I just finished up a phone call with a "stealth startup" that was pitching an idea that agents could generate code securely via an MCP server. Needless to say, the phone call did not go well. What follows is a recap of the conversation where I just shot down…

Secondary Context Path Traversal vulnerability in Omnissa Workspace One UEM (CVE-2025-25231) that leads to pre-auth API access as a super admin.

Intro: How They Got In: Dissecting Major Breaches from the Hacker’s View

Some memory corruption bugs are much harder to exploit than others. They can involve race conditions, crash the system, and impose limitations that make a researcher's life difficult. Working with such fragile vulnerabilities demands significant time and…

I discovered how to use CSS to steal attribute data without selectors and stylesheet imports! This means you can now exploit CSS injection via style attributes! Learn how below: Someone asked if you c

This post traces the decade-long evolution of Ruby Marshal deserialization exploits, demonstrating how security researchers have repeatedly bypassed patches and why fundamental changes to the Ruby ecosystem are needed rather than continued patch-and-hope…

Apprenez à relayer NTLM sur HTTP via GLPI en pentest interne. Guide technique avec ntlmrelayx, Impacket et recommandations sécurité.

RansomLeak is an interactive 3D security awareness training platform built to use in your LMS via SCORM.

Background: Modern adversaries increasingly hide command-and-control (C2) traffic inside cloud services. We built this proof of concept…

Because we can!

Drivers are a common part of every Windows environment, and many of them provide low-level functionality. This blog details how to connect…

Technical deep-dive into CVE-2025-53149, a heap-based buffer overflow in the Windows Kernel Streaming WOW Thunk Service driver (ksthunk.sys).

A vulnerability in Electron applications allows attackers to bypass code integrity checks by tampering with V8 heap snapshot files, enabling local backdoors in applications like Signal, 1Password, and Slack.

Imagine if you could peek into the books of India’s biggest companies — before quarterly earnings were announced. By simply looking at…

Background: Modern adversaries increasingly hide command-and-control (C2) traffic inside cloud services. We built this proof of concept…

Intercepting and analysing the traffic is one of the important parts of the pentest, whether it’s a mobile, web or desktop application. On…

Learn how to bypass TLS certificate validation on Linux using LD_PRELOAD for security research and debugging of embedded systems and native applications

On September 5, 2025, GitGuardian discovered GhostAction, a massive supply chain attack affecting 327 GitHub users across 817 repositories. Attackers injected malicious workflows that exfiltrated 3,325 secrets, including PyPI, npm, and DockerHub tokens via…

Exploiting the mechanism that automatically searches for additional executable files when Windows detects that the requested file does not exist