urgent.
HWMonitor Trojanized to Deliver Multi-Stage STX RAT via DLL Sideloading
A trojanized HWMonitor archive abuses DLL sideloading with malicious CRYPTBASE.dll to launch multi-stage in-memory loaders and deploy STX RAT.
DLL Sideloading & Proxying for Advance Red Team Engagements
A practical look at DLL sideloading and proxying: how attackers abuse trusted Windows executables to load malicious DLLs while keeping the app running normally.
From API Key to Server Takeover: How LiteLLM 1.83.14 Chained Secret Leakage and Jinja2 SSTI into RCE
A LiteLLM 1.83.14 exploit chain leaks the master key through callback metadata, then abuses non-sandboxed Jinja2 GitLab prompts to achieve server-side RCE.
One Newline to Own Exim: How a Tiny TLS/BDAT Use-After-Free Became Unauthenticated RCE
A deep dive into CVE-2026-45185: an unauthenticated Exim RCE where one stale TLS/BDAT ungetc() byte corrupts freed memory and leads to exploitation.
No More Hardcoded Kernel Offsets: Turning Microsoft PDB Symbols into a Runtime BYOVD Superpower
A Windows kernel research technique that uses Microsoft PDB symbols to resolve offsets dynamically, avoiding hardcoded values and manual WinDBG work across builds.
Building a DIY EDR from Scratch: Windows Kernel Callbacks, User-Mode Hooks, and Shellcode Injection Detection
A hands-on guide to building a basic Windows EDR with a kernel driver, callbacks, static analysis, DLL injection, and hooks to detect remote shellcode injection.
Process Injection Without the Usual Red Flags: Abusing Windows Primitives to Outsmart Classic EDR Telemetry
A Windows injection technique that builds remote read/write/allocation primitives with limited process rights, reducing classic RPM/WPM telemetry and noisy access flags.