jle-k

An analysis of CVE-2026-21236 - A heap based buffer overflow in the Microsoft Windows Kernel afd.sys - was just published by @ASN_Sinanju_06S a recent secondment with my team EDG! Nice work for her first triage of a kernel memory corruption bug! nccgroup.com/research/vulne…

@secxue @Dark_Puzzle @Bad_Jubies Thank you!

@_jle_k @Dark_Puzzle @Bad_Jubies awesome

Launched my blog with a quick exploit for CVE-2026-21241. Huge thanks to @Dark_Puzzle for finding the bug and @Bad_Jubies for diffing the patch. jle-k.com/blog/Exploitin…

I’ll be running a live session: “Live Windows Research Using WinDbg.” We’ll explore how to investigate Windows internals in real time using WinDbg, inspecting kernel structures, processes, and system behavior live. If you're into Windows internals, debugging, or security research, this session is for you. Details: trainsec.net/library/window… #windbg #windowsinternals #cybersecurity

Windows kernel 0day hunting with AI agents👻 2026 style

4.6 also wrote a few exploits. We found the cost of exploiting vulns was still 1 OOM higher than finding them. But that'll change fast. We need to be ready. We go into detail on one of the exploits on Red: red.anthropic.com/2026/exploit/

Patch Diff to SYSTEM - using LLMs to exploit a LPE vuln on Windows. More importantly, some thoughts on model capabilities the implications on our security industry elastic.co/security-labs/…

@cherrywu05 @Dark_Puzzle @Bad_Jubies Thank you!

@_jle_k @Dark_Puzzle @Bad_Jubies great research and great write-up, thank you 🌟

@SvenUrbanSci @Dark_Puzzle @Bad_Jubies Thank you!

@_jle_k @Dark_Puzzle @Bad_Jubies Solid demonstration of SYSTEM-level access through kernel manipulation. Effective visuals on patch bypass-concerning persistence.

FYI exploit devs, in future builds this exploit is blocked in two places: 1. Kernel addresses are no longer leaked: windows-internals.com/kaslr-leaks-re… 2. System DACLs are no longer writeable: x.com/33y0re/status/… (I hear there will be a blog post soon)

@yarden_shafir @Dark_Puzzle @Bad_Jubies Awesome, this is great to know. I’ll have some time to take a look this weekend. Thank you for the feedback!

@_jle_k @Dark_Puzzle @Bad_Jubies Nice work exploiting this! Blog is well written too. I’ll mention that the feature flag to de-restrict kaslr leaks should be gone soon if it isn’t yet, and corrupting system DACLs should no longer work in future versions (26H2+).

@dez_ @Ivanlef0u @Dark_Puzzle @Bad_Jubies Thank you!

@_jle_k @Ivanlef0u @Dark_Puzzle @Bad_Jubies Nice work!

I've published the first entry in my new Windows vulnerability research series. It details how exploring Windows I/O completion internals led to uncovering a use-after-free in afd.sys (CVE-2026-21241). rce4fun.blogspot.com/2026/02/use-af…

I made a write up diffing and triggering a use after free vulnerability in AFD.sys that was fixed in this month’s patch Tuesday: bad-jubies.github.io/cve-2026-21241…