Hardware10 Social Engineering: Attacking Networks with a BadUSB-ETH, Part 2
A BadUSB-ETH device can silently create a rogue network interface on locked PCs, capture NetNTLM hashes, expose real-time logs over Wi-Fi, and…
Hardware10 A BadUSB-ETH device can silently create a rogue network interface on locked PCs, capture NetNTLM hashes, expose real-time logs over Wi-Fi, and…
Red Team Operations3 Walk-through of Xyrem's reversing.info analysis of Valorant’s Vanguard Guarded Regions: how Vanguard hides game state behind a private "shadow" PML4 entry that’s…
Red Team Operations6 Walk-through of Jack Halon's "Utilizing Syscalls in C# — Part 2" post: building a direct-syscall NtCreateFile PoC in C# .NET 3.5, extracting…
Kerberos3 Huntress reveals an unpatched Windows search: URI handler flaw that can leak Net-NTLMv2 hashes with a single link click. The bug mirrors…
Red Team Operations613 A practical, layer-by-layer walkthrough of modern Windows defense evasion for red team operators: the architecture of Microsoft Defender, three generations of AMSI…
kernel12 A walk-through of zolutal’s revival of the 2017 Project Zero “native_write_cr4” trick on a modern Linux kernel with CR Pinning enabled. The…
Red Team Operations14 A walk-through of NVISO Labs’ first Kernel Karnage post: writing a small Windows kernel driver, locating the undocumented PspCreateProcessNotifyRoutine callback array through…
Bypassing15 A walkthrough of the well-documented Windows UAC bypass that uses "eventvwr.exe"’s auto-elevate manifest plus a writable HKCU registry handler for the "mscfile"…
Exploit Development17 Rapid7’s Jonah Burgess has disclosed a critical (CVSS 9.4) authenticated argument-injection RCE in the self-hosted Gogs Git server. Any authenticated user can…
Exploit Development11 A deep technical write-up of the Synology BeeStation pre-auth-to-RCE chain disclosed by DEVCORE at Pwn2Own Ireland 2024 (CVE-2024-50629 CRLF injection, CVE-2024-50630 auth…
Exploit Development15 Calif’s AI-assisted security team published a write-up of their FreeBSD kernel engagement: "15 bugs total" — 3 RCEs, 5 LPEs, 1 bhyve…
Exploit Development10 CVE-2025-61622 is an unauthenticated remote code execution in PyFory (formerly PyFury) 0.12.0–0.12.2 reachable through the library’s fallback path for unregistered types: "handle_unsupported_read()"…
Red Team Operations14 MDSec returns to the Visual Studio extension ecosystem three years after their VS Code work. A modern "VisualStudio.Extensibility" extension that fetches and…
Reverse Engineering11 A step-by-step walkthrough of reverse-engineering a Windows x64 crackme that XORs its input against a hard-coded 10-byte key before comparing it to…
Exploit Development12 CVE-2026-20182 (CVSS 10.0, CWE-287) is a critical authentication bypass in the Cisco Catalyst SD-WAN Controller’s vdaemon DTLS service (UDP 12346). By presenting…
Exploit Development11 CVE-2026-40369 is a Windows kernel bug in "nt!ExpGetProcessInformation" that lets any unprivileged process — including one inside Chrome’s renderer sandbox — increment…
Malware16 A practical walkthrough of using Ghidra and x32dbg to disassemble a Cobalt Strike beacon shellcode, identify the PUSH/CALL EBP hash-then-dispatch pattern, resolve…