The recently exploited SharePoint vulnerability chain known as ToolShell (CVE-2025-53770) has shown once again that patching alone isn’t enough. Attackers gained unauthenticated remote access to vulnerable on-premises SharePoint servers, planted web shells, and exfiltrated cryptographic keys to enable further exploitation.| Nextron Systems
GMO Flatt Securityの大崎です。RubyKaigi 2025の弊社ブースで「バグバウンティクイズ」に回答いただいた皆様ありがとうございました。 私はブースには立ちませんでしたが、今回作問を担当しました。各脆弱性の解説ブログとして本記事を執筆させていただきます。 ブースでも主に紹介させていただいたセキュリティ診断AIエージェント「Takumi」に関しては以下のバナーより...| GMO Flatt Security Blog
“So we wait, this is our […]| hn security
CVE-2021-1732 is a 0-Day vulnerability exploited by the BITTER APT organization in one operation which was disclosed in February this year[1][2][3]. This vulnerability exploits a user mode callback opportunity in win32kfull module to break the normal execution flow and set the error flag of window object (tagWND) extra data, which results in kernel-space out-of-bounds memory access violation.| iamelli0t’s blog
Follow us on Twitter @Hackread - Facebook @ /Hackread| Hackread - Latest Cybersecurity, Tech, Crypto & Hacking News
Blog Contributors: Adeeb Shah @hyd3sec & John Jackson(@johnjhacking)| Boku
I had the pleasure to present my research about the IPC mechanisms of Kaspersky products at the IV. EuskalHack conference this weekend. My main motivation for this research was to further explore the attack surface hidden behind the self-defense mechanisms of endpoint security software, and I ended up with a local privilege escalation exploit that could be combined with an older self-defense bypass to make it work on default installations. I hope that the published information helps other cur...| Silent Signal Techblog
At the end of last month, McAfee published a fix for a remote code execution vulnerability in its Security Scan Plus software. Beyond Security, who we worked with for vulnerability coordination published the details of the issue and our PoC exploit on their blog. While the vulnerability itself got some attention due to its frightening simplicity, this is not the first time SSP contained similarly dangerous problems, and it’s certainly not the last. In this post, I’d like to share some add...| Silent Signal Techblog
Renewal paper of my GIAC Penetration Tester certification:| Silent Signal Techblog
We worked for a big company in Hungary and there were some HP-UX targets. I got local user access easily to the servers but the operating system was HP-UX 11.31 without public privilege escalation sploit. This is not a big deal, this happens very often. I checked the backups, the file and directory permissions, admin scripts and many other things with no success. This UID 0 mission took me more than a day! I couldn’t believe that I couldn’t get root privilege! I downloaded all the SUID/SG...| Silent Signal Techblog
Inspired by the Windows Remote Dektop bug (CVE-2012-0002) I created a simple network protocol fuzzer. This is a dumb fuzzer that only changes every single byte value from 0 to 255:| Silent Signal Techblog
pwning your kernelz| Blog
