Security Review #281

Agent session smuggling is a novel technique where AI agent-to-agent communication is misused. It allows a malicious AI agent to exploit an established cross-agent communication session to send covert instructions to a victim agent. We demonstrate two proof of concept examples.

XLoader remains one of the most challenging malware families to analyze. Its code decrypts only at runtime and is protected by multiple layers of encryption, each locked with a different key hidden somewhere else in the binary. In this post me demonstrate a new way to use ChatGPT for malware analysis without relying on an heavy MCP tooling infrastructure.

This blog post describes how electronic passports work, the threats within their threat model, and how they protect against those threats using cryptography. It also discusses the implications of using electronic passports for novel applications, such as zero-knowledge identity proofs.

This blog post takes a deep dive into the offensive side of MSSQL security, exploring the quantities of attack vectors that can be exploited. From SQL injection to lateral movement via internal links, and from misconfigurations to the abuse of extended procedures, we'll cover a different attack perspective compared to the standard.

In this article, we'll explore web application servers' URL and header size limits from different servers and I'll showcase two possible attack scenarios using 431 and 414 status codes to leverage an XSS and escalate to full account takeovers.

A deep-dive technical analysis of CVE-2025-50168, a Windows kernel vulnerability (Type Confusion in DirectComposition). This post details how a 4-byte OOB write is escalated into an AAR/AAW primitive using IoRing to achieve Local Privilege Escalation (LPE).

I detail how to use tclsh as a LoLBin in MacOS to load local or event remote shellcode. It relies on Ffidl, http and tls packages which are installed by default.

You are exposed to PIC based shellcode constantly in today's widely used C2 platforms. In this series we will write such sheel codes from scratch, starting from a template in C++ and then wrtiting x64 assembly code modeled after this C++ program.

This paper provides comprehensive technical analysis of RondoDox v2, IOC extraction, XOR deobfuscation methodology, and detection guidance.

We discovered a simple technique that exposes the account ID of any valid S3 bucket, regardless of its privacy settings. This method leaves no trace in the target account's logs, making it a stealthy and effective method for enumeration.

The Azure AD Broker (AAD Broker) is a component of Entra ID that orchestrates Azure AD sign-in, device-bound primary refresh token (PRT) handling, and application token issuance exposed by Windows Runtime (WinRT) APIs. In this post, we'll map the broker's on-disk cache and show how to unpack its file formats.

We explore how machine accounts in Active Directory (AD) - typically seen as low-risk - can be exploited for persistence, lateral movement, and privilege escalation.

I detail how EDR-Redir V2 uses an alternater implementation of bind link technique with Program Files folder: create bind link for folder points to itself to break, bypass, block Antivirus and EDRs which are resistant to the previous versions.

An unauthenticated SQL Injection was discovered within the Geutebruck G-Cam E-Series Cameras. What makes this injection interesting is that the injected value uses a URL-Encoded XML CDATA block allowing us to use special characters such as single quote to break out of the intended query without also breaking the XML parser.

This blog post provides recommendations and insights into preventing, detecting, and responding to intrusions targeting privileged accounts. We buid our strategy on 3 pillars: prevention (securing privileged access to prevent compromise), detection (maintaining visibility), and response (taking action to investigate and remediate compromise).

We analyze Susvsex, a vibe coded ransomware that has successfully been published to the Visual Studio extension marketplace

We go into the details of four vulnerabilities in Microsoft Teams that allow attackers to impersonate executives, manipulate messages, alter notifications, and forge identities in video and audio calls.

In this post, I show the methodology I use to reverse-engineer the interface of a private XPC helper. In particular, we will review how to filter existing XPC helpers, check whether a service accepts connections, and script an XPC client in Objective-C.

Discover how attackers could manipulate the Linux /proc filesystem to hide malicious processes and distort forensic timelines. This technical deep dive highlights examples of command-line substitution and start time corruption, and offers detection and defense strategies for incident responders and security analysts.

We investigate events generated by the execution of EDR-Freeze to identify telemetry that could be used to detect such malicious activity.

We analyzed a new two-stage malware that we're naming LeakyInjector and LeakyStealer. The duo performs reconnaissance on an infected machine and targets multiple crypto wallets, including browser extensions corresponding to crypto wallets. The malware also looks for browser history files from Google Chrome, Microsoft Edge, Brave, Opera, and Vivaldi.

We uncovered a critical Out-Of-Bounds Write vulnerability in Ollama that occurs during the parsing of malicious model files and can lead to the execution of arbitrary code. In this blog post, we will explain the technical details of this vulnerability, walk you through a proof-of-concept to determine exploitability, and show how the bug was fixed.

The Elastic EDR relies largely on call stacks for its detection logic, providing a strong source of telemetry to base behaviour analysis on. In this article, we will detail how we can break signatures used in detection rules by using call gadgets to insert arbitrary modules in the call stack during module load.

We uncovered a new backdoor that is notable for its novel use of the OpenAI Assistants Application Programming Interface (API) as a mechanism for command-and-control (C2) communications. This blog post outlines our analysis of SesameOp and its inner workings and highlights the capability of threat actors to adjust their tactics, techniques, and procedures (TTPs).

