Initial Access Attack in Azure - Understanding and Executing the Illicit Consent Grant Attack in 2025
https://www.alteredsecurity.com/post/initial-access-attack-in-azure-understanding-and-executing-the-illicit-consent-grant-attack-in-202
https://www.alteredsecurity.com/post/initial-access-attack-in-azure-understanding-and-executing-the-illicit-consent-grant-attack-in-202
Altered Security
Initial Access Attack in Azure - Understanding and Executing the Illicit Consent Grant Attack in 2025
Table of Contents:1. Importance of Initial Access in 20252. Introduction to 365-Stealer3. Understanding Illicit Consent Grant Attacks • Scenario: ECorp vs. PentestCorp • Why This Attack Is So Dangerous for ECorp4. The 365-Stealer Tool: Features and…
Exploiting the Source Engine’s network protocol to leak vtable pointers
https://mrnbayoh.github.io/blog/source-engine/2025/06/30/offensive-on-the-source-engine-network-protocol-part-1.html
https://mrnbayoh.github.io/blog/source-engine/2025/06/30/offensive-on-the-source-engine-network-protocol-part-1.html
nba::yoh’s blog
Offensive on the Source Engine Network Protocol - Part 1: InfoLeak
Write an awesome description for your new site here. You can edit this line in _config.yml. It will appear in your document head meta (for Google search results) and in your feed.xml site description.
Reproducing a million-dollar bug: WhatsApp CVE-2019-11932 (with AFL & Frida)
https://www.ibm.com/think/x-force/reproducing-million-dollar-bug-whatsapp-cve-2019-11932-afl-frida
https://www.ibm.com/think/x-force/reproducing-million-dollar-bug-whatsapp-cve-2019-11932-afl-frida
Ibm
Reproducing a million-dollar bug: WhatsApp CVE-2019-11932 (with AFL & Frida) | IBM
Dive into research on a double-free vulnerability, CVE-2019-11932, in an image processing library used by WhatsApp and a GIF-processing vulnerability affecting Android mobile phones.
dive into the world of some of the recently published potato techniques
https://www.r-tec.net/r-tec-blog-windows-is-and-always-will-be-a-potatoland.html
https://www.r-tec.net/r-tec-blog-windows-is-and-always-will-be-a-potatoland.html
www.r-tec.net
r-tec Blog | Windows is and always will be a Potatoland
This blog post will dive into the world of some of the recently published potato techniques that can lead to more serious risks than
what the zero day marketplace looks like in the U.S. and how it compares to China.
https://www.atlanticcouncil.org/in-depth-research-reports/report/crash-exploit-and-burn/
https://www.atlanticcouncil.org/in-depth-research-reports/report/crash-exploit-and-burn/
Atlantic Council
Crash (exploit) and burn: Securing the offensive cyber supply chain to counter China in cyberspace
If the United States wishes to compete in cyberspace, it must compete against China to secure its offensive cyber supply chain.
CVE-2023-52927 - Turning a Forgotten Syzkaller Report into kCTF Exploit
https://seadragnol.github.io/posts/CVE-2023-52927/
https://seadragnol.github.io/posts/CVE-2023-52927/
SeaDragnoL
CVE-2023-52927 - Turning a Forgotten Syzkaller Report into kCTF Exploit
my first CVE - my first kCTF
From cheap IoT toy to your smartphone: Getting RCE by leveraging a companion app
https://www.synacktiv.com/en/publications/from-cheap-iot-toy-to-your-smartphone-getting-rce-by-leveraging-a-companion-app
https://www.synacktiv.com/en/publications/from-cheap-iot-toy-to-your-smartphone-getting-rce-by-leveraging-a-companion-app
Synacktiv
From cheap IoT toy to your smartphone: Getting RCE by leveraging a
The Journey of Bypassing Ubuntu’s Unprivileged Namespace Restriction
https://u1f383.github.io/linux/2025/06/26/the-journey-of-bypassing-ubuntus-unprivileged-namespace-restriction.html
https://u1f383.github.io/linux/2025/06/26/the-journey-of-bypassing-ubuntus-unprivileged-namespace-restriction.html
Buried in the Log. Exploiting a 20 years old NTFS Vulnerability
https://swarm.ptsecurity.com/buried-in-the-log-exploiting-a-20-years-old-ntfs-vulnerability/
https://swarm.ptsecurity.com/buried-in-the-log-exploiting-a-20-years-old-ntfs-vulnerability/
Пятничный опрос.
Кто круче? 😎
Кто круче? 😎
Final Results
22%
Threat hunter
64%
Reverse engineer
13%
Forensic investigator