Security Review #270

This in-depth security analysis of a new form of clickjacking targeting browser extensions - especially password managers - through DOM manipulation. Unlike traditional iframe-based clickjacking, this technique exploits how extensions inject UI elements into the DOM and makes them invisible via JavaScript, tricking users into unknowingly revealing sensitive data.

This post traces the decade-long evolution of Ruby Marshal deserialization exploits, demonstrating how security researchers have repeatedly bypassed patches and why fundamental changes to the Ruby ecosystem are needed rather than continued patch-and-hope approaches.

This is the tale of how I found the Full Docker Escape that was attributed "CVE-2025-9074". The entire exploit takes two POST HTTP calls from inside any container: one to bind the host C drive to a folder in the container, and one to launch the container and start the execution.

This is a short story that describes an alternative way of breaking out of the Windows Out-of-Box-Experience (OOBE) and gaining access to the command line of Windows with the privileges of the user defaultuser0 who is part of the local Administrators group.

In this article, I will experiment with faking the image file path in the "CommandLine" of the process by using a Symbolic Link instead of overwriting the Process Environment Block (PEB). I will also conduct practical experiments with Process Explorer, Sysmon, and System Informer.

We take you on a journey into two unique pre-authentication RCE chains in Commvault. One works in any condition, the other one works if the built-in admin password hasn’t been changed since installation.

This article details the entire process of finding and exploiting a Windows local elevation of privilege vulnerability (CVE-2024-30088).

This post briefly review how to detect malicious TeamViewer use and goes into the details of relevant files and artifacts that can be leveraged in a DFIR context.

We analyze a sophisticated Android banking malware known as "Lazarus Stealer". The malware is built for persistence, operating silently in the background while exfiltrating sensitive data. It abuses high-risk permissions, default SMS privileges, overlay functions, and dynamic WebView content to carry out its operations.

In this post I explain how to approach reverse engineering of Windows WDM (Windows Driver Model) drivers. A driver in the end is just a regular PE that is loaded and executed with kernel privileges, usually by creating a service, and reversing IOCTL based WDM drivers (the most prevalent way drivers are developed) is very easy, as they always follow the same structure.

We provide technical analysis of a script that targets a critical zero-day vulnerability (CVE-2025–31324) in SAP NetWeaver's Visual Composer Metadata Uploader component. It automates its exploitation by constructing and sending an HTTP POST with an embedded payload, and optionally droping a persistent shell on the SAP server.

In this post we discuss a vulnerability that was present in Amp Code from Sourcegraph by which an attacker could exploit markdown driven image rendering to exfiltrate sensitive information.

There’s an OOB access in the cookie handling/parsing code of Fortinet's Web-Application-Firewall: FortiWeb (CVE-2025-52970). When exploited, it allows an unauthenticated attacker to force the server to use a predictable secret key for session encryption/signing, leading to a full authentication bypass.

WebClient is a common targeted service for NTLM relay attacks. In this post we will cover if it is possible to start the service remotely as a low privileged user. This will also dive into what is happening when the service is started and the associated protocols and technologies used.

We provide an extensive technical analysis of the HijackLoader malware, distributed through Dodi Repacks, a web site providing access to pirated games. We delve into the hijacked file, the loader setup, the TI module and the injection code.

There are various types of drivers categorized by purpose, such as Bus Drivers, Filter Drivers, FSDs, and Minifilters. In this article, we will explore the structure and operation of Minifilter Drivers, examine their internal components, and analyze potential vulnerabilities.

We explore Windows Sandbox, which allows users to create a disposable, isolated Windows container/VM within their host operating system, and detail how attackers can use it to exfiltrate data, bypass defenses, and evade forensics - plus key detection tips and mitigations.

We dive into the latest enhancements to the DSInternals PowerShell module, including the Golden dMSA Attack and support for LAPS, trust passwords, or BitLocker recovery keys.

Google Firebase is a popular back-end application development platform that provides several built-in components and services, allowing developers to seamlessly build interactive web and mobile applications. In this article, we will cover the most common security misconfigurations in targets that actively use Google Firebase Firestore or Storage.

We review the technique and tools used to enumerate Active Directory (AD) objects through the Active Directory Web Services (ADWS), as well as the possible detection and mitigation methods.

PDQ SmartDeploy used static, hardcoded, and universal encryption keys for secure credential storage. Low-privileged users may recover and decrypt privileged credentials, such as Local Administrator or Active Directory domain-joined accounts, from the registry of managed devices or from operating system (OS) deployment files stored on deployment servers.

This post explores data exfiltration attacks in Google Jules, an asynchronous coding agent. The vectors we will focus on are the image rendering function via Markdown syntax, and the view_text_website tool.

