r1cksecWhen Windows Defender realizes that a malicious file has a cloud tag it rewrites the file to it's original location. The PoC abuses this behaviour to overwrite system files and gain administrative privileges.
ALL people have the right to exist.
Rogan Dawes
- 271 Followers
- 340 Following
- 3.2K Posts
Infosec researcher @ OrangeCyberDefense.
ALL people have the right to exist.
ALL people have the right to exist.
Emma Tosch, Thought Follower"The death of a program happens when the programmer team possessing its theory is dissolved. A dead program may continue to be used for execution in a computer and to produce useful results. The actual state of death becomes visible when demands for modifications of the program cannot be intelligently answered."
-Naur, 1985
I feel like this essay should be taught alongside Twitter as a case study.
Will DormannFrom the same author as BlueHammer we now have RedSun.
This works ~100% reliably to go from unprivileged user to SYSTEM against Windows 11 and Windows Server 2019+ with April 2026 updates, as well as Windows 10, as long as you have Windows Defender enabled. Any system that has cldapi.dll should be affected.
Sim Barr
badkeysI reported an insecure DKIM key to Deutsche Telekom / T-Systems. They first asked me to further explain things (not sure why 'Here's your DKIM private key' needs more explanation, but whatever...). Then they told me it's out of scope for their bugbounty.
I guess then there's really no reason not to tell you: They have a 384 bit RSA DKIM key configured at: dkim._domainkey.t-systems.nl
384 bit RSA is... how shall I put it? I think 512 bit is the lowest RSA key size that was ever really used. 384 bit RSA is crackable in a few hours on a modern PC (using cado-nfs). The private key is:
-----BEGIN RSA PRIVATE KEY-----
MIHxAgEAAjEAtTliQYV2Xvx1OGkDyOL799BTFEuobY2dn2AgtiKCQgrh78NVK1JK
j0yRXgNnPpGBAgMBAAECMF0t+TBZUCi8xATSMij7VLTxv5Xi5OIXesNiXOKtYIRP
LkpYfR5PggaMScfbmqSssQIZAMwOhm9d7Y7Qi7I2j1AlYbiqdtqO54T7FQIZAONa
9dJFkC6lM3EPXR+0SZ4dqwwpiM0nvQIYYgz8thi5JK264ohq9sTvnu9yKvUN9I09
AhgfgMYZKcxtujRjkSZtMzUUNLYzzDmJe90CGDKwqcBI0v9ChaR8WHht+/chMdxj
7ez94w==
-----END RSA PRIVATE KEY-----
CodeByJeff
dan_nanniSysdig is one of those hidden gem tools that shows exactly what your Linux system is doing in real time — system calls, containers, network traffic, file access — everything, no guessing.
Here are useful sysdig command examples 😎👇
Find high-res pdf ebooks with all my cybersecurity related infographics at https://study-notes.org/cybersecurity-infographics.html
#linux #cybersecuritytraining #infosec #informationsecurity #cloudsecurity
Tim (Wadhwa-)Brown 
Knee deep in u-boot...
Prof. Sam LawlerTrying to edit a stupid FCC comment on Yet Another Fucking Stupid Orbital Data Center (fuck you, Blue Origin) and I need to go outside and rage-scream for a while. And I have an easily accessible hayfield to rage-scream in!! (Also maybe baby goats, I'll check for those too #BabyGoatCountdown)
Mike Shewardi was quite surprised to discover that no one had registered deleteduser [dot] com, and was curious to see how many emails i'd get if i registered it, assuming many orgs 'delete' logic probably just overwrote the email address with [email protected] or similar.
The answer, is at least 3 different orgs in the hour that I've owned that domain and been listening for email.
And yes, all of those emails contain the actual PII of the person who has been 'deleted' :-D