Security Review #298

In this article, I’ll show how Amazon Bedrock AgentCore can be abused to establish persistence in a very different way. Because this is a GenAI service, the backdoor isn’t just infrastructure. It’s interactive. It’s something the attacker can literally talk to.

A combination of regular expression patterns, entropy, and rule-based filters are an effective way to detect candidate secrets. This post examines whether Byte-Pair Encoding can serve as a more effective alternative to entropy for secrets scanning.

I explain how, by giving LLMs just a thin, well‑defined threat model and focusing on narrow code slices we can efficiently discover real, exploitable bugs and provides practical "prompt‑injection" tricks to steer the model toward finding those needle‑in‑the‑haystack vulnerabilities.

This article shares our perspective on the current state of authentication and authorization in enterprise-ready, remote MCP server deployments. We'll first outline the most common attack vectors. Understanding these threats is essential to properly frame the security challenges that follow.

DDNS over HTTPS (DoH) encrypts DNS queries inside standard HTTPS. That’s it. One sentence. But the forensic and security implications of that one sentence are enormous. This post explains how it works, what the wire looks like, and how attackers exploit it.

This blog post introduces red team operators to Tailscale concepts and tradecraft that can be leveraged in the reader compromises Tailscale keys in their target environment.

I analyze BattlEye's Kernel Anti-Cheat Driver, and see how much of its internals I can recover through static and dynamic analysis.

We analyze a highly sophisticated Android Banking Trojan with integrated Remote Access Trojan (RAT) functionality, leveraging advanced evasion techniques and real-time VNC-like remote control via WebSocket. Its design allows comprehensive device surveillance, including SMS, call logs, contacts, notifications, and banking app monitoring.

This third part of the series addresses the PowerShell logging topic. The goal, once we identified that powershell.exe ran with an encoded command is to know that encoded command actually did after it decoded and executed. We review how to enable and process module, script block and transcription logging.

We observed three "ClickFix" campaigns that shifted from Windows‑focused lures to macOS‑specific attacks, using AI‑related bait (e.g., fake ChatGPT/Atlas pages) to trick users into running malicious terminal commands that download the MacSync infostealer. 

I detail how XSS and misconfigured Tauri desktop apps can lead to RCE, with real-world security research and exploitation insights.

Modern post-exploitation frameworks provide the ability to customize C2 network traffic using malleable C2 profiles. Using simple configuration files, operators can transform HTTP requests and responses according to their needs. This blog post aims to showcase Conquest’s profile system and all the features it provides.

Root cause analysis and PoC for CVE-2026-28292, a remote code execution in simple-git. A missing regex flag bypasses two prior CVE fixes (CVE-2022-25912, CVE-2022-25860).

I discovered a remote code execution vulnerability on the Tapo C260 after a fun journey of reverse-engineering and understanding its interactions with TP-Link Cloud.

Ransomware operators are ditching the usual tools for Microsoft's own AzCopy, turning a trusted Azure utility into a data exfiltration powerhouse.

FortiClient EMS 7.4.4 has a pre-auth SQL injection (CVE-2026-21643) in multi-tenant routing that lets attackers inject SQL via a crafted Site HTTP header.

Our latest research shows how Microsoft Copilot email summaries can be manipulated by attackers, creating new phishing risks through trusted AI-generated interfaces.

A CS student's experience using a Flipper Zero and AI to reverse-engineer an NFC laundry card, and some thoughts on what it means for systems like these.

GitHub email notifications are being abused to deliver vishing content. Individuals are targeted with messages containing fake invoices, charges, or billing updates from recognizable brand names, urging the victim to contact a fake support phone number. The immediate impact may be theft of personal information or financial loss for an individual.

Technical analysis of ShotBird, a previously featured Chrome extension that was turned into a remote-controlled malware channel after an apparent ownership transfer. The malicious version beaconed to attacker infrastructure, received callback-delivered JavaScript tasks, stripped browser security headers, injected fake Chrome update lures, and captured sensitive form data.

IPVanish macOS VPN exposes a critical privilege escalation flaw via unauthenticated XPC, allowing any local user to execute code as root.

