Security Review #286

This blog post describes what a Task Injection attack is, how this type of attack differs from Prompt Injection, and how it is particularly relevant to AI agents designed for a wide range of actions and tasks, such as computer-use agents.

We describe hash shucking, a technique using NTLM (NT) hashes as a wordlist in Hashcat's NT Modes, letting us quickly validate password reuse across NTLMv1 and NTLMv2 challenge-responses, Kerberos 5 etype 23 tickets, and DCC/DCC2 hashes.

This post shows how to achieve a full authentication bypass in the Ruby and PHP SAML ecosystem by exploiting several parser-level inconsistencies. Attribute pollution, namespace confusion, and void canonicalization attacks allow an attacker to completely bypass XML Signature validation while still presenting a perfectly valid SAML document to the application.

This article examines the security implications of the Model Context Protocol (MCP) sampling feature in the context of a widely used coding copilot application. We demonstrate that without proper safeguards, malicious MCP servers can exploit this feature for a range of attacks.

Proxmox is the convergence of two worlds: Linux privilege escalation and persistence techniques, with hypervisor-specific capabilities that most defenders aren't monitoring. When you compromise a Proxmox host, it unlocks potentially owning every VM it manages, and doing so in ways that traditional endpoint detection can't currently see.

We present a full dissection of the widely used ValleyRAT backdoor, also known as Winos/Winos4.0, covering its modular architecture and plugin system. The analysis reveals the advanced skills of the developers behind ValleyRAT, demonstrating deep knowledge of Windows kernel and user-mode internals, and consistent coding patterns suggesting a small, specialized team.

We uncover UDPGangster, a UDP-based backdoor that enables remote control of compromised systems by allowing attackers to execute commands, exfiltrate files, and deploy additional payloads—all communicated through UDP channels designed to evade traditional network defenses.

We discovered an exploitable pattern, dubbed "Zombie Workflows" in GitHub Actions that lets attackers exploit seemingly fixed vulnerabilities.

We detail how to protect from USB-based attacks, from detection techniques and forensics to prevention strategies to stop malware, data theft, and unauthorized access.

A brief guide to extracting and interpreting core WhatsApp artifacts on Android and iOS

We analyze how attackers, with elevated privileges, can use their access to stage Windows Kernel post-exploitation capabilities. Specifically, we will evaluate how Kernel post-exploitation can be used to blind ETW sensors and tie that back to malware samples identified.

We found that SCOM RunAs credentials could be obtained on-host and also off-host in certain configurations and wrote a tool to help automate their recovery.

SCOM suffers from insecure default configurations, enabling attackers to escalate privileges, harvest credentials, and ultimately compromise the entire management group and its monitored infrastructure.

This blog is about a vulnerability on macOS which impacts every third party installer if they try to run a privileged command from within the application bundle. It lies in the installation process when a malicious application is installed before a privileged one with the sam ename. It leads to privileged code execution.

In this post, I explain how one can utilize the Chrome DevTools Protocol to delegate C2 HTTP-traffic.

In this blog, we will analyze the technical characteristics of the Avaddon ransomware: Windows-targeted RaaS, AES-256 encryption, anti-recovery, double extortion, and affiliate-driven.

We explain how compromised GitHub Personal Access Tokens (PATs) enable secret theft, malicious workflows, and cross-cloud lateral movement.

This blog post demonstrates how a modern variant of an hardware attack found in the 2000's allowed the extraction of a EUR12 smartwatch's firmware using only cheap and robust hardware.

We break down an infostealer attack that combines the ClickFix technique with a shared chat containing malicious user guides on the official ChatGPT website.

Decentralized C2 via EtherHiding reshapes cyber threats, using blockchain for resilient payload delivery.

I discovered CVE-2025-12744, a local privilege escalation affecting Fedora Linux. This post details how I chained a 12-byte command injection in the ABRT daemon into a three-stage exploit to escape the systemd sandbox and gain root.

This post demonstrates the use of seccomp user notifications to inject a shared library into a Linux process. It relies on seccomp user notifications enabling user-space injection from parent to child without any LD_* environment variables or privileged capabilities, regardless of the ptrace_scope configuration.

'HashJack' is an indirect prompt injection techniques that exploits the URL fragment to embed malicious instructions that may be executed by AI browser assistants. Because the URL fragment is processed only on the client-side and is not sent to the web server, this attack bypasses traditional network and server-side security controls.

We explores how auto-generated .NET SOAP client proxies (via WSDL) can be abused, focusing on weaknesses in SoapHttpClientProtocol and related classes. We provide practical exploitation for NTLM relay, arbitrary file write, webshell and paload drops through WSDL import.

We detail three exploitable vulnerabilities in Arista Next Generation Firewall. CVE-2025-6980 allows VPN session hijacking, CVE-2025-6979 a reflected cross-site scripting vulnerability leading to credential theft, and CVE-2025-6978 that can be abused by an administrator for root privilege escalation or chained with CVE-2025-6979 by an attacker for remote code execution.

In this blog, I talk about how to use Page Guard Exceptions to bypass AMSI. This technique leverages Page Guard Exceptions on the AmsiScanBuffer function and Vectored Exception Handlers (VEHs) to force an early return from the function before a full scan can occur.

We discovered an authentication bypass in FortiWeb (CVE-2024-53704) that lets attackers add their own admin accounts, take over the device, and erase evidence. The payload consists of a single HTTP POST request designed to bypass authentication and create a new user with administrative privilege in the web management interface.

A deep-dive into reverse-engineering an Unreal Engine 2 file format (.lin) for game assets.

The main focus of this blog is to give a push start to the beginners to get in the field of reverse engineering. We will view how the jump, if else and other similar conditions work in assembly language to crack a Linux C++ program with hardcoded password.

In this post, we will be walking through a simple C/C++ based reverse CMD shell over TCP.

In this post we will crack a Windows C/C++ program using a XOR encrypted password.

This nsecond part focuses on how to write enterprise grade malwares which are totally undetectable by Offline Antiviruses, and how we can code in C/C++ to use HTTP instead of TCP over Proxy, using hostname instead of IP addresses for C2 Servers and evading Firewall detection.

In Active Directory exploitation, Kerberos delegation is one of the main vectors of abuse. However Impacket doesn't get much coverage as a way to implement such attacks. In this article, I will focus on each type of delegation configured for both users and machines, and the most common attack paths for each.

For this third part of the series, we will focus on 64bit ARM CPU as currently it is most commonly used. Our setup includes Ubuntu 16.04 on ARM Cortex-A53 CPU, which supports both 32bit and 64bit instruction set. We will crack a C program with hardcoded password.

In this post, I will be using x64dbg to crack a Windows program with hardcoded password.

In this post, we will be using multiple ways to evade endpoint detection mechanisms and sandboxes.