niph

You like technical deep dives into binary exploitation and crazy heap wizardry? Then you'll like our blog post by @0xor_solo about unauth'ed RCE in NetSupport Manager aka CVE-2025-34164 & CVE-2025-34165 code-white.com/blog/2026-01-n…

I wrote Task Unmanager: keeps killing processes Russian Roulette style, until your machine crashes

Last week I hosted family for Thanksgiving. My 12-year-old nephew asked for the WiFi password. He wanted to play Roblox on his iPad. I looked at the device. Unmanaged. No antivirus. No encryption. I’m an IT Professional. I don't run an open network. So I didn’t give him the password. Instead, I spent 45 minutes provisioning a Guest VLAN. I set up a captive portal. I throttled the bandwidth down to 56kbps. Then I blocked all traffic on ports 80 and 443. He came back crying. He said it wouldn't load. My sister screamed at me to "just let him play." I told her that Zero Trust architecture doesn't care about bloodlines. We didn't have a "fun" Thanksgiving. But we had a secure perimeter. You’re welcome for the compliance.

We know that Microsoft improved the overall printing security in 2025, now using DCE/RPC for callback, you can force NTLM local auth and reflect back machine auth even without CredMarshalTargetInfo() trick 😇

Latest ≠ Greatest? A Retrospective Analysis of CVE-2025-59287 in Microsoft WSUS from our very own @mwulftange who loves converting n-days to 0-days code-white.com/blog/wsus-cve-…

🚨Our governments are about to decide whether 450M Europeans deserve privacy - or not. Help ensure your country says NO to Chat Control: Call you local representatives! Privacy is not negotiable. Speak up now. ✊ #privacy 👉 More on how to stop Chat Control: tuta.com/blog/chat-cont…

Malicious executions of compiled JavaScript, leading to the of JSCEAL — a stealthy, multi-stage crypto stealer : ⚠️ Malicious ads for fake crypto apps installers 🧩 Modular PowerShell loaders 🕵️ Unique evasion techniques that kept the campaign undetected research.checkpoint.com/2025/jsceal-ta…

For those like me who prefer to stay in the terminal and want to call REST APIs like the Microsoft Graph without complicated commands or copy/pasting tokens: roadtx now has a graphrequest command to perform simple requests against these APIs and parse the JSON.

We have reproduced "ToolShell", the unauthenticated exploit chain for CVE-2025-49706 + CVE-2025-49704 used by @_l0gg to pop SharePoint at #Pwn2Own Berlin 2025, it's really just one request! Kudos to @mwulftange

Turns out you can just hack any train in the USA and take control over the brakes. This is CVE-2025-1727 and it took me 12 years to get this published. This vulnerability is still not patched. Here's the story:

It was great to attend #TROOPERS25! Beautiful city, nice weather, talented researchers. My talk was just based on how Entra works but I hope it contributed to the community. Thanks for everyone I had a chance to talk to! No jet lug now. Time to go home😂 github.com/temp43487580/E…

Thanks to everyone who attended our (@unsigned_sh0rt) talk at @WEareTROOPERS! Here is the companion blog post: specterops.io/blog/2025/06/2…

New attack vector: FileFix. A phishing trick that executes PowerShell straight from your browser no Run dialog, no pop-ups. Just a fake file path + clipboard + File Explorer. Red teamers, this one’s wild. 📽️ PoC + write-up: @t3chfalcon/filefix-a-simple-social-engineering-trick-that-launches-powershell-from-the-browser-31ff3120ccd1" target="_blank" rel="nofollow noopener">medium.com/@t3chfalcon/fi…

At @WEareTROOPERS I dropped new research on #nOAuth, an abuse of #EntraID that allows you to spoof users in vulnerable SaaS applications. The attack is still alive and well. You can read all about it here: #Entra #M365 #infosec semperis.com/blog/noauth-ab…

Lets go, looking forward to the next few days ;)

What if you skipped VirtualAlloc, skipped WriteProcessMemory and still got code execution? We explored process injection using nothing but thread context. Full write-up + PoCs: blog.fndsec.net/2025/05/16/the…

I'll be returning to #BHUSA @BlackHatEvents this summer for a brand talk about moving laterally from AD to Entra ID. I don't think I've ever been this excited about a talk, with lots of cool stuff to share 🎢 😄.

⚡️ Loki C2 just leveled up! 🍄🧙‍♂️ 🔗 Agents can now link to each other, and across platforms! 🔗 No internet? No problem. Chain them, pivot deep, and keep moving! @XForce @IBM @IBMSecurity Check out the new release here: github.com/boku7/Loki

I blogged about my discovery of CVE-2025-26684 - Microsoft Defender for Endpoint (MDE) on Linux Elevation of Privilege stratascale.com/vulnerability-…