SCOM lab (@synzack21), WatchGuard RCE (@_mccaulay), Clickjacking with SVGs (@rebane2001), macOS LPE (@theevilbit), a new private phone company (@nickcalyx + @phreeli), Proxmox tradecraft (@ZephrFish) and more!
Two weeks of news, techniques, tools, exploits, and more!
Cloudflare takes down the internet, IDA Pro gets a TUI, Rust in Android, AI-orchestrated cyber espionage, and more!
Apple's sourcemaps takedown (@moeruri), Call stack sig bypass (@saerxcit), AD Site pwnage (@croco_byte), sneaky remap (@MagisterQuis), Deceptiq launch (@deceptiq_), and more!
ShareHound (@podalirius_), Conquest C2 (@virtualloc), Docker Compose path traversal (@RonMasas), dead domain discovery (@_lauritz_), Narrator persistence/lat movement (@Oddvarmoe ), Windows 11 LPE (@d4m0n_8), and more!
DumpGuard (@bytewreck), GCC + VSCode (@_winterknife_), COM Research (@bohops), Gitlab to Cloud pivot (@0xC0rnbread), function peekaboo (@saab_sec), and more!
WhatchGuard RCE (@_mccaulay), BadSuccessor BOF (@_logangoins), ClubWPT hack (@samwcyo), MDE cloud vulns (@p0w1_), and more!
WriteAccountRestrictions fun (@unsigned_sh0rt), RCE in Dell UnityVSA (@SinSinology), Unity Runtime exploit (@ryotkak), Lenovo DCC LPE (@0x4d5aC), remote control over generators (@XeEaton), and more!
OmniProx (@ZephrFish), Phantom Chrome Extensions (Riadh Bouchahoua (@Synacktiv)), FIDO phishing (@dennis_kniep), VMWare Tools LPE (@0xThiebaut), MSI lateral movement (@werdhaihai), and more!
Getting Global Admin in every Entra tenant (@_dirkjan), WebSocket Turbo Intruder (@zakfedotkin), PureRAT analysis (@Tera0017), direct syscalls in Zig (@zux0x3a), and more!