Security Review #277

In this post, we show how one compromised agent can rewrite another agent's config and 'free' it, creating a cross-agent escalation loop. 'Freeing' in this context means that one agent helps another to break out of its sandbox by giving it additional capabilities.

We explain how we exploited CI/CD vulnerabilities in cross-fetch and GraphQL-JS by leveraging untrusted pull request code executed in privileged GitHub Actions workflows (Pwn Requests), and malicious payloads injected into GitHub Actions caches, later restored in privileged jobs (Cache Poisoning).

AI gated loaders are an alternative method of loading shellcode that makes use of simple concepts. First, the AI gated loader takes a narrowly focused snapshot of the host. Then, the AI gated loader prompts an LLM for a compact JSON decision. Finally, the loader executes only when the policy gates are satisfied.

This three-part series reveals how tiny weights edits can implant stealthy backdoors that stay dormant in everyday use, then fire on specific inputs, turning a "safe" offline model into an attacker. This first article shows how transformers encode concepts and how to detect them in its internal activations.

An example evasion attack against (probably) the worst machine learning classifier of all time. We will walk through a very primitive, low-dimensional example of a machine learning classifier. We’ll build the classifier with some deliberately terrible data, and then construct a compact shellcode loader that circumvents it.

In this article we recreate CVE-2019–13945, a half-second window after power-on where the Siemens Simatic S7–1200 listens for a secret knock (MFGT1) and immediately drops into a primitive bootloader. That bootloader isn’t a feature - it's a forgotten factory debug door that lets you dump firmware, run code, and poke the CPU.

AWS X-Ray Amazon’s distributed application tracing service can be turned into a covert communication channel. This technique leverages legitimate cloud monitoring infrastructure to establish bidirectional C2 communication.

We walk through the exploit chain being used to compromise Oracle E-Business Suite deployments - now tagged as CVE-2025-61882. This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password. If successfully exploited, this vulnerability may result in remote code execution.

We dissect a phishing attempt started with a legit Zoom doc email from HR. It redirects to a site with a fake bot protection gate and then to a Gmail credential phish. The attackers exfiltrate creds live over WebSocket and even validate them in the backend.

This article will be devoted to explaining how I reached arbitrary code execution from from a crash file obtained while fuzzing Atutodesk RFA files. Of particular interest is the technique I used to achieve ROP execution.

In this first part of the series, we will explore how memory analysis supports cyber security investigations, especially from a blue team perspective. We’ll learn how data in RAM can reveal active threats, user activity, and artifacts that are lost after shutdown.

I am sharing a vulnerability I found in an industrial generator smart platform. It lies in an insecure APIs that could enable remote control by anyone.

The Microsoft Entra ID AADSignInEventsBeta table provides the AuthenticationProcessingDetails column, a goldmine for hunting suspicious behavior. In this article, I'll highlight a few of the most useful fields I’ve worked with from this column and share some KQL examples that demonstrate how powerful this data can be for investigations.

In this write up we'll walkthrough the SAM (Security Accounts Manager) windows registry hive from a publicly available sample Windows10 memory image using Volatility3 in Windows Powershell and verify the results using Regripper and Registry Explorer.

We walk through 3 case studies of account takeover through XSS: Oauth token theft, XSS chained with cache poisoning, postMessage abuse with XSS.

In this second part, we'll dissect all the variables you need to obsess over before, during, and after memory acquisition. Think of this as your blueprint to forensically sound memory captures on Windows, Linux, and hypervisors alike.

The focus of this blog post will be documenting the process I had to take to get Lucid up and fuzzing on a real target. So far, Lucid has only worked on a toy harness/example, and so we need to see what kind of things need tweaking when a real target comes into play.

XWorm's modular design is built around a core client and an array of specialized components known as plugins. These plugins are essentially additional payloads designed to carry out specific harmful actions once the core malware is active. In this blog, we'll dissect the key plugins and additional payloads, including a script for persistence.

Domain join accounts are frequently exposed during build processes, and even when following Microsoft's current guidance they inherit over-privileged ACLs (ownership, read-all, account restrictions) that enable LAPS disclosure, RBCD and other high-impact abuses. We explore the associated risks and provide a comprehensive hardening guide.

We detail a variant of the SSH ProxyCommand vulnerability that relies on newline special character inserted into the username to provide (under certain conditions) remote command execution (RCE).

This post examines the Lenovo Display Control Center (DCC) architecture, analyzes underlying security flaws through IDA Pro and ProcMon analysis, and presents two distinct exploitation methodologies for achieving local administrative access: a race condition-based approach and a junction path exploitation technique.

