x64dbg scripts and plugins (@_n1ghtw0lf), ShellcodeMutator (@m0rv4i), Dirty-Vanity (@eliran_nissan), Windows Kernel dev 101 (@V3ded), detailed Chrome exploitation (@jack_halon), PassTheChallenge (@ly4k_) and more!
Apple data privacy, ChatGPT vs bug bounty, Syscall Hooks in Windows (@Denis_Skvortcov), SMSgate, Standalone Managed Service Accounts (@simondotsh), StealthHook (@x86matthew), and more!
ChatGPT (@OpenAI), Huawei hypervisor research (@lyte__ + @NeatMonster_), Tailscale DNS rebiding attacks (@JJJollyjim), Using CodeQL to find RCE (@frycos), PPLcontrol (@itm4n), and more!
AWS AppSync exploit (@Frichette_n), F5 unauth RCE, Meta's new VCS, Chrome exploitation (@jack_halon), Kerberoasting customization (@Ben0xA), macOS sandbox escape (@_r3ggi), and more!
ROADtools Token eXchange (@_dirkjan), Certified pre-owned followup (@harmj0y + @tifkin_), AAD Privileged Access (@0xcsandker), FindEmptySystem (@christruncer), TelemetrySource (@jsecurity101), and more!
I'm a day late - sorry!
🎃 Spooky (forthcoming) OpenSSL 3 critical vuln, RC4 fun (@tiraniddo), Autodial DLL techniques (@TheXC3LL), token leak abuse via webshell (@_Kudaes_), Open-Obfuscator (@rh0main), more exchange pwnage from 🍊 (@orange_8361), and more!
Untangling Azure Permissions (@0xcsandker), V8 and JS internals of Chrome (@jack_halon), MS Office Online Server RCE chain (@IndiShell1046), ManageEngine Decryptor (@W9HAX), SharedMemUtils (@x86matthew), and more!
Cobalt Strike RCE (@0x09AL + @FuzzySec), Docker Compose for red teams (@BuckinghamEzra), portable malware (@CaptMeelo), free root servers (@hackerschoice), LastPass tricks (@rbmaslen), practical attacks against NTLMv1 (@n00py1), and more!
Intel Alder Lake src leak (@vxunderground ), PHP payloads in PNGs (@ROLANDQuentin2), Zimbra RCE via email, macOS Gatekeeper bypass (@JamfSoftware), ShadowSpray (@dec0ne), and more!