Jonas Vestberg
5.9K posts
Jonas Vestberg
@bugch3ck
Privilege Escalation Engineer Principal Consultant @ Reversec (formerly WithSecure Consulting)
@bugch3ck.bsky.social Katılım Ağustos 2011
365 Takip Edilen1.9K Takipçiler
@olafhartong But this time will be different.... This time it will work....
English
All this AI code and nobody has thought to create a replacement for infosec Twitter?? (me either)
GIF
English
Jonas Vestberg retweetledi
Enhanced Insecurity Mode: 23 RCEs in Edge's "Safe" WebAssembly Interpreter
Microsoft's "safer" fallback when the WASM JIT is off? 23 paths to RCE in the interpreter itself. Slides now public — huge thanks to the OffensiveCon crew and everyone who came by.
@offensive_con
English
@domchell "Journalist at prestigious publication named GitHub"
Really? It sounds fake tbh 😅
English
Have we seen malicious CLAUDE\.md files or malicious AI skills yet? This feels like the new “don’t copy and paste random command line or bash scripts from the internet”
English
@mubix @d0rkph0enix Ok maybe they assumed the settings were off since someone committed a key that would otherwise be blocked or ignored by the feature.
If that is the case the wording is not great but it is not wrong either.
English
@bugch3ck @d0rkph0enix Possible if that’s where the protection was but GitHub has secrets protection as a setting:
English
@d0rkph0enix How would commit logs show an administrative change at a repo or org level? That doesn’t make sense unless the log was hand written that that change was needed or mentioned which seems an odd thing to note in a commit log
English
Jonas Vestberg retweetledi
Turns out that the fix for the CVE-2020-17103 , the Cloud Filter HsmOsBlockPlaceholderAccess driver bug reported by @tiraniddo was never ported to Windows 11 / Server 2025 and still not fixed. LPE from user to SYSTEM 🤦♂️
English
Jonas Vestberg retweetledi
Jonas Vestberg retweetledi
Gentle reminder that the Nginx RCE can be exploited remotely on any modern linux with protection enabled. All it takes is a second bug of arbitrary local file read, which is the reason we all love PHP and Node for. On a shared hosting environment, you should consider it as reliably exploitable, not just lab grade ASLR disabled RCE.
English
Jonas Vestberg retweetledi
If you’re interested in Claude Code and how skills can be abused to do bad things then check out the first in a series of few blogs from a colleague of mine who does 10/10 diagrams labs.reversec.com/posts/2026/05/…
English
Watching Americans discuss parental leave makes me sad.
Georgia Weidman@georgiaweidman
I’d encourage everyone to take a look at this. Technical founders are not employment lawyers, and he's right that kind of language was standard. The only company I’ve ever worked for that even offered paternity leave was based in Finland, a country with historically better human rights than the US. I continue to support @BHinfoSecurity and other companies created by members of our community. Running a business is hard and not a skill set that naturally follows from being a technical practitioner. @strandjs, if you need an evangelist or have overflow 1099, ping me.
English
Jonas Vestberg retweetledi
another day, another universal linux LPE
V12@v12sec
0e78b6737119a3141e466464ee2748eb84a61750958d0cb5824febbdadd875be poc.c
English
Jonas Vestberg retweetledi
I just reverse engineered the YellowKey BitLocker bypass
Microsoft shipped code that checks for a flag called "FailRelock" in every Windows 11 recovery image. When it's set to 1, after recovery unlocks your BitLocker drive, it never relocks it. All you need is a USB stick.
This code only exists in the recovery environment. Not in normal Windows. They left an entire debug testing framework in production.
impulsive@weezerOSINT
The userland demon is about to drop again.
English
@sherlock_comms @metpoliceuk Those kicks to the head looked really awful but this was a pretty good reminder what was at stake.
English