🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

This July marks the 30th year anniversary of the publication of my PhD thesis on Reverse Compilation Techniques. In 1994, little did I know the impact this pioneering work would have on the security community that grew up in the 2000s. 🎉 Celebration events to be announced!

Hey Adnan Khan ... that contributor for the XZ shenanigans that everyone is digging into also was making typo changes in MS repos - github.com/MicrosoftDocs/…. Gee, I wonder what they might have been trying to do with that contributor status from it being approved.

The recent Xz #supplychain attack is very, very interesting. Honestly it’s quite impressive how the threat actor obfuscated their payload. This highlights the risks of downloading release binaries from GitHub directly as the backdoor was only in the release assets.

Just Anthony Weems doing Anthony Weems things.

Anybody else wish that the underhanded coding competitions were still a thing? After all the XZ shenanigans I'd love to see some underhanded buildscript techniques. Though I still want C and a million other languages too. What kind of prize would be enough to entice folks?

Very excited to present this with Anthony Weems! See you in Berlin! (Ezequiel Pereira and 那个火饺🦆(JJ)) were also working on that project and will also be there :)

I'm releasing an extremely detailed post on GitHub Actions cache poisoning on Monday. After GitHub's attestation beta launched I did some testing on how cache poisoning can tamper with those too: github.com/AdnaneKhan/Act… github.com/AdnaneKhan/Act… 🧵:

I've just released a blog post on a local privilege escalation vulnerability we identified in Ant Media Server via JMX. It's definitely worth digging into JMX or RMI whenever you run into it as these protocols are generally pretty high risk. praetorian.com/blog/local-pri…

The Mines of Kakadûm: Blindly Exploiting Load-Balanced Services by Simon Scannell and Anthony Weems is now live!

Proud of the Praetorian Red Team for having two separate tools accepted to BlackHat Arsenal this year. You’re going to want to keep an eye out for the releases. Will link when announced!

We just released a blog post on some GitHub Actions related vulnerabilities we identified in RSPack that would have allowed us to perform a supply chain attack through NPM token compromise. praetorian.com/blog/compromis…

Automated Self-Hosted GitHub Runner takeover has been coming along very nicely. Installs another self-hosted runner an an existing one via fork PR. Will be released during BlackHat / DEF CON conference window.

vx-underground member Rad being interviewed at x33fcon (Rad? More like Chad 😎)

Yo dawg, I heard you like backdoors so I backdoored your backdoor scanner with a backdoor so I could backdoor anyone using puppet. I think this is like the third mega supply chain attack Adnan has found in like...under 12 months. Definitely hyped for the upcoming talks!

Before joining Google, I submitted some Cloud bugs to the Google Vulnerability Rewards Program (VRP). Today, we announced a dedicated Cloud VRP and I'm so excited to be a part of the program that got me into Google in the first place. Send us vulnz 🙂 cloud.google.com/blog/products/…

I've been reversing various browser extension Identity protection products. Push's detection for Evilnginx is rather disappointing - though I do hope I'm missing something given they raised a 15M$ Series A to only come up with this. gist.github.com/rad9800/bb73de…

github.com/praetorian-inc… Harald is an in-memory tiny high-level CPU, able to process a set of instructions to generate application-layer protocols to be used over a given network protocol (TCP/UDP). Harald will consume a stream of OPCODES and apply different transformations to

Our owl Mario just published a small VM to generate application-layer protocols. Define your protocol from scratch with opcodes! github.com/praetorian-inc…

While exploring new persistence techniques on Windows, I found that Microsoft’s Text Services Framework (TSF) is a hidden gem for maintaining access on systems with admin rights. Read more: praetorian.com/blog/leveragin…

Make sure y’all are prepared for this. #phishing #Hacking Going to be 🍿 once TAs start using it. github.com/praetorian-inc…