An introduction to privileged file operation abuse on Windows https://t.co/gOadbQXcQx Example bugs for McAfee, F-Secure and Pulse linked.

CVE-2025-23282 is going to debut tomorrow at @hexacon_fr in our talk "CUDA de Grâce" w/ @chompie1337, but you can try CVE-2025-23332 now! Tweetable Python PoC: ``` import fcntl fcntl.ioctl(open('/dev/nvidiactl'),218,0) ```

Writeup for the 3rd hole exploitation technique :-). https://t.co/vRvVG0cprn

Check out Titanis, my new C#-based protocol library! It features implementations of SMB and various Windows RPC protocols along with Kerberos and NTLM. https://t.co/GC5wA2y3EO

I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog:

File system redirection has long been a tool for attackers seeking privilege escalation. RedirectionGuard, a new Windows mitigation, is designed to block malicious junction-based redirection by default, strengthening system security. Key Features of RedirectionGuard: •Blocks

The final part of @j00ru’s Windows Registry series is live! Contains all the hive memory corruption exploitation you’ve been waiting for https://t.co/OYiomWuQ6V

🚀 We just released my research on BadSuccessor - a new unpatched Active Directory privilege escalation vulnerability It allows compromising any user in AD, it works with the default config, and.. Microsoft currently won't fix it 🤷‍♂️ Read Here - https://t.co/c969sNjQH0

If you update WinDbg today (1.2504.15001.0), you might notice another icon in the View tab of the ribbon, one called "Parallel Stacks". While incredibly useful in its own right, this isn't just a parallel stacks view. It's the introduction of graph visualization for extensions!

Think NTLM relay is a solved problem? Think again. Relay attacks are more complicated than many people realize. Check out this deep dive from @elad_shamir on NTLM relay attacks & the new edges we recently added to BloodHound.

You can now jailbreak your AMD CPU! 🔥We've just released a full microcode toolchain, with source code and tutorials.

🚀 New Blog & PoC: Abusing IDispatch for COM Object Access & PPL Injection Leveraging STDFONT via IDispatch to inject into PPL processes & access LSASS. Inspired by James Forshaw's research! 🔍 Blog: https://t.co/TKdtwuj509 💻 Code:

Today I’m sharing a blog post on the implementation of kernel mode shadow stacks on Windows! This post covers actively debugging the Secure Kernel and also outlines why VTL 1 is relied on to help maintain the integrity of the supervisor shadow stacks!

Two new posts from @tiraniddo today: https://t.co/StB2knG8FO on reviving a memory trapping primitive from his 2021 post. https://t.co/sbKodaJMe9 where he shares a bug class and demonstrates how you can get a COM object trapped in a more privileged process. Happy Reading! 📚

Don't panic now, but LLM-based agent discovered a previously unknown real-world vulnerability. Details in

Administrator Protection, introduced in the latest Windows Insider Canary build, is a solid security enhancement... uhh.. really?? can be bypassed with @splinter_code's clever SspiUacBypass tool. Check it out here: https://t.co/e1WWHi2Rnk

After 27 years of providing in-depth coverage of the amazing world of PC and mobile hardware, AnandTech is saying farewell. We want to thank everyone from the AnandTech community for their support and passion for what we’ve done over the years https://t.co/3EGh4FJguE

Excited to share our research on Kernel Streaming! We discovered several vulnerabilities in it that we used at Pwn2Own this year. Check it out:

My latest research is out! I’m revealing a new Windows Installer EOP technique using Custom Actions and a flawed repair process. Microsoft hasn’t acknowledged the bug, so it’s unfixed and affects even the latest Windows 11 OS. https://t.co/MoW6gjnVDd

Introducing a new Windows vulnerability class: False File Immutability. 👉 Bonus: a kernel exploit to load unsigned drivers. https://t.co/rckAZVs5Lf

CVE-2024-6387: regreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems https://t.co/uSsqsFbT4V OpenSSH 9.8 fixes regreSSHion and a logic error in ssh ObscureKeystrokeTiming https://t.co/WTPhtzl7uC OpenSSH mitigations and minimal patches for both