In the wild 0days (@maddiestone), new Win11 primitive (@yarden_shafir), Cloudflare ZeroTrust for C2 (@zux0x3a), macOS LPEs (@LinusHenze + @zhuowei + Jack Dates of @ret2systems), SCCM abuse (@subat0mik + @_Mayyhem), Diamond Tickets (@4ndr3w6S), and more!
Pre-auth RCE on Oracle Cloud (@peterjson + @testanull), Global Jacuzzi hack (@XeEaton), goodfaith scoping (@ryanelkins), Tailscale SSH (@MayaKaczorowski), WerFault lsass dumper (@asaf_gilboa + @s4ntiago_p), ADFSRelay (@praetorianlabs), modern C2 (@preemptdev), and more!
ASP .NET audit (@frycos), iOS ROP ⛓️ (@inversecos), EnumDisplayMonitors to run 🐚code (@Marco_Ramilli), pcap for problem solving (@DebugPrivilege), RPC vuln (@s1ckb017), 🎣 for persistence (@matterpreter), Azure attack paths (@ZephrFish), and more!
RE an iOS app (@inversecos), More Azure Managed Identity attacks (@_wald0), excellent hardware hacking (@matthiasdeeg), printer pwnage (@Nikaiw, @JRomainG, @_trou_), BloodHound false positive reduction (@simondotsh), Ghostwriter 3.0 (@cmaddalena), and more!
Confluence RCE, Open Redirect -> RCE (@ByQwert), U-Boot vulns (@NCCGroupInfosec), Azure Managed Identity attacks (@_wald0), Deep Learning password extraction (@harmj0y), LSASS cryptography (@SkelSec), and more!
Follina Word RCE (@_JohnHammond + @BillDemirkapi), PyPI CTX and PHPass compromise (@aydinnyunuss), Gargoyle w/ROP (@thefLinkk), Fuchsia OS kernel hacking (@a13xp0p0v), custom Cypher (@simondotsh), code audit process (@frycos), and more!
Nighthawk 0.2 (@MDSecLabs), Parallels VM escape write-up (@ret2systems), Rust supply chain attack (@juanandres_gs), DPAPI entropy capture (@merrillmatt011), HVCI "work-around" (@33y0re), S4U2* attacks (@theluemmel), and more!
GitHub OAuth token hack, security.txt RFC (@EdOverflow), channel binding bypass for LDAP (@lowercase_drm), #ExtraReplica (@sagitz_, @shirtamari, @nirohfeld, @ronenshh), Windows kernel driver fun (@_xpn_), prefetch on Apple Silicon (@jose_vicarte and team), and more!
Acrobat extension issues (@WPalant), ECDSA signature in Java vuln (@neilmaddog), GPO LPE (@decoder_it), SSN resolution from process structs (@modexpblog), AWS container escape (@yuvalavra), and more!