Juanma Fernandez

@XC3LL
356 Followers
89 Following
353 Posts
Just a biologist that loves to break cyber-stuff. Ka0labs / Adepts of 0xCC / ID-10-Ts member. 🦉
Juanma FernandezMay 12
Juanma FernandezMay 11
Lady Laura May 11
Juanma FernandezMay 3
Juanma FernandezApr 30
watchTowrApr 29

The Internet is falling down, falling down, falling down

Welcome back to another disaster - this time, an Auth Bypass in cPanel/WHM, tracked as CVE-2026-41940

Enjoy with us..
https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/

The Internet Is Falling Down, Falling Down, Falling Down (cPanel & WHM Authentication Bypass CVE-2026-41940)

Hello! Yes, it's all a disaster again! Let's get this party started: 0:00 /0:12 1× No comments today, so imagine this: * We wrote something that we find very funny, * Nobody else gets it, * But everyone humors us It's your typical watchTowr Labs blog introduction. What Is cPanel & WHM?

watchTowr Labs
Juanma FernandezApr 15

Who would have imagined that "raising the bar" in security was flooding internet with the vomit of AI so people can not read real articles or proof of concepts about public vulnerabilities.

If someone wrote something about the details of a vuln, you will not find it using search engines because now it has been buried by the infectious pus of bots spamming shit.

Juanma FernandezApr 10
buheratorApr 10
This comic needed an update
Juanma FernandezMar 30
dragosrMar 29
A walkthrough on patching Dell UEFI firmware at the SPI flash level to disable pre-boot DMA protection — bypassing the BIOS password entirely. The interesting part: the UEFI UI still reports the setting as enabled, and TPM measured boot doesn't detect the NVRAM change, so BitLocker unlocks normally. The patch also persists through official Dell BIOS updates. From there it's DMAReaper to kill IOMMU + PCILeech for a SYSTEM shell. Significant measured boot policy gap. https://www.mdsec.co.uk/2026/03/disabling-security-features-in-a-locked-bios/
Disabling Security Features in a Locked BIOS - MDSec

Overview This post explores how modifying a Dell UEFI firmware image at the flash level can fundamentally undermine platform security without leaving visible traces in the firmware interface. By directly...

MDSec
Juanma FernandezMar 13

RegPwn was a Windows 0-day that we were using for LPE in our Red Team for a year (discovered by Filip D. In January 2025). Unfortunately it got fixed 🥲

Good bye RegPwn 🫡

https://www.mdsec.co.uk/2026/03/rip-regpwn/

RIP RegPwn - MDSec

13th March 2026 As part of MDSec’s R&D work, we often discover vulnerabilities and develop exploits to support our red team engagements. When researching widely used software, it is often...

MDSec
Juanma FernandezMar 11
Ivan Ožić BebekMar 11
CVE-2026-26117: Hijacking Azure Arc on Windows for Local Privilege Escalation & Cloud Identity Takeover https://cymulate.com/blog/cve-2026-26117-azure-arc-windows-lpe-cloud-identity-takeover/
CVE-2026-26117: Hijacking Azure Arc on Windows for Local Privilege Escalation & Cloud Identity Takeover 

CVE-2026-26117 lets low-privileged users hijack Azure Arc, escalate to SYSTEM, and take over the machine’s cloud identity and RBAC access.

Cymulate
Juanma FernandezFeb 28
buheratorFeb 28
[RSS] Total Recall - Retracing Your Steps Back to NT AUTHORITY @MDSecLabs

https://www.mdsec.co.uk/2026/02/total-recall-retracing-your-steps-back-to-nt-authoritysystem/
Total Recall - Retracing Your Steps Back to NT AUTHORITY\SYSTEM - MDSec

The MDSec red team are regularly performing research to identify privilege escalation vectors in Windows and macOS for use during red team engagements. Where the indicators in exploiting the EoP...

MDSec