dungnm

Confirmed! Le Tran Hai Tung (@tacbliw), dungnm (@dungnm_) and hieuvd (@gr4ss341) of Viettel Cyber Security (@vcslab) used an integer overflow to escalate privileges on #Windows 11. Their 5th round win nets them $7,500 and 3 Master of Pwn points. #Pwn2Own

Good morning! Just published a blog post exploiting a VMware Guest To Host. A UaF Heap Feng Shui base address leakage to bypass ASLR and a stack-based buffer overflow to achieve RCE. r0keb.github.io/posts/VMware-G…

Wrote up my first Patch Tuesday diff. CVE-2026-20811, type confusion in win32kfull.sys. CMonitorTopology* survives incomplete sanitization in the async path. Feedback welcome! s4dbrd.github.io/posts/win32k-t…

A Race Within A Race: Exploiting CVE-2025-38617 in Linux Packet Sockets Excellent article by Quang Le about exploiting CVE-2025-38617 — a race condition that leads to a use-after-free in the packet sockets implementation. blog.calif.io/p/a-race-withi…

A Race Within A Race: Exploiting CVE-2025-38617 in Linux Packet Sockets. A step-by-step guide to exploiting a 20-year-old bug in the Linux kernel to achieve full privilege escalation and container escape, plus a cool bug-hunting heuristic. open.substack.com/pub/calif/p/a-…

Our latest post on the blog details a Windows EoP courtesy of @filip_dragovic... "Total Recall – Retracing Your Steps Back to NT AUTHORITY\SYSTEM" - mdsec.co.uk/2026/02/total-…

In the final part of his blog series, @tiraniddo tells the story of how a bug was introduced into a Windows API. Code re-writes can improve security, but it’s important not to forget the security properties the code needs to enforce in the process. projectzero.google/2026/02/gphfh-…

In his latest blog, @ricnar456 provides a PoC related to CVE-2026-2636, a blue screen of death (BSoD) on Windows CLFS driver coresecurity.com/blog/cve-2026-…

GitHub - oxfemale/CVE-2026-20817: Windows Error Reporting ALPC Elevation of Privilege (CVE-2026-20817) - Proof-of-Concept exploit demonstrating local privilege escalation via WER service. - github.com/oxfemale/CVE-2…

Silverfox Group is actively exploiting CVE-2025-70795 in wild to terminate AV processes. Such driver is not in Windows vulnerable driver blocklist. The updated driver verify if the control code is from a SYSTEM Process, but still can be used. Reference: bbs.kafan.cn/thread-2288675…

This presentation remains the go-to reference for learning the inner workings of the IDA Pro Hex-Rays decompiler: (video) youtube.com/watch?v=T-YkhN… (article) i.blackhat.com/us-18/Thu-Augu… #decompiler #reverseengineer #informationsecurity #cybersecurity

Exploit Demo & Analysis Article by 78ResearchLab(@78_lab) CVE-2026-20817 : Windows Error Reporting(WER) Service Elevation of Privilege Vulnerability blog.78researchlab.com/2ffdb461-3e5b-… #CVE_2026_20817 #LPE #Windows

Thanks for @Steph3nSims . In this stream, I went over the libxsql based tools like IDA and Binary Ninja SQL plugins and how they can be used with your favorite coding agent.

What Do Opus 4.6's 500 Zero-Days Mean for Us? atum.li/en/blog/opus-4…

Technical analysis of the TP-Link ER605 Pre-Auth RCE exploit chain by @yibarrack. This writeup documents the reproduction of CVE-2024-5242, 5243, and 5244, detailing a 2-stage exploitation process to bypass ASLR on MIPS32 LE. Full report: oobs.io/posts/er605-1d…

Dropping some tooling to assist with Windows RE (or any really); bulk download modules across all versions, search for call chains from references, immediates, instructions, etc. Has been useful for mass-analysis, cross-version diffing, variant analysis, and just generally locating candidates for more thorough investigation (ioctl dispatch, rpc handlers/chains, what functions eventually call a desired target). github.com/daaximus/ida-r…

@yarden_shafir @0xfluxsec I dumped my research docs on it a little while ago, but it's not fully comprehensive gist.github.com/Kristal-g/eec0…

NEW BLOG: The Great VM Escape 💕 We caught threat actors deploying a VMware ESXi exploit toolkit in the wild - potentially was a zero-day developed over a year before VMware's disclosure 👀 If anyone has thoughts on it let me know, but I needed almost a full case of beer to wrap my head around this one 🍺 Full technical breakdown 👇 huntress.com/blog/esxi-vm-e…

Starting 2026 with a new blog! I've really been enjoying my Windows on ARM machine - so my post is about interrupts for WoA. This includes x64/ARM differences, virtual interrupts, Hyper-V's synthetic controller, and Secure Kernel interrupts/intercepts connormcgarr.github.io/windows-arm64-…