Security Review #265

An attacker can trick Let's Encrypt (LE) to issue new TLS certificates for any domain that the attacker intercepts traffic for. The attacker can then decrypt the TLS traffic. This one thing that TLS is supposed to prevent from happening. The fault is that LE uses cleartext HTTP to verify the ACME-challenge (which the attacker can intercept).

In this write-up we present a malware sample found in the wild that boasts a novel and unusual evasion mechanism - an attempted prompt injection ("Ignore all previous instructions…") aimed to manipulate AI models processing the sample.

This blog outlines how to take advantage of the integrations between the components of ML training environments and infrastructure to facilitate privilege escalation and lateral movement, as well as how to conduct ML model theft and poisoning.

We delve into the details of a schizophrenic ZIP, an archive file that can be seen - when using two different programs - as having two different sets of files within. The actual behaviour can range from having totally different sets of files, to having extra or missing some files. One way or another, the content would be different.

This blog post demonstrates another variation of FileFix that utilizes social engineering to run a .hta file.

This writeup of the netexec workshop details all the steps of a typical AD-based intrusion scenario, from initial reconnaissance to post-exploitation via Kerberoasting, MSSQL misconfiguration abuses, GMSA password extraction and so on.

Some malware samples are known to do various checks to determine if they are running in a virtual machine. One of the common is to look for the CPU fan. In this article, we will see how to set custom SMBIOS data simulating the presence of a CPU fan in Xen and QEMU/KVM.

A technical analysis of the Qilin ransomware with IoC and YARA detection rule.

In this post, I'm going to cover a method for requesting Entra ID access tokens using a browser Single Sign-On (SSO) cookie. This is especially useful in scenarios where you’ve compromised a host that isn’t cloud-joined or hybrid-joined.

We discovered two local privilege vulnerabilities in Sudo. These vulnerabilities can result in the escalation of privileges to root on the impacted system. This blog explores how the Sudo chroot option can be leveraged by any local user to elevate privileges to root, even if no Sudo rules are defined for that user.

Symbolic links have been present in Windows systems almost since birth and have great potential, because with luck you can get LPE. This article will tell you in detail about symbolic links, the specifics of working with them, and will also clearly show you the logic of abuse to obtain LPE.

A critical Remote Code Execution flaw in Anthropic's MCP Inspector exposes AI developers to browser-based attacks via 0.0.0.0 and DNS rebinding. When a victim visits a malicious website, the vulnerability allows attackers to run arbitrary code on the visiting host running the official MCP inspector tool that is used by default in many use cases.

We discovered and exploited three stored cross-site scripting (XSS) vulnerabilities affecting every site hosted on Adobe Experience Manager (AEM) Cloud, due to insecure proxy behavior in Adobe’s CDN configuration.

Creating Beacon Object Files (BOFs) allows operators to extend the functionality of a C2 framework, though their development may sometimes involve hidden complexities that only become apparent after the BOF is executed. In this article, we introduce a BOF linting tool to address some of the common pitfalls.

GitHub Archive logs every public commit, even the ones developers try to delete. Force pushes often cover up mistakes like leaked credentials by rewriting Git history. In this article, we detail how deleted commits can be accessed to recover deleted secrets.

In this post, I introduce iOS unified Logs, describe them in relation to other data structures and talk about how they can be acquired using Unified Log Acquirer and Parser tool.

We uncovered and analyzed two critical vulnerabilities in ASUS' AsIO3.sys driver: a stack-based buffer overflow (CVE-2025-1533) and an authorization mechanism bypass (CVE-2025-3464) for which we developed a fully working exploit that escalates local user privileges to "NT SYSTEM".

In this blog post, we propose an implementation of Scatterbrain's obfuscation techniques in the context of adversary emulation. We reproduce it using LLVM, demonstrate its limitations and critical issues, and validate our work with the Mandiant de-obfuscator. Finally, we propose improvements to evade its recovery by the automated tool.

The objective of this blog post is to showcase and explain known techniques used by attackers to evade phishing restrictions. Two common approaches are specifically explained in this post: open redirects, URL shortening.

