WaterBucket

This stream from @Steph3nSims and @wunderwuzzi23 is a must watch if you're hacking AI things these days. Seriously, go watch it, it's a trove of knowledge youtube.com/watch?v=-KeTHA…

@chompie1337 @seanhn My experience with this so far is that it’s really only good at identifying known bad patterns/exploit primitives. Humans are still GOATed for the novel stuff.

@chompie1337 @_dru1d It's vibe-coded and I ripped it out of a larger project so ymmv 😅 If anything is broken just open an issue and I'll address it. github.com/alfarom256/Ara…

Windows Insider builds now have a native, OS-level broker for MCP servers. We reverse engineered Odr.exe to understand how it validates clients, manages consent, and controls access - uncovering undocumented COM interfaces and a full ETW audit trail. originhq.com/blog/msft-odr-…

Research shows how Palo Alto Cortex XDR predefined BIOC behavioral rules can be decrypted and analyzed. By understanding rule logic and built-in exceptions, attackers can adapt techniques to evade detection and bypass behavioral protections. core-jmp.org/2026/03/decryp…

Now You See mi - Now You're Pwned: Exploiting Xiaomi Smart Cameras for fun and credit labs.taszk.io/articles/post/… Our intern's research post is up, full code of an RCE exploit + a "cloud jailbreak" released with it. After embargo expiry, 3 vulnerabilities currently remain unfixed.

@lyq_sqsp @MayaStone420 @DarkNavyOrg @thezdi @OpenAI @claudeai @AnthropicAI research.checkpoint.com/2026/rce-and-a… this

@lyq_sqsp @MayaStone420 @DarkNavyOrg @thezdi @OpenAI @claudeai @AnthropicAI Yeah, read checkpoint’s blog :)

Hi @thezdi @OpenAI, asking for the rules of Pwn2Own26 Coding Agent directory, particularly the "interact with ... repository" If a user opens someone else's git repo using CodeX App with default permissions and is immediately RCE’d, does this fall within the threat model? :)

meet VMkatz, github.com/nikaiw/VMkatz

Discovered a Mark-of-the-Web (MOTW) bypass using native Windows extraction tools. CAB - TAR - TAR - XLSM chain causes the final file to lose MOTW, allowing macros in Microsoft Excel to run without the security warning. Reported to MSRC and classified as moderate. Enjoy

I recently came across the need to obtain logging into WSL2 and was forced to look into function hooking. However, this was my first time dealing with a COM server that didn't symbols, so I had to learn about a C++ feature - RTTI. I decided to write a blog on this in case anyone else runs into or has run into this: jonny-johnson.medium.com/wsl-com-hookin… POC: github.com/jonny-jhnson/R…

Releasing one of my research tools: EVENmonitor🖥️ Inspired by LDAPmonitor, I implemented a monitoring tool for the Windows Event log in pure python. You can just attach it via the network and then filter for specific event IDs or keywords. Available at: github.com/NeffIsBack/EVE…

@DarkNavyOrg @thezdi @OpenAI 👀

Published an attempted cleanroom reconstruction of the iOS Coruna exploit chain so it can be understood beyond original malware payloads. Disclaimer: largely done by Codex GPT-5.4 xhigh with iterative reviews. May contain mistakes. WIP; feedback welcome. github.com/zeroxjf/iOS-Co…

Built an evasive CS RL with Crystal Palace that bypasses Elastic EDR. The evasion lives inside the blob. Not in how it got there. Blog: lorenzomeacci.com/bypassing-edr-… Source: github.com/kapla0011/Kapl…

I did a video walkthrough as well youtu.be/hbxZv_94Csc?si…

1/n Today we're releasing the first public draft of the Security Level 5 (SL5) standard, designed to protect frontier AI models against nation-state adversaries. This v0.1 focuses on long lead time interventions: the things that need to start now, before SL5 is urgently needed. standard.sl5.org

Analyze the Windows kernel driver BEDaisy.sys, used by BattlEye anti-cheat. Through static reverse engineering, it explores driver architecture, APC usage, hardware fingerprinting, import handling, and detection mechanisms used to monitor system activity. core-jmp.org/2026/03/revers…

Syscalls are even more expensive than they were in past (and than I thought). For security reasons branch predictor and indirect branch predictor are usually reset. blog.codingconfessions.com/p/what-makes-s…

Hi, here is the first post of the second wave of RPC. RPC part 10. In this part, I talk about the structures inside the server stub. I tried to make it as simple as I did in the previous parts, so you don’t have to suffer as I did. Bye. sud0ru.ghost.io/windows-inter-…