This vulnerability shows how Windows Defender file handling can be abused through filesystem races, Cloud Files APIs, and reparse points to redirect privileged writes and escalate from a low-privileged user to SYSTEM.
BlueHammer: Exploiting Microsoft Defender Update Workflow to Leak SAM and Escalate to SYSTEM
AntivirusattaksDefenderEscalationExploit DevelopmentexploitationPoCPrivilegeSecuritySecuritywinapiwinapiwindows
BlueHammer shows how Microsoft Defender’s update workflow can be abused to redirect privileged file access to a Volume Shadow Copy. By exploiting filesystem races and NT namespace tricks, the technique leaks the SAM hive, extracts NTLM hashes, and enables privilege escalation to SYSTEM.
Async Windows Gone Wrong: Exploiting a Win32k Type Confusion Bug
The article analyzes a Win32k type confusion vulnerability in the async window action path of win32kfull.sys. Improper handling of window objects can corrupt kernel structures and potentially enable local privilege escalation.
From RCU Double Free to Root: Exploiting a Linux Kernel Race in cornelslop
A DiceCTF write-up showing how an RCU double-free race in a Linux kernel module can be turned into a cross-cache exploit by manipulating SLUB allocator behavior and overlapping page-table entries.
Reflecting on Your Tier Model: CVE-2025-33073 and the One-Hop Problem
CVE-2025-33073 enables NTLM reflection attacks that give attackers SYSTEM access on vulnerable Windows hosts. When combined with unconstrained delegation, a single compromised server can lead to full Active Directory domain compromise.
Backup to SYSTEM: Exploiting the IDrive Client Privilege Escalation Flaw
CVE-2026-1995 is a privilege escalation flaw in the IDrive Windows backup client. Weak file permissions allow low-privileged users to modify service arguments and execute arbitrary code as SYSTEM.
Breaking the Flat Network: How Tiering Models Protect Active Directory
The article explains how flat enterprise networks enable easy lateral movement and domain compromise. It shows how Active Directory tiering models segment privileges and systems to prevent attackers from escalating access.
What You Need to Know: Windows Admin Center Remote Privilege Escalation (CVE-2026-26119)
CVE-2026-26119 is a high-severity privilege-escalation flaw in Windows Admin Center caused by improper authentication. Attackers with low-privileged access could gain admin rights and potentially compromise entire domains.
0x00 – Introduction to Windows Kernel Exploitation
DebugEscalationexploitationkernelkernel-modePoCPrivilegeReverse Engineeringuser-modewinapiWinDBGwindows
The article introduces Windows kernel exploitation and explains how to build a research lab using tools like WinDbg and the HackSys Extreme Vulnerable Driver (HEVD) to study kernel vulnerabilities and exploit development.
Active Directory Security Assessment: Password Spraying, Privilege Escalation, and Kerberoasting
This article analyzes an Active Directory attack chain where password spraying reveals valid credentials, privileged accounts enable escalation, and Kerberoasting exposes service account hashes, demonstrating how weak credential management can lead to full domain compromise.