Information Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team

Exploiting vulnerability in the update mechanism of Windows Defender by using a symbolic link folder. Destroying or injecting code into Defender

The Pentagon publicly posts the stream keys to its Facebook, YouTube, and X channels, exposing livestreams to account takeovers.

Memory Integrity Enforcement (MIE) is the culmination of an unprecedented design and engineering effort spanning half a decade that combines the unique strengths of Apple silicon hardware with our advanced operating system security to provide industry-first…

At DefCon, Oligo Security revealed critical Apple CarPlay vulnerabilities, including CVE-2025-24132 in the AirPlay SDK. Learn how attackers exploit iAP2 and AirPlay to compromise connected cars, and why patching delays leave vehicles exposed.

I learn about cryptographic vulnerabilities all the time, and they generally fill me with some combination of jealousy (“oh, why didn’t I think of that”) or else they impress me w…

Key Takeaways The intrusion began when a user downloaded and executed a malicious file impersonating DeskSoft’s EarthTime application but instead dropped SectopRAT malware. The threat actor d…

We’re back - it’s a day, in a month, in a year - and once again, something has happened.

In this week’s episode of “the Internet is made of string and there is literally no evidence to suggest otherwise”, we present even further evidence that as a

Bidding farewell to one of the last kernel address leaks, CVE-2025-53136. Even patches can open new doors for exploitation.

Default‑deny HTTP(S) for dev tools and AI agents. Script rules in JS or shell, log every request, and keep egress within your policy.

Use the offensive tool WSASS to dump the LSASS memory area by exploiting the vulnerability in WerFaultSecure.exe

Python-based LDAP browser with GUI for AD pentesting & red teaming. Cross-platform PoC tool for exporting, searching & BloodHound integration.

In HTTP/1, the CONNECT method instructs a proxy to establish a TCP tunnel to a requested target. Once the tunnel is up, the proxy blindly forwards raw traffic in both directions. This mechanism is most commonly used to tunnel TLS traffic through forwarding…

Someone's trash is another person's web server.

I discovered two issues while using PureVPN’s Linux clients (GUI v2.10.0, CLI v2.0.1) on Ubuntu 24.04.3 LTS (kernel 6.8.0, iptables-nft)1. One affects IPv6 traffic, the other the system firewall.
1. IPv6 leak after reconnect After a network transition (e.g.…

We recently discovered a textbook example of this in Langfuse, a leading open-source LLM engineering platform with 16k stars on Github. A subtle flaw in its background job controls allowed any authenticated user to access highly sensitive administrative functions…

Personal projects, research, and other things I find worth sharing

We reverse the Android app, hook TUTK Kalay P2P with Frida, capture commands, find token remnants in memory, trigger SSRF to custom.wav, and show a treat-toss DoS.

IPv4/IPv6 Packet Fragmentation: Implementation Details Introduction In release v2.0, we’ve shipped PacketSmith with support for IPv4/IPv6 fragmentation detection and reassembly. Additionally, we’ve detailed some of the implementation details in the public…