Security Review #253

We have discovered a critical vulnerability in the Model Context Protocol (MCP) that allows for "Tool Poisoning Attacks." Many major providers such as Anthropic and OpenAI, workflow automation systems like Zapier and MCP clients like Cursor are susceptible to this attack.

This article details a known plain-text attack against password protected ZIP files.

NTLM relay attacks have been around for a long time. However, they are more complicated than many people realize. While there are many great resources on this old attack, I wanted to consolidate everything you need to know about NTLM into a single post.

We'll briefly cover the fundamentals of COM and its distributed counterpart, Distributed Component Object Model (DCOM), dive into the RunAs setting and why authentication coercions are impactful and introduce a new credential harvesting tool - RemoteMonologue.

In just a few clicks, you can configure Beelzebub, an LLM-powered honeypot, to create a proactive deception layer without any complex infrastructure changes. This article explores this innovative approach that transforms your existing Kong infrastructure into a powerful threat intelligence platform for modern cloud-native environments.

We investigate CVE-2025-22457, a buffer overflow in Ivanti Connect Secure with characters limited to periods and numbers.

We introduce the concepts behind wsrp4echo, a chain vulnerability that exploits WSRP - Web Services for Remote Portlets - misconfigurations and can lead to RCE in Java-based web application.

In this first part of the series, we'll cover the key Salesforce internals related to security as well as the main risks an organization is exposed to.

I detail 3 data extraction vulnerabilities I found in Deep Pack Inspecttion (DPI) mechanism of Palo Alto PanOS.

CVE-2025-29927 is a critical vulnerability found in Next.js that allows attackers to bypass middleware authorization. In this article we'll explore how the vulnerability works and how developers can secure their Next.js applications against it.

Deep within the system lies a powerful yet often overlooked artifact - the .fseventsd directory. This little-known database logs file system modifications, making it invaluable for forensic investigations. Let's dive into how it works and how you can leverage it for file activity tracking.

Extended attributes might be hidden from plain sight, but they play a crucial role in macOS's security and file management system. In forensics operations, knowing how to inspect and interpret these attributes can be incredibly useful.

Spotlight is more than just a search tool - it's a treasure trove of metadata for investigators. By leveraging Spotlight databases and command-line tools, forensic analysts can uncover a wealth of hidden information about file activity, ownership, and sharing history.

In digital forensics, Windows artifacts are hidden gems that tell the story of system and user activity. In this article, we'll focus on one of the most underrated yet powerful system artifacts: "Prefetch".

WMI can be leveraged for Execution, Discovery, and Lateral Movement by executing commands on remote machines. In this article, we review a WMI-based attack and how we can build high-fidelity detections for suspicious activity.

There are various Indicators of Compromise (IOCs) and pieces of intelligence that we can extract to gain deeper insights into one-on-one chats or ChatCreated events. Each of these elements provides valuable context for detecting potential threats, identifying malicious activity, and enhancing security monitoring.

Outlaw is a persistent Linux malware leveraging simple brute-force and mining tactics to maintain a long-lasting botnet. In this article, we provide technical insights into its behaviour and operational pattern.

We provide a technical analysis of a malicious campaign chaining a a stealthy malware loader known as Emmenhtal with SmokeLoader malware, allowing threat actors to leverage its modular capabilities for deploying additional malware dynamically.

When investigating security incidents, you need quick and effective queries to analyze logs, detect anomalies, and identify threats. Here are five key SPL queries that every incident responder should know.

Investigating the use of OpenID Connect (OIDC) within CI/CD environments, we discovered problematic patterns and implementations that could be leveraged by threat actors to gain access to restricted resources: loosely configured policies, reliance on user-controllable claim values and ability to leverage poisoned pipeline execution (PPE).

In this third instalment of our series, we'll take a technical deep dive into the sophisticated tools threat actors use to execute phishing attacks, with particular focus on frameworks that can bypass traditional MFA solutions.

Fast Flux is the rapid shuffling of the IP address that a domain name resolves to obfuscate the attacker's infrastructure. In this article, we'll go over what Fast Flux is and how Sysdig Secure detects this attack technique. We'll also cover gathering potential Fast Flux domain names from VirusTotal.

Crocodilus is a fully-fledged threat from the outset, equipped with modern techniques such as remote control, black screen overlays, and advanced data harvesting via accessibility logging. This article explores the features of Crocodilus, its links to known threat actors, and how it lures victims into helping the malware steal their own credentials.

We analyze Earth Alux APT. It mostly exploits vulnerable services in exposed servers to gain access and uses VARGEIT as its primary backdoor and control tool, along with COBEACON. It then uses DLL sideloading, which can include execution guardrails and timestomping techniques via the RAILLOAD (loader component) and RAILSETTER (installation and timestomping tool).

I found a way to execute my implant in environment with strong Windows Defender Application Control (WDAC) policies configured, using the new WinDbg Preview (WinDbgX.exe) installed via the Microsoft Store.

In this short blog, I discuss a simple method to bypass Windows Defender SmartScreen without disabling a GPO or changing settings for Defender.

