Mastodawn

PROGRAM & BOOKING SITE ARE OUT 🔥

We are really happy to announce that the 2026 program has been released and the booking site is opened 😍

📑 Program: https://cfp.pass-the-salt.org/pts2026/schedule/

You will be able to attend:
- Top notch PQC talks 🚀
- Deep vulnerabilities research 🔬
- Some great exploitation talks 💣
- HW & low level talks with workshops directly given by tools writers (unblob, Sighthouse) 🛠️
- A bunch of deep ThreatIntel talks and WS given by seasoned speakers 🌐
- Very interesting talks about applied crypto useful for users 🔐
- and great talks about Security by design 🔗

🎉 Registration is FREE (but required) to attend talks, workshops and social moments

GO AND BOOK YOUR SEAT!

🎟️ https://pretix.eu/passthesalt/2026/
📅 June 30th to July 2, 2026
📍 Université Catholique de Lille, France: https://maps.app.goo.gl/J2uYiRaoKP7VmMSk8
🌐 Website : https://2026.pass-the-salt.org/

See you in Lille in early July! 🥰
Relay would be greatly appreciated 🙏

Philippe Lagadec Mar 9

Wietze Mar 9

Yet another LNK flaw allows for target spoofing, yet executes any DLL, including remote via WebDAV. Even worse, unless you installed the Feb 2026 updates, MotW will be ignored.

Next to updating, your best defence is to look for RunDLL32 + Shell32 + Control_RunDLL executions with non-standard targets. After all, most users click accept on those MotW prompts.

See how this works on https://github.com/wietze/lnk-it-up

Philippe Lagadec Mar 3

Karsten Hahn Mar 3

New blog: Using LLMs the right way for malware analysis

💡Tips for building an autonomous AI analysis lab on a 12 yo laptop and getting stuff done faster without loss of accuracy.

https://blog.gdatasoftware.com/2026/03/38381-llm-malware-analysis

Philippe Lagadec Mar 3

jwz Mar 3

That one XKCD thing, now interactive.

This is so much fun... Craig S. Kaplan: In my online undergraduate P5.js course, students are about to begin the module on motion and physics, including a bit of physics simulation using Matter.js. It suddenly...
https://jwz.org/b/yk4B

Philippe Lagadec Feb 11

Taggart

Feb 11

Here's my CVE-2026-20841 PoC.

(Not really, but I have a feeling it's something that rhymes with this)

Philippe Lagadec Feb 10

A vulnerability in Notepad 🤦‍♂️
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841

Security Update Guide - Microsoft Security Response Center

Philippe Lagadec Feb 6

How can we detect malicious documents exploiting CVE-2026-21509, the recent 0-day vulnerability in MS Office ?
=> I designed a YARA rule for this, which detects all the malicious files that have been reported.
I also improved oletools to analyze those files and see the suspicious URLs.
You can find the YARA rule and all the explanations about that vulnerability on my website https://decalage.info/CVE-2026-21509/

Philippe Lagadec Jan 26

Laurent Cheylus Jan 26

A Look Back at 30 Years of Development of ReactOS, a free and open-source Operating System to run Windows softwares #OSS #ReactOS https://reactos.org/blogs/30yrs-of-ros/

30 years of ReactOS

ReactOS is a free, opensource reimplementation of windows

Philippe Lagadec Jan 26

Karsten Hahn Jan 25

🦔 📹 New Video: Can office files be malicious without Macros?

➡️ VSTO Add-Ins
➡️ External Templates
➡️ Checklist for Office analysis
#MalwareAnalysisForHedgehogs
https://www.youtube.com/watch?v=RtHHckH5IsI

Malware Analysis - Malicious MS Office files without Macros

YouTube

Philippe Lagadec Jan 21

/r/netsec Jan 21

oss-sec: GNU InetUtils Security Advisory: remote authentication by-pass in telnetd https://seclists.org/oss-sec/2026/q1/89

Website	https://www.decalage.info
Github	https://github.com/decalage2
Twitter	https://twitter.com/decalage2
Twittodon	https://twittodon.com/share.php?t=decalage2&[email protected]