SCOM lab (@synzack21), WatchGuard RCE (@_mccaulay), Clickjacking with SVGs (@rebane2001), macOS LPE (@theevilbit), a new private phone company (@nickcalyx + @phreeli), Proxmox tradecraft (@ZephrFish)...

Two weeks of news, techniques, tools, exploits, and more!

Cloudflare takes down the internet, IDA Pro gets a TUI, Rust in Android, AI-orchestrated cyber espionage, and more!

Apple's sourcemaps takedown (@moeruri), Call stack sig bypass (@saerxcit), AD Site pwnage (@croco_byte), sneaky remap (@MagisterQuis), Deceptiq launch (@deceptiq_), and more!

ShareHound (@podalirius_), Conquest C2 (@virtualloc), Docker Compose path traversal (@RonMasas), dead domain discovery (@_lauritz_), Narrator persistence/lat movement (@Oddvarmoe ), Windows 11 LPE...

DumpGuard (@bytewreck), GCC + VSCode (@_winterknife_), COM Research (@bohops), Gitlab to Cloud pivot (@0xC0rnbread), function peekaboo (@saab_sec), and more!

WhatchGuard RCE (@_mccaulay), BadSuccessor BOF (@_logangoins), ClubWPT hack (@samwcyo), MDE cloud vulns (@p0w1_), and more!

WriteAccountRestrictions fun (@unsigned_sh0rt), RCE in Dell UnityVSA (@SinSinology), Unity Runtime exploit (@ryotkak), Lenovo DCC LPE (@0x4d5aC), remote control over generators (@XeEaton), and more!

OmniProx (@ZephrFish), Phantom Chrome Extensions (Riadh Bouchahoua (@Synacktiv)), FIDO phishing (@dennis_kniep), VMWare Tools LPE (@0xThiebaut), MSI lateral movement (@werdhaihai), and more!

Getting Global Admin in every Entra tenant (@_dirkjan), WebSocket Turbo Intruder (@zakfedotkin), PureRAT analysis (@Tera0017), direct syscalls in Zig (@zux0x3a), and more!

FreeBPX RCE (@chudyPB), badpie (@dtmsecurity), macOS auditd malloc woes (@jfmeee), Spotlight TCC leak (@patrickwardle), WSUS relaying (@Coontzy1), pyLDAPGui (@ZephrFish), and more!

Metamorphic compilation (@tijme), Windows Secure Calls (@33y0re), macOS race condition exploit (@patch1t), NTLM relaying (@elad_shamir), iOS zero-click RE (@quarkslab), and more!

Azure AD via weak ACLS (@xybytes), HTTP stealth proxy (@IAmMandatory), Dll sideloading for initial access (@Print3M_), kernel-hack-drill (@a13xp0p0v), Sitecore RCE (@chudyPB), and more!

WebClient deep dive (@0xthirteen), 2x RCE chains in Commvault (@chudyPB), how to rob a hotel (@dmcxblue), MSI patch/protocol handler RCE (@johnnyspandex), self-relaying (@_logangoins), and more!

DEF CON releases, PDQ SmartDeploy creds (@unsigned_sh0rt), FortiSIEM root command injection (@SinSinology), a cat themed loader (@vxunderground), fine-tune LLMs for offsec (@kyleavery_), juicing...

AEM RCE (@infosec_au), Intune cert abuse (@_dirkjan), Entra tradecraft (@hotnops), LLMs for R&D (@kyleavery_), File System API research (@Print3M_), and more!

VMware Tools LPE (@justbronzebee), Adaptix C2 0.7 (@hacker_ralf), Ludus MCP (@__Mastadon), SOAP(y) (@_logangoins), and more!

PIC agents (@_RastaMouse), ToolShell, Async BOFs (@Cneelis), SCCM MP relays (@unsigned_sh0rt), RAITrigger (@ShitSecure), and more!

LudusHound (@bagelByt3s), SpeechRuntimeMove (@ShitSecure), Havoc Pro (@C5pider), FortiWeb RCE (@SinSinology), SailPoint IQService RCE (@NetSPI), Altiris RCE (@lefterispan), WAF bypass (@nyxgeek ),...

Lenovo Applocker bypass (@Oddvarmoe), Citrix Bleed 2 (@SinSinology, @inkmoro, Aliz Hammond), A+ adversary simulation (@quarkslab), DreamWalkers loader (@max2cbx), SigStrike (@rushter), and more!