We discovered multiple cross-site scripting (XSS) vulnerabilities in Palo Alto Networks’ GlobalProtect VPN web application (CVE-2025-0133).

We discovered a leaked credential that allowed anyone unauthorized access to all Microsoft tenants of organizations that use Synology's "Active Backup for Microsoft 365". This flaw could be leveraged by malicious actors to obtain potentially sensitive information - such as all messages in Microsoft Teams channels. It was reported to Synology and tracked as CVE-2025-4679.

In this blog post, we will explore the newly introduced AppBound Encryption and introduce our C4 Attack (Chrome Cookie Cipher Cracker), which allowed us to decrypt the cookies as a low-privileged user, and abuse Google's new security feature to get access to data that should typically only be available to the privileged SYSTEM user.

A walkthrough of discovering and exploiting an XML External Entity vulnerability (CVE-2025-49493) in Akamai CloudTest through the /concerto/services/RepositoryService SOAP endpoint.

We have discovered several Azure built-in roles that are misconfigured to be over-privileged - they grant more permissions than intended by Azure. In addition, we discovered another vulnerability in the Azure API that allows attackers to leak VPN keys.

In this article, we compare two methods of bypassing Google reCAPTCHA v2 using Selenium: Token-based method using the recaptcha_v2 module and click-based method using the selenium-recaptcha-solver-using-grid module.

We identified a critical zero-click AI vulnerability, dubbed "EchoLeak", in Microsoft 365 (M365) Copilot. The chains allow attackers to automatically exfiltrate sensitive and proprietary information from M365 Copilot context, without the user's awareness, or relying on any specific victim behavior.

In this article, we'll break down how to use the MITRE ATT&CK Framework to assess coverage, identify blind spots, and improve your Security Operations function in ways that actually move the needle.

In this post, we'll be exploring a practical technique for abusing Chrome Remote Desktop (also known as Google Remote Desktop) within a Red Team operation.

A compromised backup, often taken after an initial breach, may contain hidden triggers that reactivate the attacker’s access upon restore. This post explores how malicious triggers in compromised backups can serve as persistence mechanisms for attackers and how to mitigate this threat.

This post will cover methodology for hunting fileless malware techniques that leverage the Windows Registry for staging payloads and persistence. The analytics presented are for Microsoft Defender for Endpoint (MDE) using KQL.

The SCTP protocol on Linux provides reliable communications largely for the telecommunications sector. While it has legitimate uses, it also can be a stealthy way to access Linux and avoid detection. In this article we're going to demonstrate a simple SCTP backdoor and how it can be missed by security teams. Then, we'll show you how to look for this kind of activity.

One phishing attack variant targets Gmail accounts by using Google's own infrastructure. In this article, we'll discuss the story of Mary, who fell victim to such an attack, and provide actionable tips on how you can protect yourself from these threats.

This writeup will describe a way to bypass a nonce-based Content Security Policy (CSP) in a pretty realistic scenario. You can get the nonce reused with bfcache falling back to Disk Cache after leaking it, then cause the HTML-Injection to be re-fetched by altering and requesting it uncached in between.

We discovered two local privilege vulnerabilities in Sudo. These vulnerabilities can result in the escalation of privileges to root on the impacted system. The research focused on infrequently used command-line options. This blog explores how the host option in Sudo can be exploited to execute commands on unauthorized hosts.

In this article, I aim to explain clearly how Supper works. Supper is a 64-bit Windows backdoor and tunnelling utility that operates as both a Remote Access Trojan (RAT) and a SOCKS5 proxy, offering threat actors persistent access to infected systems and the ability to route arbitrary traffic through victim environments.

We demonstrate that once an adversary can invoke MCP Server tools, they can leverage legitimate MCP Server functionality to read or write anywhere on disk and trigger code execution, leading to Directory Containment Bypass (CVE-2025-53110) and Symlink Bypass to Code Execution (CVE-2025-53109).

With data and identities distributed across different SaaS platforms, security teams face an increasingly difficult task: identifying and investigating suspicious user behavior that spans multiple systems. In this post, we’ll outline practical strategies security teams can use to investigate cross-SaaS threats, prioritize real risks, and keep incident response efforts efficient and consistent.