The Amazon Q Developer VS Code Extension (Amazon Q Developer) is vulnerable to prompt injection from untrusted data and its security depends heavily on model behavior.

Chromium File System APIs can be used for a variety of initial access scenarios. In this blog, we'll explore a scenario in which a user could be coerced into inadvertently (and indiscernibly) giving an attacker access to their entire home drive or other network shares.

Microsoft Visual Studio Code contains a vulnerability that allows attackers to bypass macOS Transparency, Consent, and Control (TCC) protections.

In this article, we are looking at CVE-2025-25256 - a pre-authentication command injection in FortiSIEM that lets an attacker compromise an organization’s SIEM.

We identified a novel phishing attack combining the latest phishing detection evasion techniques - including clever use of Active Directory Federation Services to get Microsoft to send victims to a phishing site using legitimate login URLs.

The Amazon Q Developer VS Code Extension (Amazon Q) is vulnerable to indirect prompt injection, and in this post we discuss a vulnerability that allowed an adversary (or also the AI for that matter) to run arbitrary commands on the host without the developer's consent.

We discovered XXE Injection (CVE-2025-8355) and Path Traversal (CVE-2025-8356) vulnerabilities in Xerox FreeFlow Core, a print orchestration platform. These vulnerabilities are easily exploitable and enable unauthenticated remote attackers to achieve remote code execution on vulnerable FreeFlow Core instances.

Sometimes people think they've found HTTP request smuggling, when they're actually just observing HTTP keep-alive or pipelining. This is usually a false positive, but sometimes there's actually a real vulnerability there. In this post I'll explore how to tell the two apart.

CodeRabbit is an AI code review tool. In this blog post, we explain how we got remote code execution (RCE) on CodeRabbit's production servers, leaked their API tokens and secrets, how we could have accessed their PostgreSQL database, and how we obtained read and write access to 1 million code repositories, including private ones.

We discuss a high severity vulnerability in Claude Code. The vulnerability allowed an attacker to hijack Claude Code via indirect prompt injection and leak sensitive information from the developer’s machine, e.g. API keys, to external servers by issuing DNS requests.

Windsurf, it is a fork of VS Code and the coding agent is called Windsurf Cascade. The attack vectors we will explore in this post allow an adversary during an indirect prompt injection to exfiltrate data from the developer’s machine.

Hardcoded credentials, pointless encryption, and generous APIs exposed details of every employee and made it possible to break into Intel internal websites.

This article details an EDR evasion technique relying on a fileless .NET Loader. Once downloaded via a memory execxuted script, the loader uses .NET reflection to load the assembly directly from memory without writing it to disk.

This post details how I extended the Mythic Poseidon agent to support ARM64 Dylib injection on Apple Silicon. The method leverages Mach APIs to enumerate processor sets, obtain task ports, and inject ARM64 shellcode that loads dynamic libraries (i.e., Dylibs) into non-hardened macOS processes.

Gemini models quite reliably interpret hidden Unicode Tag characters as instructions. This vulnerability has not been mitigated at the model or API level, hence now affects all applications built on top of Gemini. This includes Google's own products and services, like Google Jules.

In a recent red teaming engagement, we breached an internal network leveraging the Remote-SSH extension in Cursor, a popular VS Code fork. Therefore, the attack path we discovered likely affects the entire ecosystem of VS Code remote development, putting any developer who connects to an untrusted server at risk.

This post takes demonstrates how Jules can be convinced to download malware and join a remote command & control server.

XWe explain how Azure resources supporting Entra ID authentication expose tenant IDs, enabling attackers to attribute cloud resources to specific organizations at scale.

We discovered a Rust-based macOS malware, RustyPages. This post analyzes the dropper component, including its evasion tactics, persistence setup, and IOCs.

Recently, while auditing the main application of a private bug bounty program, I discovered a Client-Side Path Traversal (CSPT) and a Cache Deception vulnerability. Individually, these issues were unexploitable and had no real impact. However, when chained together, I was able to demonstrate Account Takeover.

This technical disclosure outlines a critical local privilege escalation (LPE) vulnerability in the Linux kernel's ipset subsystem, specifically affecting the bitmap:ip set type used for IP address filtering.

In this post, we'll share part of our research on alternative resource enumeration methods in AWS. Specifically, how a threat actor could use resource-explorer-2:ListResources, which previously did not log to AWS CloudTrail without additional configuration by customers through data events.

We will show how an attack can leverage invisible Unicode Tag characters that humans cannot see. However, the The Amazon Q Developer VS Code Extension AI agent will interpret them as instructions, and this can be used to invoke tools and other nefarious actions.

I ran into an HTTP 2.0 web service issuing password reset tokens from a custom encoding of (new Random()).Next(min, max) output. This led to a critical account takeover. Exploitation did not require scripting, math or libraries. Just several clicks in Burp. While I had source code, I will show a method of discovering and exploiting this vulnerability.

