P0

Reached top 25 on the first @hackthebox_eu season. Had a blast hacking machines and joking around with old and new friends. This would not have been possible without these amazing people: @k0zmer @0xr0BIT @tobeatelite @szymex73 @ziemni_ @Tract0r_ @Kucharskov #hackthebox #htb

COM is old but gold—for attackers! 🚨 In our latest blog, Sylvain Heiniger (@sploutchy) exposes a privilege escalation vulnerability in the Google Chrome updater. Want to know how cross-session EoP still happens today? Check it out! #COM blog.compass-security.com/2024/10/com-cr…

@0xr0BIT @vulnlab_eu @xct_de This guy is insane!

Just pwned Lustrous2 on @vulnlab_eu ! Thanks @xct_de for the excellent challenge. My brain hurts now :sad: api.vulnlab.com/api/v1/share?i…

@Geiseric4 @AlteredSecurity @nikhil_mitt Congrats man! Well done

Happy to say I'm now CRTM certified! Thanks @AlteredSecurity and @nikhil_mitt for the nice experience!

There we go! Was a fun challenge :) @offsectraining thx again everyone for keeping my imposter syndrome under control. Especially @Pzz02 @xct_de @k0zmer and the entire @vulnlab_eu community. I’d be dogshit without you guys! <3

This one was quite a while in the making and got changed quite a bit in the process. I hope you enjoy it :)

Did a thing. Me iz baby operator nao :3. GG @zeropointsecltd @_RastaMouse Enjoyed the experience :). Except for Flag7. That one will haunt me fr. Shoutout to the usual suspects: @xct_de @k0zmer @vulnlab_eu @Pzz02

WoWMIPS - A MIPS R4000 emulator which allows legacy Windows NT MIPS binaries to run on modern x86/64 Windows. A short series of articles describes the development of this emulator: x86matthew.com/view_post?id=m…

You can find PoC here github.com/Wh04m1001/CVE-…

Retro Gaming #Vulnerability #Research: Warcraft 2 research.nccgroup.com/2023/12/19/ret… @raptor/111673836720571914" target="_blank" rel="nofollow noopener">infosec.exchange/@raptor/111673…

My latest blog post diving into the world of Windows AD Cert Publishers group is out 🌐✨ Insights with a little bit of silver++ juice :-) decoder.cloud/2023/11/20/a-d…

A new Red Team Lab, Shiva, is coming to Vulnlab next week! This time you get to test a hardened Hybrid-AD environment that involves: - Hybrid-AD with 10+ machines & active users - Cloud exploitation - SIEM, EDR on Clients & Servers - Common enterprise software - No CVEs

A red team operator that was just discovered by the SOC team

Here is my summary of the CoercedPotato exploit by @Prepouce_ and @Hack0ura , added to my Windows Potato family article : #bkmrk-coercedpotato" target="_blank" rel="nofollow noopener">hideandsec.sh/books/windows-…

📢 Just published a detailed writeup on a fascinating "Smart-Bank" CTF challenge! 🏦💻 Dived deep into vulnerabilities from Nginx misconfigurations to NestJS oversights. A real treasure for PTs and CTF enthusiasts! 🚀 🔗 @frevadiscor/rkOVSLVf6" target="_blank" rel="nofollow noopener">hackmd.io/@frevadiscor/r… @pwnx_official @nohatcon

Perfect DLL Hijacking: It's now possible with the latest in security research. Building on previous insights from @NetSPI, we reverse engineer the Windows library loader to disable the infamous Loader Lock and achieve ShellExecute straight from DllMain. 🔍 Link in bio 🔗

This is the best paragraph in the blogpost for the curl CVE-2023-38545 - I love the self-reflection. Huge respect to @bagder for his work on curl!

We just released Reflective Call Stack Detections and Evasions! This was co-authored by our @XForce Red intern Dylan Tran @d_tranman! Dylan is wicked smart and it was fun working with him! Check it out!🥷 securityintelligence.com/x-force/reflec…

New blog post is up which looks at an unpatched vulnerability in macOS which allows us to hijack entitlements from signed binaries.. aka.. DirtyNIB. blog.xpnsec.com/dirtynib/

For those of you who are finding #SharePoint Pre-Auth #RCE ( #CVE-2023-29357 + CVE-2023–24955 ) too technical to understand, here's a simplified version. 🧵(0/n)

Push is a chain playable @vulnlab_eu made by myself and @xct_de, which focuses on initial access & exploiting common enterprise software. Walkthrough available here: blog.k0z.cc/blog/Push