While testing a web application as part of a bug bounty program, I uncovered a critical RCE vulnerability by chaining directory traversal with a subtle CSV parsing abuse. The exploit chain involved a combination of directory traversal and subtle abuse of how the application used the pandas CSV parser, ultimately allowing me to overwrite the wsgi.py file and execute arbitrary code server-side.

We showcase CVE-2025-52566, a subtle integer overflow bug in llama.cpp’s tokenizer leading to heap-overflow, quietly hiding in plain sight for over a year.

In this second part of the series, I will be discussing another Azure native service we can leverage to to provide high reputation redirectors for command and control HTTP/S implant traffic: Azure Front Door.

Windows Services are a fundamental component of the operating system, running crucial applications in the background, independent of a logged-in user. This post explores what Windows Services are, how they function, and - most critically - how Blue Teams can detect their abuse, and how Red Teams can evade detection.

We detail CVE-2025-47812, a remote command execution (RCE) as root vulnerability on Wing FTP server from anonymous access.

This article explores OAuth phishing and token-based abuse in Microsoft Entra ID. Through emulation and analysis of tokens, scope, and device behavior during sign-in activity, we surface high-fidelity signals defenders can use to detect and hunt for OAuth misuse.

In the world of offensive security, stealth and evasion are paramount. Warhead is a project that explores an unusual and underutilized Windows feature: the Atom Table, repurposed for payload storage, retrieval, and execution. This blog post will serve as a complete deep dive into Warhead, its various capabilities, execution options, and practical use cases.

During routine malware analysis, I discovered a PowerShell-based dropper script being delivered from a malicious C2 domain: This script disables security controls, fetches 2 payloads (SectopRAT, HiJack Loader), exfiltrates data, and removes all traces of its execution.

We explain how we built a fuzzer for network applications that we tried to make as efficient and as effective as possible. We utilized custom mutators and input passing over shared memory and found that it gave us a huge speed and coverage boost compared to other network fuzzers.

This blog post details 5 vulnerabilities I discovered in SonicWall SMA 500: a heap overflow (CVE-2024-40763), a stack overflow (CVE-2024-45318), an authentication bypass (CVE-2024-45319), an insecure randomness (CVE-2024-53702), and a stack overflow in an Apache module (CVE-2024-53703).

Using cloud provider native services provides high reputation redirectors for command and control HTTP/S implant traffic. In this post we will look at how we can use Azure Functions to forward implant traffic.

In this article, we'll uncover what makes Log4Shell so dangerous and walk you through the techniques to identify, exploit, and weaponize them effectively. We'll also explore advanced and unique exploitation scenarios where bypassing Web Application Firewall (WAF) is necessary.

In this second part of my series on GCP C2 implant traffic forwarding, I will be talking about abusing the GCP API Gateway service for C2 implant connections.

I've been looking into options for abusing AWS services to forward HTTP Command and Control (C2) traffic. This post will talk about a number of approaches I found.

In this last part of the series about abusing GCP services for C2 implant connectivity, we will focus on Cloud Run functions.

In this post, we’re taking a closer look at a lesser-known use of wevtutil.exe, a utility built for managing Windows Event Logs, and how it can be leveraged as a powerful LOLBAS tool.

We investigate misuse of Microsoft Dev Tunnels, stealthily establishing Havoc C2 (Command & Control) connections. This abuse allows attackers to operate within trusted Microsoft infrastructure, bypassing many security controls.

This post will cover how we can front C2 servers using the Google App Engine and Cloud Run Google Cloud services.

In this guide, we'll examine C2 over QUIC through a network threat hunter's lens with the goal of deriving concrete detection patterns. We'll kick off with a brief overview of the key QUIC concepts essential, then dive into practical analysis using RITA, Wireshark, Zeek, and custom Python applications to examine real C2 over QUIC traffic to identify detection opportunities.

One of my favorite attack types is XML External Entity (XXE) Injection. In an effort to demystify this exploit, I'm going to break down how XXE works, some ways to exploit XXE vulnerabilities, and cover two real-world XXE attacks submitted by the SRT (with redacted data to protect client and SRT identities).