In this short article, I detail a group of KQL queries used to flag network negotiations tagged as non-recommended TLS curves and cipher suites based on IANA.

Shuyal Stealer is an Infostealer targeting 19 different browsers using PowerShell scripts to streamline its data-theft operation. It takes an invasive approach by conducting deep system reconnaissance, collecting granular details about disk drives, input peripherals, and display setups. It also captures screenshots and clipboard contents, adding layers of context to the stolen data.

In this second and final part of the series, we provide a technical explanation on how to perform reflective driver loading leveraging Bring Your Own Vulnerable Driver (BYOVD) technique.

In this post, we share the results of the assessment of a widely used medical device. We evaluated its security posture, and uncovered several vulnerabilities such as man-in-the-middle, certificate parsing issues, or unitialized stack memory read.

FlipSwitch is a technique that bypasses the switch statement implementation in Linux kernel by directly patching the compiled machine code of the kernel's syscall dispatcher.

This article outlines the data available on iOS devices, depending on the different forensic acquisitions that can be made. The objective is to provide a comparison between the data present within different acquisitions that can be obtained from an iOS device, analyzing the specificities of Apple's operating system and related forensic implications.

In this article, I will explain the technical aspects of a vulnerability (CVE-2025-59489) that affects games and applications built on Unity. It lies in Unity Runtime’s process handling and allows to control command line arguments passed to Unity applications, enabling attackers to load arbitrary shared libraries (.so files) and execute malicious code, depending on the platform.

This article shows some examples of attacks that can abuse MySQL behavior when the strict SQL mode is disabled, especially when string characters are invalid in the current encoding. This happens when the encoding of the application (e.g. UTF-8) is wider than that of the database (e.g. ASCII).

This post discusses the inner workings of an encryptor invoking Win32 API methods in a way that evades common signature-based detection strategies and manual analysis methods.

In this post we will cover Supabase's history, give a concise overview of how it works and review the core security issues: insecure defaults, confusing policy systems, and common misconfigurations that can leave entire databases exposed to the internet. We will focus on hands-on examples and especially where to find these vulnerable instances.

We provide technical details and exploitation code for a WebAssembly type canonicalization bug in Chrome, leading to potential Remote Code Execution (RCE).

We detail a sophisticated exploitation of a stored XSS vulnerability in Zimbra's Collaboration Suite (CVE-2025-27915). The attack vector is a malicious .ICS file containing obfuscated JavaScript was used to exploit the vulnerability directly through email.

We provide root cause analysis, PoC and exploitation strategy for CVE-2025-37947, an out-of-bounds stream write in Linux Kernel ksmbd leading to a local privilege escalation.

We publish our analysis of a a Pre-Auth Command Injection vulnerability we discovered in Dell UnityVSA solution (CVE-2025-36604).

We detail an in-depth analysis of a 1-day vulnerability in the Linux kernel’s TLS subsystem, CVE-2025-39946. When exploited, this out-of-bounds vulnerability allows attackers to manipulate kernel memory, potentially leading to a NULL pointer dereference or even arbitrary memory writes.

We investigate a malware framework named CastleBot. It is mainly distributed through trojanized software installers downloaded from fake websites, luring unsuspecting users into launching the infection themselves. It then runs through a three-stage process: a stager/downloader, a loader and a core backdoor, which requests a set of tasks from its command and control (C2) server.

We discovered a critical vulnerability in the NVIDIA Merlin Transformers4Rec library that could allow an attacker to achieve remote code execution with root privileges. This vulnerability, tracked as CVE-2025-23298, stems from unsafe deserialization practices in the model checkpoint loading functionality.

This blog explains how attackers use direct syscalls to overcome most EDR solutions, by first discussing the conventional Windows syscall flow and how most EDR solutions monitor those calls. Then, we will dive into different attack techniques threat actors use to stay hidden from those EDR solutions, including the use of direct syscalls.

In this first part, we review the main concepts involved in reverse engineering. We will walk through compilers, assembly, registers and call stack.

We delve into Portable executable (PE) files, a Windows executable format: DOS and PE headers as well as the section table.

Microsoft's Azure Relay Bridge (azbridge) creates encrypted tunnels through Azure Service Bus infrastructure. Built for legitimate remote access scenarios, this open-source tool contains capabilities that transform it into sophisticated offensive infrastructure. We detail how azbridge can be abused to establish covert command and control channels that bypass enterprise security controls.

In this blog post, we'll explore one of the classic yet dangerous bugs - null pointer dereference. We'll break down what it really means, build a custom vulnerable driver, and see firsthand how it can bring down an entire Windows system with a blue screen of death (BSOD).