| Info | https://chudypb.github.io |
SolarWinds RCE (@chudypb), Windows 11 Recall-based LPE (@filip_dragovic), Robot RCEs (@olivier_boschko + @ruikai), EDR as a RAT (@p0w1_), and more!
https://blog.badsectorlabs.com/last-week-in-security-lwis-2026-03-02.html
We promised we'd be back!
Join us on our journey, from repro'ing N-days to stumbling into 0-days in SolarWinds Web Help Desk, eventually achieving pre-auth RCE.
This research fuels the watchTowr Platform, our Preemptive Exposure Management technology.
It’s been a while, but we’re back - in time for story time. Gather round, strap in, and prepare for another depressing journey of “all we wanted to do was reproduce an N-day, and here we are with 0-days”. Today, friends, we’re looking at SolarWinds Web Help
I’ve launched a free legal advice service for security researchers.
Computer misuse, responsible disclosure, vendor threats, bug bounties, employment issues, police contact — when hacking and the law collide, I’ll try to help.
help.pwn.legal
Boosts appreciated.
RE: https://infosec.exchange/@albinowax/116018773839725691
I'm happy to be on the TOP 10 list for the second time, this time with the fun SOAP stuff.
I'm even more happy to see ORM research in 2nd place. I saw it live during BHEU and it was awesome 🤟
Someone knows Bash disgustingly well, and we love it.
Here's our analysis of the Ivanti EPMM Pre-Auth RCE vulnerabilities - CVE-2026-1281 & CVE-2026-1340.
This research fuels our technology, enabling our clients to accurately determine their exposure.
When Ivanti removed the embargoes from CVE-2026-1281 and CVE-2026-1340 - actively exploited pre-auth Remote Command Execution vulnerabilities in Ivanti’s Endpoint Manager Mobile (EPMM) solution - we sighed with relief. Clearly, the universe had decided to continue mocking Secure-By-Design signers right on schedule - every January. Welcome back to another
Earlier this month, we reported a zero-day auth. bypass in the SmarterTools SmarterMail email solution.
Someone has reversed the patch (released on 15th Jan) and begun exploiting it in the wild.
Read our analysis and please, ASSUME BREACH + PATCH NOW.
Well, well, well - look what we’re back with. You may recall that merely two weeks ago, we analyzed CVE-2025-52691 - a pre-auth RCE vulnerability in the SmarterTools SmarterMail email solution with a timeline that is typically reserved for KEV hall-of-famers. The plot of that story had everything; * A
RE: https://infosec.exchange/@albinowax/115899823428059482
It's cool to be on this list 3rd year in a row.
This year, I made it with my SOAPwn research and shells achieved through .NET client proxies (see watchTowr blog)
Take a look at the list and vote for your favorite techniques 🤟
Today, we’re releasing watchTowr Labs’ @chudypb’s BlackHat .NET research, owning Barracuda, Ivanti and more solutions.
Enjoy the read as Piotr explains a new .NET Framework primitive, used to achieve pre- and post-auth RCE on numerous enterprise appliances.
Welcome back! As we near the end of 2025, we are, of course, waiting for the next round of SSLVPN exploitation to occur in January (as it did in 2024 and 2025). Weeeeeeeee. Before then, we want to clear the decks and see how much research we can publish. This
Bad Sector Labs
watchTowr
Rich Hanstock
James Kettle