News

• Delve - Fake Compliance as a Service - Part I - As someone who has dealt with compliance, the desire to have a one stop company deliver the end result is tempting, and the SOC 2 standard allowed for this abuse. When the "auditors" are being paid by the company being audited this is the inevitable outcome. Delve just took it to the extreme and made rubber stamping a service.
• [PDF] National Security Determination on the Threat Posed by Routers Produced by Foreign Countries - All new "routers produced in a foreign country, regardless of the nationality of the producer" are now banned in the US because malicious actors had exploited security gaps in foreign-made routers "to attack households, disrupt networks, enable espionage, and facilitate intellectual property theft." If you're going to ban based on "national security" concerns, limiting consumer freedom, you should be able to share solid evidence of the concerns with the public. Four links to APT/botnet reports does not demonstrate that producing a router in the US will protect them from exploitation. "Entities that produce routers in a foreign country are encouraged to apply for Conditional Approvals." Oh, they just want bribes. Neat.
• [X] Unconfirmed breach of OVHcloud - What threat actor posting data for sale on BreachForums has 530TB of empty storage space for this exfil? Are they using a 3rd party cloud service for storage (encrypted data one assumes)?
• Trivy Supply Chain Compromise - What happens when your security scanner is compromised with a credential stealer? The blast radius on this one was bad. It may have been related to/the cause of the LiteLLM compromise?

Techniques and Write-ups

• CVE-2026-20817 - Windows Error Reporting Service EoP - The proof-of-concept doesn't quite pop a SYSTEM shell, but it gets close (having WerFault.exe run with user controlled command line arguments).
• A 32-Year-Old Bug Walks Into A Telnet Server (GNU inetutils Telnetd CVE-2026-32746 Pre-Auth RCE) - A bug from 1994 was finally patched. I wonder if some 60+ year old hacker just had their 32 year old 0day burned.
• Patch Bypass: Netskope Client for Windows - Local Privilege Escalation via Rogue Server - Using the provider's own reverse proxy service to tunnel your exploit through their infrastructure and thus bypass the url checks is devious.
• Abusing Modern Browser Features for Phishing - With some tweaking this could be very effective.
• Remote Command Execution in Google Cloud with Single Directory Deletion - Not often do we see a remote code execution in a major cloud provider service.

Tools and Exploits

• ludus_kubernetes_goat - Ansible role that deploys Kubernetes Goat on a Ludus range VM using k3s and Helm
• ludus_kali_setup - An Ansible role that bootstraps a Kali Linux VM in a Ludus range with some more preferable settings for demo and lab usage.
• rustunnel - is a open-source tunnel service written in Rust that replicates the core functionality of ngrok. It exposes local services running behind NAT/firewalls to the public internet through a relay server self-hosted or our managed service.
• toastnotify-bof - A Beacon Object File (BOF) for sending Windows toast notifications. Pairs with the blog post (toast my way ) for full context and use cases.
• Komodo - The best (personal option) docker management system released 2.0 with support for swarm management.
• VMkatz - Extract Windows credentials directly from VM memory snapshots and virtual disks.
• Krb5RoastParser - KrbRoastParser is a tool for parsing Kerberos packets from pcap files to extract AS-REQ, AS-REP and TGS-REP hashes
• teletunnel - Bypassing EDR's with stealthy c++ telegram Bot and Telegram itself as C2 interface
• ForceHound - Salesforce identity and permission graph collector for BloodHound CE. Maps users, profiles, permission sets, roles, groups, sharing rules, connected apps, and field-level security into attack-path graphs.

New to Me and Miscellaneous

This section is for news, techniques, write-ups, tools, and off-topic items that weren't released last week but are new to me. Perhaps you missed them too!

• Can it Resolve DOOM? Game Engine in 2,000 DNS Records - People really will port DOOM to anything.
• Deep-Dive Into the Deployment of an On-Premise Low-Privileged LLM Server - Some nitty gritty sysadmin work.
• MALUS - Liberate Open Source - "Clean Room as a Service" 🤣 "Some will argue that what we do is exploitative, that we are extracting the ideas from open source while leaving behind the people who contributed them. To this I say: yes, that is a reasonably accurate description of our business model. It is also a reasonably accurate description of every company that has ever used open source software without contributing back, which is to say, virtually every company that has ever used open source software." 🔥 This is a very well done satire.
• project-nomad - Project N.O.M.A.D, is a self-contained, offline survival computer packed with critical tools, knowledge, and AI to keep you informed and empowered—anytime, anywhere.

Techniques, tools, and exploits linked in this post are not reviewed for quality or safety. Do your own research and testing.