Martin Smolar
@smolar_m
Followers
343
Following
370
Media
1
Statuses
88
Malware researcher at @ESETResearch
Joined January 2017
#ESETresearch has observed #Gamaredon exploiting CVE-2025-8088 (#WinRAR path traversal) in an ongoing spearphishing campaign. This vulnerability allows arbitrary file write via crafted RAR archives. 1/5
2
44
128
#ESETresearch has discovered the first known cases of collaboration between Gamaredon and Turla, in Ukraine. Both groups are affiliated with the FSB, Russia’s main domestic intelligence and security agency. https://t.co/1cADq5kf7p 1/3
welivesecurity.com
ESET researchers reveal how the notorious APT group Turla collaborates with fellow FSB-associated group known as Gamaredon to compromise high‑profile targets in Ukraine.
3
40
98
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog:
dirkjanm.io
While preparing for my Black Hat and DEF CON talks in July of this year, I found the most impactful Entra ID vulnerability that I will probably ever find. One that could have allowed me to compromise...
143
906
3K
🔐BYOVD, but in firmware. Signed UEFI shells, vulnerable modules offer new paths for Secure Boot bypasses. Read the latest REsearch from @pagabuc and @yeggorv on the fragile foundation of UEFI ecosystem. https://t.co/13b6KKIIwd
2
21
47
#ESETResearch has discovered the first known AI-powered ransomware, which we named #PromptLock. The PromptLock malware uses the gpt-oss:20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts on the fly, which it then executes 1/6
56
675
3K
Just dropped a detailed blog post on our “BitUnlocker” research. If you’re into logical vulnerabilities and BitLocker bypasses, this one’s for you! https://t.co/BWCYY7cpFj
techcommunity.microsoft.com
Table of Contents Introduction BitLocker Overview WinRE Overview Attacking Boot.sdi Parsing Attacking ReAgent.xml Parsing Attacking Boot Configuration Data...
0
18
38
#ESETresearch has discovered a zero-day vulnerability in WinRAR, exploited in the wild by Russia-aligned #RomCom @dmnsch @cherepanov74
https://t.co/DjAaBJJa5O 1/7
welivesecurity.com
ESET Research discover a zero-day vulnerability in WinRAR being exploited in the wild in the guise of job application documents.
3
74
155
Some of the vendors just never changing. How can we trust their products if they even cheat with vulnerability disclosures?
Gigabyte advisory (no credit to Binarly REsearch 🧐):
2
5
14
An interesting case of a recent phishing campaign targeting users of the X platform. #ESETResearch analyzed the campaign and found that, in addition to the expected focus on individuals involved in crypto and digital assets, the attackers also targeted prominent journalists, a
Last night my Twitter account was hijacked. I’ve now regained access and can tell the full story — it was a sophisticated phishing attack. Essentially, I handed over all my passwords and 2FA myself, so it’s entirely my fault. 1. I received an email (screenshot) claiming there
2
24
36
#ESETresearch has conducted a comprehensive technical analysis of new malicious tools and significant updates observed in 2024 in the arsenal of the Russia-aligned #Gamaredon #APTgroup targeting Ukraine🇺🇦. https://t.co/lWHCJLibyx 1/9
1
29
69
Secure Boot bypasses everywhere, nice find!
🚨Binarly is documenting the discovery of CVE-2025-3052, a memory-corruption flaw in a Microsoft-signed UEFI module that lets attackers bypass Secure Boot and run unsigned code before the OS starts. 🔗 Full details: https://t.co/bnojn8RmsV 🛡️ Advisory: https://t.co/0D3CozbyPu
0
2
12
There will soon be a part two of the writeup, where we'll use Hydroph0bia for getting arbitrary code execution during FW update and obtain full control over the DXE volume (and all other parts that happen to not be covered by BG/FDM hashing). https://t.co/zhhcStaJHO
1
4
14
Very nice discovery!
The embargo (12:00 UTC 2025-06-10) is over, let's start a thread on Hydroph0bia (CVE-2025-4275), a trivial SecureBoot and FW updater signature bypass in almost any Insyde H2O-based UEFI firmware used since 2012 and still in use today. English writeup:
0
0
0
Thread Execution Hijacking is one of the well-known methods that can be used to run implanted code. In this blog we introduce a new injection method, that is based on this classic technique, but much stealthier - Waiting Thread Hijacking. Read More :
research.checkpoint.com
Research by: hasherezade Key Points Introduction Process injection is one of the important techniques used by attackers. We can find its variants implemented in almost every malware. It serves...
2
111
267
Some exciting research to share from Binarly REsearchers @cci_forensics and @pagabuc -- a novel approach to UEFI bootkit detection. 🔥Read the technical paper: "UEFI Bootkit Hunting: In-Depth Search for Unique Code Behavior" 👉 https://t.co/KwmiNq9hdc
0
60
133
#ESETresearch has discovered a zero day exploit abusing #CVE-2025-24983 vulnerability in Windows Kernel to elevate privileges (#LPE). First seen in the wild in March 2023, the exploit was deployed through #PipeMagic backdoor on the compromised machines. 1/4
3
74
200
🚨Secure Boot relies on revocation lists (dbx) to block malicious bootloaders, but discrepancies between the @UEFIForum & @Microsoft lists create security gaps. 👉Call for a single and openly maintained revocation list -- a unified source of truth! https://t.co/WmegZKFPQV
2
29
41
have a look at my latest discovery! ;)
#ESETresearch discovered and reported to @certcc a vulnerability that allows bypassing UEFI Secure Boot on most UEFI-based systems. This vulnerability, #CVE-2024-7344, was found in a UEFI app signed by Microsoft’s 3rd-party UEFI certificate. @smolar_m
https://t.co/9P3HZ8JvgC 1/4
0
0
6
wow :O this is getting interesting, great find @binarly_io !!
🚨NEW from Binarly: "LogoFAIL Exploited to Deploy Bootkitty, the first UEFI bootkit for Linux". We found a direct connection between the newly discovered #Bootkitty Linux bootkit and in-the-wild weaponized exploitation of the #LogoFAIL vulnerability. https://t.co/E3w2sxL7XO
0
0
5
#ESETresearch reveals the first Linux UEFI bootkit, Bootkitty. It disables kernel signature verification and preloads two ELFs unknown during our analysis. Also discovered, a possibly related unsigned LKM – both were uploaded to VT early this month. https://t.co/CZW6Mfm6bK 1/5
2
165
309