Once a new technology starts rolling, if you’re not part of the steamroller, you’re part of the road.
Starred Articles
Let's talk about encrypted reasoning
05/28/2026I investigate "encrypted reasoning" blocks in Claude and OpenAI LLM APIs. These are opaque, signed ciphertexts containing a model's hidden chain‑of‑thought which can be replayed across sessions and leak information via size or timing side‑channels.
A technically rigorous, step-by-step walkthrough of how egghunters work, how to build them from scratch using the Keystone assembler, and how to weaponize them against a real 32-bit network service when the crash buffer is too small to hold a full payload.
In this article we demonstrate how new native AI features in Microsoft SQL Server 2025 can be weaponized to provide a practical channel for data exfiltration and C2 transport within the database engine itself.
A comprehensive analysis of modern supply chain attacks involving CI/CD abuse, GitHub compromise, credential theft, and package poisoning.
In this article, we will be uncovering the internals of kernel driver vulnerabilities and how to leverage them via the BYOVD (Bring Your Own Vulnerable Driver) method to eventually run pypykatz. We will use kernel access to disable PPL for the LSASS process and then proceed to dump the process to disk, XOR'ing it beforehand so it avoids detection by popular EDR solutions.
New Articles
In this second part, we introduce GoGatoZ - a purpose-built Go tool for GitLab CI/CD security auditing that can perform and automate the entire CI/CD kill chain - and point it at gitlab.com and run three large-scale scans.
In this blog post, we take a look at different ways that QEMU can be abused by adversaries to deploy virtual machines that contains and executed malicious payloads. This approach enables them to maintain covert access and bypass host-based detection from AV and EDR solutions.
We have chained PoolSlip (CVE-2026-9256) and Rift (CVE-2026-42945) vulnerabilities in Nginx to achieve an ASLR-independent RCE on the stock nginx image.
In this article we review what YARA rules are, how they work, where they fit in security operations, and why sandbox analysis can make it stronger.
AKS does not enable Kubernetes-level audit logging by default. In this article, we review the key components to be enabled at cluster creation to provide necessary incident response data.
Living Off The Land
06/02/2026We review some unexpected PowerShell commands we leverage for enumeration purpose from a compromised system.
A deep dive into Kerberos User-to-User (U2U) authentication and the primitives behind UnPAC-the-Hash, ADCS and shadow credentials.
Why is my shellcode being corrupted?
06/09/2026We explore the illusion GDB creates in Linux Binary Exploitation, uncovering issues with breakpoints and stack memory behavior in this detailed analysis.
In this article I present a technique for interfering with the client–server connection of an EDR through Policy-based QoS (pacer.sys) to set throttling on EDR agents, causing them to always time out, effectively blocking them
Hacking Google with A.I
06/10/2026We detail a dozen of vulnerabilities found in Google's infrastructure components. We also provide the design of the AI automation we setup to scan the 1,500 APIs calls, using about 3,600 different keys.
A Long-running BOF Component Contract
06/09/2026In this post, we’ll walk through the broad ideas behind the concept of Asynchronous PICOs design. And, I’ll then walk-through Long-running BOFs which is a demonstration of some Asynchronous PICO ideas but using a component contract.
Technical Analysis of MLTBackdoor
06/08/2026Technical analysis of MLTBackdoor, a new malware family that provides post-exploitation capabilities on demand and likely used by an initial access broker for ransomware attacks.
We detail a series of chainable flaws in Internet Explorer's legacy WebBrowser control that let an attacker with a modest XSS foothold (often on a localhost‑served app) auto‑download and execute malicious code, ultimately achieving remote code execution without needing extensive user interaction.
This post covers five routes threat actors use to reach LLM inference without paying for it: buying offensive models on underground forums, using front-end models using 3rd party LLM service that allows paying in bitcoin, using free-tier or keyless public APIs, hunting for leaked API keys in developer artifacts, and exploiting self-hosted LLM servers left open on the internet.
We detail the vulnerabilities leading to a full unauthenticated RCE chain in UniFi OS Server that lands a root shell in one request, exposing networks, doors, and cameras.
We discovered that Anthropic’s Claude Code GitHub Action could expose CI/CD workflow secrets when AI agents process untrusted GitHub content, including issue bodies, pull request descriptions, and comments.
We discovered and developed an exploit for a pre-authentication remote code execution vulnerability in IBM i Management Central (MGTC). The vulnerability allows an unauthenticated attacker to execute arbitrary CL commands as QSECOFR – the root-equivalent profile on IBM i – by abusing the MGTC packet protocol on port 5555.
Canonical Multipass Forensics 101
06/01/2026We investigate into how the Canonical Multipass app stores its virtual machines in Windows. We will first provide a brief refresher on Multipass, then focus on the 3 locations where we can find relevant artifacts.
In this second part of the series on Intune hardening, we provide an implementation guide for 11 controls. We will walk through the configuration path, decision points, and a validation test so you can confirm it is working. These controls are organized in the order they should b eimplemented during a hardening engagement.
We explains how to apply the GEPA (Genetic‑Pareto) optimisation framework - using measurable reward scores, actionable side‑information, and Pareto‑frontier selection - to automatically refine the prompt of a web‑CTF agent, resulting in a modest but consistent boost in solve rate, efficiency and speed across multiple challenges.
Shai-Hulud: Miasma
06/09/2026This article dissects Misama, a highly modular, anti‑analysis‑aware JavaScript worm that harvests credentials, exfiltrates them via stealthy GitHub repos, and spreads through package registries, GitHub Actions, and AI‑enabled development environments.
This post covers how I used OpenAI’s Codex to automate the generation, testing, and refinement of indirect prompt injection payloads against an agentic system using Sonnet models on Amazon Bedrock.
Still Recent
This is the story of how we found a new unserialize use-after-free in a code path that has been vulnerable since PHP 5.1, built a local exploit that bypasses disable_functions with no /proc access and no hardcoded offsets, then turned it into a remote exploit.
Exploiting Qualcomm's QAIC Kernel Driver
05/22/2026I detail a vulnerability in a Linux v6.18 kernel. It leaves behind a dangling page-table entry and therefore creates a page-level use-after-free scenario that can be leveraged to get a physical arbitrary read/write primitive I use for privilege escalation.
An overview of CVE-2026-2005, a heap buffer overflow in PostgreSQL's pgcrypto extension that allows remote code execution inside the PostgreSQL server process.
Oldies but Goodies
In this first part of the series, we talk about plundering self-hosted GitLab instances on internal networks - cloning public repos, running Gitleaks, and combining it all into a nice spreadsheet of secrets.
Unearthed Arcana
In this blog post we discuss how to debug Windows' Isolated User Mode (IUM) processes, also known as Trustlets, using the virtual TPM of Microsoft Hyper-V as our target.