0x40k

Whoa, this .LNK file thing is seriously messed up! 😳 Can you believe eleven government-backed hacking groups are exploiting a HUGE Windows vulnerability, and MS is just... ignoring it?! Like, for YEARS?! Seriously?!

As a pentester, let me tell ya: Sometimes, it's the tiniest stuff that causes the biggest headaches. Shortcuts can be super tricky, so double-check 'em before you click. There might just be a nasty surprise waiting for you.

Thing is, automated scans aren't gonna cut it here; you really gotta dig in manually. 🧐 And hey, don't forget: Security's a journey, not a destination. It's a process, not a product!

So, what are your thoughts on this? How do *you* protect yourself from stuff like this? 🤔 Let me know in the comments!

Mar 18, 2025 at 3:09pmWeb
Show threadKevin Karhan Mar 18, 2025

@0x40k well, #Microsoft to this day has a #Backdoor in the #CryptoAPI that remains unfixed to this day...

GitHub - kkarhan/windows-ca-backdoor-fix: Fixes a critical backdoor in Windows' CryptoAPI, which allows to unconsenting Update of CA Certificates in the background. See https://www.heise.de/ct/ausgabe/2013-17-Zweifelhafte-Updates-gefaehrden-SSL-Verschluesselung-2317589.html

Fixes a critical backdoor in Windows' CryptoAPI, which allows to unconsenting Update of CA Certificates in the background. See https://www.heise.de/ct/ausgabe/2013-17-Zweifelhafte-Updates-gefae...

GitHub