Once an attacker has achieved initial access, the most critical task is to detect suspicious lateral-movement activity as early as possible. We create KQL queries to monitor activity on unexpected components of the network - routers, printers, cameras, SmartTVs, Raspberry Pi, etc.

We detail the steps taken to write an exploit for CVE-202-21479, a vulerability in the Samsung S23 GPU microcode allowing privileged commands to be executed from a userspace controlled buffer.

We demonstrate how Kernel Address Space Layout Randomization (KASLR) can be bypassed on Pixel devices without leaking the KASLR slide, by exploiting predictable behavior in the Linux kernel's linear mapping and physical memory layout.

We identified three security vulnerabilities in the Graphics Device Interface (GDI) in Windows: CVE-2025-30388, CVE-2025-53766 and CVE-2025-47984 allowing a remote attacker to perform out-of-bounds read and/or write memory operations, leading to remote code execution or unauthorized disclosure of sensitive information.

We discovered three vulnerabilities in Brother MFC-J1010DW, allowing complete remote compromise when chained together: an authentication bypass via SNMP, an unauthenticated firmware rollback, and a buffer overflow via the Referer header.

In this article we'll review the common techniques used for lateral movement, what Windows logs to watch for, and practical detective steps you can take right now. In particular we will focus on Named Pipes, Scheduler, Services, Registry, and DCOM (Event IDs).

We dive into the process of reversing known vulnerable drivers, exploring how to dissect their inner workings, uncovering their flaws, and understanding the exploit paths they enable. We’ll walk through identifying attack surfaces, tracing IOCTL handlers, and examining vulnerable code paths that attackers can abuse.

This second part will provide detection and deception tips for lateral movement techniques such as PowerShell Remoting & WMIC, Explicit Credentials (the mot underrated event), NTLM Relay Attacks, different types of Credential Theft and Reuse, and Abuse of Administrative Credentials & Tools.

We investigated the Qilin ransomware, uncovering its use of legitimate tools for credential theft and data exfiltration, and sophisticated methods for lateral movement, evasion, and persistence.

We dig into CVE-2025-12080, a vulnerability in Google Messages on Wear OS that wrongly handles ACTION_SENDTO (sms:, smsto:, mms:, mmsto:), allowing silent message sends without user confirmation.

This writeup examines security exploits affecting Android 13 and earlier (CVE-2025-48464), which enables arbitrary file exfiltration via a malicious Intent-scheme URL.

We analyze a hardware wallet that features iris recognition and uncover a stack overflow in the bootloader and logical flows in iris recognition process.

Client isolation prevents devices on the same WiFi network from communicating directly. However, I've developed a Python-based tool that bypasses WiFi client isolation by intercepting and manipulating WiFi frames. It proved to be efficient on open and WPA2-PSK networks.

CodeQL offers a variety of built-in features to help you diagnose and resolve issues in your queries. In this last part of the series, we'll dig into these features - from an abstract syntax tree (AST) to partial path graphs - using questions from CodeQL users as examples.

We detail how attackers may evade user-mode Linux security instrumentation by directly invoking 32-bit and 64-bit syscall interfaces.

In this part, we will learned how to model a new framework in CodeQL, using Gradio as an example, and how to use those models for finding vulnerabilities at scale.

This blog post is about analysing and testing the CVE-2025-9074 vulnerability, a critical vulnerability allowing an attacker to break out of a docker container on Docker Desktop, the Windows and MacOS version of Docker.

In this third part of the series, we will dig deeper about CodeQL and talk about variant analysis, writing a taint tracking query and various techniques for doing security research with CodeQL.

We uncovered CVE-2024-36904, a use-after-free vulnerability in the TCP subsystem of the Linux kernel, introduced 7 years ago. The root cause is a race condition where a time-wait socket’s reference counter is initialized after being inserted into a hash table. If accessed before initialization, the reference counter is zero, triggering warnings and potentially leading to a real use-after-free.

This blog post describes a methodology to sniff BLE communications using a relatively inexpensive SDR such as the HackRF One. We will learn BLE/SDR basics and how we overcame the three main challenges we encountered.

In this blog, I'll walk you through the core concepts of static analysis used by AV and EDR products to inspect files written to disk. I'll also demonstrate various techniques you can use to craft payloads that evade detection during this scanning phase.

Using Native APIs instead of Win32 APIs is a common mechanism to evade naive detections that assume every application will use the Win32 API function. In this blog I go through the internals of the system and explain why that approach works.

I recently started to experiment with hypervisors and their use for bypassing anti-cheat or anti-tampering systems. This post will describe the concept of hypervisor-assisted hooking and a few simple approaches to detect such hooks.

CodeQL is a static analysis tool that can be used to automatically scan your applications for vulnerabilities and to assist with a manual code review. In this blog, we will look closer at CodeQL and how to write CodeQL queries. In particular, we will see how to leverage GitHub's static analysis tool CodeQL to write custom CodeQL queries.

In this blog, we go through the basics of static analysis, the anatomy of static analysis tools, and the data flow analysis and taint tracking analysis methods. We review the three main components of most static code analysis tools: the parser, the internal representation, and the analysis of the representation.