On Entra ID joined hosts, it's possible to obtain a primary refresh token (PRT) cookie from the logged in user's logon session, enabling an attacker to satisfy single-sign-on (SSO) requirements to cloud resources. This blog examines how an operator can perform situational awareness steps prior to making a token request and how tokens can be effectively used once obtained.

Ligolo MP automates port forwarding and routing, saving you from manually configuring each service or connection. In this guide, we'll walk through how to use Ligolo MP to set up local port forwarding and pivoting.

This blog post demonstrates how an untrusted MCP server can attack and exfiltrate data from an agentic system that is also connected to a trusted WhatsApp MCP instance, side-stepping WhatsApp's encryption and security measures.

The AWS Systems Manager (SSM) Agent processes commands and tasks defined in SSM Documents, to be executed on target systems. These documents can include one or more plugins. Improper validation of these plugin IDs can lead to path traversal, allowing attackers to manipulate the filesystem and execute arbitrary code with elevated privileges.

This post provides a technical explanation of a Remote Code Execution (RCE) vulnerability discovered in pgAdmin. To exploit this vulnerability, an authenticated user must be able to send a specific POST request to the pgAdmin server.

In this article, we will learn what subdomain takeover vulnerabilities are, we will cover ways on how to identify them (and distinguish non-vulnerable cases) and also document almost all possible exploitation vectors to help you escalate your initial finding.

In the first part of this practical guide, I'll introduce you to Kubernetes (K8s) from a penetration testing perspective, including basic information, vocabulary, and how to identify and explore Kubernetes instances.

We discovered two major vulnerabilities in MachForm that could be exploited by an authenticated attacker. They allow the execution of arbitrary SQL queries (SQL injections) in the database in order to read form data to which the attacker has no access, retrieve configuration information, and may allow arbitrary account theft.

We detail an SQL injection vulnerability (CVE-2024-22406 and CVE-2024-42357) we discovered in Shopware.

This article provides a simple yet effective means of detecting whether a process is running under LLDB.

We discovered an interesting code injection vulnerability, CVE-2025-3248, in Langflow, a popular tool used for building agentic AI workflows. This vulnerability is easily exploitable and enables unauthenticated remote attackers to fully compromise Langflow servers.

In this first part, we establish basics to understand the Windows execution flow, what are antiviruses and how they work. We also explain how to setup a lab and provide basic C++ code to execute a shellcode generated through msfvenom.

In this second article we show-case various techniques that, when added together, allowed us to bypass Defender detection, despite using a very well-known shellcode. We also provide basic to advanced C++ code, explaining the different steps undertaken.

Many people have a DVB receiver in their homes, which offers a large attack surface that many don't suspect. As these devices can require an internet connection, they provide a cool entry point to a local network. In this article, we'll dive into the internals of the protocol and the flaws in its implementation.

I recently identified a security vulnerability in the Verizon Call Filter iOS app which made it possible for an attacker to leak call history logs of Verizon Wireless customers.

We discuss CVE-2024-47595 that addresses 2 local privilege escalation vulnerabilities in SAP, from sapsys to root affecting setuid binaries.

In this blogpost, I wanted to explore whether kernel-code execution was still possible despite HVCI that ensures at the hypervisor level that only signed drivers can be loaded within the kernel, and kCET that makes techniques such as KernelForge non-functionnal.

In this article, I detail a small script I use to identify all the Git Actions used in a repository.

In this blog we will investigate a Node.js infostealer and see how its code can be deobfuscated using an Abstract Syntax Tree (AST) parser.

This article introduces a series that aims to equip you with comprehensive knowledge and practical strategies to defend against modern phishing attacks.

In this second part, we explore the various types of phishing attacks and how to recognise them. By recognising the types of attacks, the psychological triggers they exploit, and their warning signs, organisations can begin building appropriate technological and human defences.

A technical exploration of a trivial Local Privilege Escalation Vulnerability in CCleaner.

Cookie Tossing can be used to hijack multi-step flows. In this article, we wanted to expand on the limited research and demonstrate that Cookie Tossing can be used to hijack OAUTH flows and lead to Account Takeovers at the Identity Provider (IdP). We provide a real-life example by exploiting CVE-2024-21583 on GitPod.

CVE-2025-3155 affects Yelp which is The Gnome's user help application. It allows an attacker to exfiltrate any file from the targeted user home directory.

The CVE-2024-53141 is an out-of-bounds access vulnerability that was exploited during kernelCTF. In this post, I will analyze the root cause of the vulnerability and its exploitation.

We detail 3 different ways to create VPN over SSH: badvpn's tun2socks, built-in tunneling, PPP over SSH.

TeamViewer user passords can be easily decrypted and used to provide privilege escalation. This can lead to remote comtrol of target systems (CVE-2019-18988).

We detail an attack chain relying on a bug in SAP which, when exploited, escalated to root-privileges. We then leverage an underlying insecure NFS configuration to execute lateral movement throughout all the UNIX systems attached to said network shares.