Video showcase of the recent WinRAR 0-day, CVE-2025-8088, uncovered by ESET after threat actor RomCom exploited it in the wild leveraging alternate data streams & path traversal on Windows -- we examine the uncovered RAR file and a proof-of-concept demo! youtu.be/rkMNOC8fhUQ

Not again... Citrix, the company that keeps on giving. cyberplace.social/@GossiTheDog/1… If you want to check your systems: github.com/fox-it/citrix-…

🚨 WhatsApp 0-Day Vulnerability Exploited to Hack Mac and iOS Users Read more: cybersecuritynews.com/whatsapp-0-day… A sophisticated attack campaign has leveraged a previously unknown zero-day vulnerability in WhatsApp on Apple devices to target specific users, the company has confirmed.

Finishing off the week with a writeup of CVE-2025-0309 - Netskope Windows Client LPE This was one of the bugs we demo’d in our DEF CON #ZeroTrustTotalBust talk. Also releasing a NachoVPN plugin and our 🆙skope PoC. Details on the AmberWolf blog: blog.amberwolf.com/blog/2025/augu…

🔍 Working on something interesting: NTSleuth - a Windows syscall extraction tool with a twist... Would anyone be interested in a tool that: 🎯 Extracts ALL syscalls from Windows (ARM64/x64) 🤖 Auto-resolves function parameters 📊 Found 2,461 syscalls on Win11/ARM64 📝 Outputs

Please join me on the next Off By One Security stream with guest Eugene Lim (spaceraccoon | Eugene Lim ) on 4-Sept at 6PM PT for a session on "0-day Hunting Strategy!" This will be a great session for those interested in vulnerability research! Note the time at 6PM PT youtube.com/watch?v=dMt2qy…

im back to experiments yay

#AppSec #Red_Team_Tactics 1⃣. Silent Harvest: Extracting Windows Secrets Under the Radar - sud0ru.ghost.io/silent-harvest… // this exploration shows how Windows’ own internals can be leveraged to bypass both access controls and common EDR detections with minimal code 2⃣. Operating

QOL: Introducing NetExec module categories 📚 With NetExec’s rapid growth, the number of modules has increased significantly. To give a clearer overview, I’ve added categories. It’s a “best fit” approach, so not perfect, but should give a better idea of what’s available.

Disassembly of the Latest Ukrainian Starlink Drone

⚠️ Trojan in disguise: PDF editor backdoor The “AppSuite PDF Editor” poses as a legit tool but is a backdoor: most of its code supports malware functions, including C2 comms, scheduled tasks, and AES-encrypted data exfiltration. Persistence is full, cleanup needs system repave.

Bootloader vulnerability and firmware decryption in TP-Link (Tapo) C210 cloud cameras watchfulip.github.io/28-12-24/tp-li… Credits Watchful IP #embedded #infosec

Want to play old arcade games? Grab a broken machine, reverse-engineer it, and emulate it with an FPGA! 🕹️🖥️👾💡🎮 More details on: LinkedIn: linkedin.com/posts/dlaskov_… Substack: it4sec.substack.com/p/want-to-play…

🚀 We just released 3 new labs as part of our Python Code Review Badge! These labs walk you through real vulnerabilities: you’ll spot the issue in the code and then review the patch that fixed it. Start practicing now: pentesterlab.com/badges/python-…

Cloudflare 403 bypass to time-based blind SQLi: PL: (select(0)from(select(sleep(10)))v) → 403 but PL: (select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'%5C"%2B(select(0)from(select(sleep(6)))v) → Time-based Blind SQLi #BugBounty #SQLi

Writing exploits for MS-RPC services. An interesting case study of DoS inside Local Session Manager and how an exploit dev process looks like. A great post by Remco van der Meer (incendiumrocks). Source: incendium.rocks/posts/Exploit-… #redteam #blueteam #maldev #malwaredevelopment

🚨 Very concerning 0-click zero-day vulnerability for sale: allows unauthenticated attackers to execute arbitrary code with SYSTEM-level privileges on fully patched Windows 10/11 and Windows Server 2022 systems. The exploit is “reliable, low-resource, and bypasses the latest

Oh, that's nice! I've done something similar recently with a vibe coded HTTP proxy server run in context of the target user to access the needed web resource behind domain authentication instead of an LDAP relay 😁

How to access servers behind Cloudflare by bypassing the firewall? FearsOff Cybersecurity #bugbountytips #cloudflare #firewall #bypass 1) Found a sweet hostname but Cloudflare Firewall blocks you? There's a neat trick attackers can use if the origin is misconfigured.

Hacking Amazon's eero 6 by Naz Markuta markuta.com/eero-6-hacking… markuta.com/eero-6-hacking…