In this blog post, we’ll show a few concrete examples of high-impact vulnerabilities that are found by audit taskflows specialize in finding web security vulnerabilities. like accessing personally identifiable information or signing in with any password into a chat application. We’ll also explain how the taskflows work, so you can learn how to write your own.

In this post I introduce Brainworm, promptware that infects computer-use agents like Claude Code using only natural language, and can receive natural language tasking.

Your SOC monitors human sign-ins. Attackers compromise service principals. Here’s how to detect the full NHI kill chain - with production-ready queries.

CVE-2026-26117 is a chain of vulnerabilities in Azure Arc agent services for Windows that lets a low-privileged user hijack service communications, impersonate the machine’s cloud identity, escalate to NT AUTHORITY\SYSTEM and even trick it to connect to an attacker-controlled tenant instead.

I introduce ised, a feature to properly use the Crystal Palace Yara rules generator. ised is a tool to insert and replace code in a program at locations matching instruction patterns. This feature can surgically break an attractive signature target.

We review CVE-2025-68402, an authentication bypass in FreshRSS, a self-hosted RSS aggregator. It is a good example of how over-engineering can hurt the security of an application: a commit meant to strengthen the crypto ended up removing the need for a valid password.

A deep dive into chaining DOM XSS, drag-and-drop abuse, postMessage hijacking, and cookie bombs to steal OAuth tokens - all from one drag and one click.

In this first part of a the series, we explore Linux rootkit taxonomy, trace their evolution from userland shared object hijacking and kernel-space loadable kernel module hooking to modern eBPF and io_uring-powered techniques.

CVE-2026-20820 hits the Common Log File System (clfs.sys), a driver that has been a literal goldmine for Elevation of Privilege (EoP) bugs in the past years. Labeled it a "Heap-based Buffer Overflow", I bindiffed the patch and truned it into a privileged system shell.

While not new, a self-referencing LNK file in combination with winget configuration instructions can be a viable initial access payload for environments where the Microsoft Store is not disabled.

LuaJIT-based malware is distributed through GitHub. The repos impersonate several tools containing a ZIP archive with a LuaJIT loader chain. The final payload, fetched from a GitHub dead drop and decrypted through a four-layer chain (hex, XOR, base64url, AES-ECB), is a StealC information stealer.

In this article, I will be talking about some artifacts and methods to know users’ web activities even if the main browsers’ related DB were not available such as History, Places.sqlite, formhistory, etc. depending on the browser.

We identified an integer overflow vulnerability in the PQescapeInternal function, which is called by PQescapeLiteral and PQescapeIdentifier. When a string of a certain length containing single or double quotes or backslashes was passed and the vulnerability was exploited, libpq calculated an allocation that was too small. It then wrote data hundreds of megabytes past the end of the allocated memory.

Through this post we’ll walk through what all goes into a Windows shortcut, the tooling I developed, the resulting CVE, and potential future areas of research.

A dive into how I built an AI-based vishing model using various APIs and EC2 instances.

BodySnatcher (CVE-2025-12420) exposes a critical agentic AI security vulnerability in ServiceNow. The flaw allows unauthenticated attackers to impersonate any ServiceNow user using only an email address, bypassing MFA and SSO.

How we found an authorization bypass in the open-source MLflow tracking server by reasoning across protocols and surfaces - and why this class of bug is so hard to catch.

We explore LLM fingerprinting and its role in exposing vulnerable Ollama servers online to unauthorized access risks.

In this post, I cover how kernel anti-cheat systems work at an architectural level: the callbacks they register, the memory scanning they perform, the detection techniques they use. I end up with small proof-of-concept drivers and WinDbg demos to illustrate each concept.

Details of a UAF vulnerability in cryptodev-linux leading to privilege escalation.

We analyze how using a combination of regular expression patterns, entropy, and rule-based filters are an effective way to detect candidate secrets.

Step-by-step guide to rooting an Android Virtual Device (AVD) using rootAVD for security testing. Enable root access for Frida, dynamic analysis, and more.

Your LDAP detection rules work in the lab but fail in production. In this article, we explain why Event 1644 whitespace variations break your Sigma rules and how to fix them.