Everyone was saying RFI is dead in PHP applications (including me). Today, I got a way to perform RFI even if remote URL inclusion is disabled. I blogged about it 😄 SMB is loaded with awesomeness \m/ mannulinux.org/2019/05/explo…

The Internet is falling down, falling down, falling down Welcome back to another disaster - this time, an Auth Bypass in cPanel/WHM, tracked as CVE-2026-41940 Enjoy with us.. labs.watchtowr.com/the-inter…

‼️Copy Fail (CVE-2026-31431) is a Linux privilege escalation bug that lets any local user get root using a 732-byte Python script, and itworks on basically every major Linux distro shipped since 2017. Website: copy.fail/ Write-up: xint.io/blog/copy-fail-linux… GitHub: github.com/theori-io/copy-fa… It's a logic flaw in the kernel's crypto code (authencesn via AF_ALG and splice()) that allows a small write into the page cache, which can be used to tamper with a setuid binary like /usr/bin/su. Think how bad this is going to be for shared environments like Kubernetes, CI runners, and cloud sandboxes, where it enables container escape and tenant-to-host compromise. Found by Theori's Xint Code scanner, patched in the mainline kernel, and publicly disclosed on April 29, 2026; if you can't patch right away, the recommended workaround is to disable the algif_aead module.

GoodBoy Framework — Malware Dev Detection (Rust) 🧠⚔️ • 15-stage Windows malware course (Rust) • Loader → full C2 agent • Red Blue perspective (build, detect, bypass) • Real AV evasion data (76 engines tested) • Covers: API hashing, syscalls, injection, anti-debug, persistence, C2 Each stage = new technique detection counter-detection This isn’t theory — it’s how the arms race actually works. 🔗 github.com/F2u0a0d3/goodboy-… #MalwareDev #ReverseEngineering #RedTeam #BlueTeam #ThreatIntel #CyberSecurity

#CVE-2026-40466 is a bypass of CVE-2026-34197 in Apache ActiveMQ, exploiting the vm:// protocol to achieve Remote Code Execution

In our latest post, researcher @craigsblackie documents attacks against the Dell UEFI firmware that enable DMA attacks against TPM-only bitlockered devices mdsec.co.uk/2026/03/disablin…

Hacky Christmas to all, see you in 2025 🎄🎅

Better late than never, but I gave a talk called "LOL: The Fun(ny) Things About LOLBINs..." at the @USCyberGames kickoff last summer. I talk about real world impact, some common use cases, and (yet another) discovery methodology for finding these things. uscybergames.com/news/sv-us-…

In AD CS exploitation series, here comes Manual exploitation of AD CS ESC1 vulnerable certificate template using Windows certreq binary: youtube.com/watch?v=y81WyCKZ…

Certi-Bhai PowerShell scripts to exploit AD CS ESC2 and ESC3 vulnerable certificate templates. ESC2.ps1: github.com/incredibleindishe… ESC3.ps1: github.com/incredibleindishe… Demo video: youtube.com/watch?v=fGjrM-JK…

Blog post about my recent CVE-2025-58726, aka “The Ghost Reflection” is out, read it here: semperis.com/blog/exploiting… 🙃

--==[[ Privilege escalation from IIS defaultAppPool to NT Authority/SYSTEM without *potato exploit ]]==-- Last year, I chained NTLM relay and AD CS web enrollment endpoint to perform privilege escalation from IIS virtual account to NT Authority/SYSTEM youtube.com/watch?v=Tt2nkiaO…

Last month, @d_tranman and I gave a talk @MCTTP_Con called "COM to the Darkside" focusing on COM/DCOM cross-session and fileless lateral movement tradecraft. Check out the slides here: github.com/bohops/COM-to-the… Recording should be released soon.

Last session of @MCTTP_Con by Rajat Singh and @IndiShell1046

Zero-Day? CVE for documentation smells? I’d suggest to get ready for another “flood of CVEs” based on e.g. github.com/blacklanternsecur… 😬

I have launched YSoNet (ysonet.net) and added #SharePoint CVE-2025-49704 payload generator to it as the first thing. Here is how this can work: Running command: ``` ysonet.exe -p sharepoint --cve=CVE-2025-49704 -var 1 -c "calc" ``` Running C# code: ``` ysonet.exe -p sharepoint --cve=CVE-2025-49704 -var 2 -c "C:\\temp\\ExploitClass.cs;System.dll" ``` Payloads will be url-encoded already. YSoNet is a fork and replacement of YSoSerial .Net (for me) and I will try to maintain my own version now to have full control over the settings. There are many things I have to change there but all changes will be gradual. Of course you can still use the great YSoSerial .NET repo but I won't be the one maintaining it. Hopefully I can make @pwntester proud 😊