I discovered a security bug in the Linux MSG_OOB implementation (CVE-2025-38236). While the MSG_OOB feature is not used by Chrome, it was exposed in the Chrome renderer sandbox. I explore how such a bug can be exploited from inside the Chrome Linux Desktop renderer sandbox, escalating privileges directly from native code execution in the renderer to the kernel.

We analyze the MFA-resistant phishing kit employed by the threat actor PoisonSeed. This phishing kit is mainly used to acquire credentials from individuals and organizations, leveraging them for email infrastructure purposes such as sending emails and acquiring email lists to expand the scope of cryptocurrency-related spam.

This article explains what the PowerShell transcripts are, how to enable them, read them, and how to reconstruct an intrusion from a transcript.

In this post, we will see how breaking compiler conventions can help hiding code and how modifying non-volatile registers obfuscates control flow.

In this post we will look at Amp, a coding agent from Sourcegraph, and see that it interprets invisible unicode tag characters as instructions.

In this article I explore an alternative approach for privilege escalation on Windows: changing the admin password leveraging the ksetup.exe built-in tool.

QUIC-LEAK (CVE-2025-54939) is a pre-handshake memory exhaustion vulnerability in the LSQUIC QUIC implementation. This flaw allows remote attackers to crash vulnerable executables by memory exhaustion and enforce a denial-of-service (DoS).

I discovered a zero-click NTLM credential leakage vulnerability (CVE-2025-50154) that allows an attacker to extract NTLM hashes without any user interaction, even on fully patched systems. By exploiting a subtle gap left in the mitigation, an attacker can trigger NTLM authentication requests automatically, enabling offline cracking or relay attacks to gain unauthorized access.

This post is about an important, but also scary, prompt injection discovery that leads to full system compromise of the developer’s machine in GitHub Copilot and VS Code. It is achieved by placing Copilot into YOLO mode by modifying the project's settings.json file.

In depth walkthrough for using nested app authentication (NAA), for offensive engagements to access information and resources in different scenarios: building a request by hand to get conditional access policies (CAPs), using EntraTokenAid to activate a PIM role, using roadtx to get a Key Vault secret, using Maestro to get Intune devices.

This post aims to explore how attackers can abuse Azure DevOps (ADO) pipelines to extract credentials from pipeline identities and those using Workload Identity Federation and how this can be used to gain access to additional services including Azure Resource Manager (ARM) and TFC.

In this technical deep dive, we explore how reinforcement learning with verifiable rewards (RLVR) enables training compact specialist models that generates functional, evasive Cobalt Strike shellcode loaders capable of bypassing Microsoft Defender for Endpoint (MDE).

We found 4 vulnerabilities Axis.Remoting, Axis Communications’ proprietary communication protocol. An exploit chain specifically targeting those vulnerabilities results in pre-auth RCE on Axis Device Manager, a server used to configure and manage fleets of cameras, and the Axis Camera Station, client software used to view camera feeds.

Most of your targets often resort to using content delivery networks (CDNs) or other anti-DDoS reverse proxies to mask their origin IP, protecting the origin server from possible (injection) attacks while also improving content delivery speed. In this article, we'll explore common ways to identify the origin server's IP to bypass the reverse proxy, including some more advanced methods.

In this first part of the series, we focus on the latest wave of open-source, network-connected KVMs. We'll cover where to find them in the wild, how to detect them via network and host signals (plus SIEM), and what their source code reveals about their security posture.

Attackers deploying the LockBit ransomware improve their tactics, techniques, and procedures (TTPs) to evade detection. Among their arsenal, two techniques stand out for their effectiveness: DLL sideloading and masquerading. This blog post delves into how attackers leverage these methods to establish persistence and blend into legitimate system processes.

If you only have access to a valid machine hash, you can leverage the Kerberos S4U2Self proxy for local privilege escalation, which allows reopening and expanding potential local-to-domain pivoting paths, such as SEImpersonate.

In this guide, I'm going to show a simple but effective way to automatically block suspicious IPs using a small script and tools like iptables and Fail2Ban. These tools are powerful, lightweight, and can help secure your Linux server from brute-force attacks, bots, or any malicious traffic.

This blog post explores advanced techniques for bypassing WAFs by leveraging quirks in JavaScript event handling, alternative encodings, and character normalization. It demonstrates how discrepancies in how web application firewalls and browsers parse attributes can be abused to sneak XSS payloads past filters, with practical examples and real-world testing.

We discovered a vulnerability (CVE-2023–0704) in Chromium that makes it possible for web pages loaded inside Chromium to directly issue DevTools commands to the browser. These commands allow a malicious webpage to fully take over Chromium by writing arbitrary files, bypassing CORS, and opening new tabs.