But this was the most challeagning quarter due to the difficulty in cooperating with MS security, with so many incorrect assessments/dups/excuses. I really suggest MSRC leaders to hear some voice DIRECTLY (not questionaires via email) from the top reseachers on the leader board.

Congrats!

Awsome, looking forward 👀

Congrats!🥳🥳

Amazing!

Will discuss some examples/experiences/tips for looking for pre-auth RCE bugs in Windows compontents and reporting them to WIP bug bounty program. See you at #TheSAS2024

Just returned from the SAS2024 and really enjoyed the event. Everything well organized, good tecnical topics, beautiful sights. Everyone had lots of fun no matter you attend the conference as a listener or speaker. Highly recommended. #TheSAS2024

Hello Security Response, is there any legitimate process inside MSRC to escalate an issue if I beleive it's not assessed properly and fairly by current engineering team?

Write an Exp to pop shell and get your tickets to RE//verse Off-By-One Conference, BTW I like the password to the zip file 😆

Nice analysis but it seems this PoC is an information leak bug (CVE-2024-49113 ?) I reported that is incorrectly tagged as DoS. So instead of calling it LDAPNightmare I'd prefer LdapBleeding. And Security Response could you please help to correct the bulletin🤣?

As someone asked for clarification, to avoid confusion, the PoC by SafeBreach that they named "LDAPNightmare" is not CVE-2024-49112 but another LDAP information leak bug fixed in the same month

Here is the ironic side of vuln response based on CVSS score - especially when it comes to binary vulns. Everyone cares about CVE-2024-49112 because MS assigns CVSS 9.8 to this vulneraiblity, but never forget the score is highly affected by the skills of the analysis team behind

There were multiple LDAP related vulneraiblites fixed in Dec, and ironicly, CVE-2024-49112 - with the highest CVSS score - is actually less exploitable than some others IMO😂 I may cover this topic in some security conference this year

Congrats!

I'm unable to join the conference Insomni’hack 2025, so I write a part of content into a blog, hope you enjoy my blog. v-v.space/2025/02/18/Azu…

My great honor to be selected as an Off-By-One Conference speaker, let's reveal some interesting bugs under that mysterious AcceptSecuirtyContext API #OBO2025

Really enjoyed the 2 days in Singapore, thank you for the great event Off-By-One Conference StartsLab Jacob Soo

v-v.space/2025/05/15/CVE… RDG RCE sharing

CVE-2025-33070 is an auth bypass in the function NetrServerAuthenticate3 - which is the same function of ZeroLogon. But you need to force the DC into an out-of-memory state first to trigger the bug.