AtredisWe decided to revisit an old research problem with some new LLM powered tooling. Check out our latest blog post to see how we approached this research, and the new Java deserialization gadget chains it discovered in just two days! www.atredis.com/blog/2026/3/12/findings-gadgets-like-its-2026
jstnkndy
- 500 Followers
- 261 Following
- 126 Posts
Infosec professional & beverage snob. Research Consulting Director @ Atredis Partners.
On a recent engagement, we exploited a previously disclosed privilege escalation bug in Tenable's Nessus Agent. No public PoC was available, so we made one; check it out here https://github.com/atredispartners/proof-of-concept/tree/main/cve-2025-36632
watchTowr
Atredis identified a vulnerability in the way Rapid7's Nexpose was generating passwords to protect its Java KeyStore which is used to encrypt saved credentials. This vulnerability was reported to Rapid7 and a patch is being rolled out today! Check out the details here: https://github.com/atredispartners/advisories/blob/master/2026/ATREDIS-2026-0002.md
ManuFirst research in a while! Here's my brain dump on reverse-engineering and auditing Lenovo Vantage. In total, I found four (4) vulns. Check out the post and my custom tooling if you're interested.
droneunsandboxed Chrome RCE nets $250k. great writeup too https://issues.chromium.org/issues/453094710
Someone knows Bash disgustingly well, and we love it.
Here's our analysis of the Ivanti EPMM Pre-Auth RCE vulnerabilities - CVE-2026-1281 & CVE-2026-1340.
This research fuels our technology, enabling our clients to accurately determine their exposure.
Someone Knows Bash Far Too Well, And We Love It (Ivanti EPMM Pre-Auth RCEs CVE-2026-1281 & CVE-2026-1340)
When Ivanti removed the embargoes from CVE-2026-1281 and CVE-2026-1340 - actively exploited pre-auth Remote Command Execution vulnerabilities in Ivantiโs Endpoint Manager Mobile (EPMM) solution - we sighed with relief. Clearly, the universe had decided to continue mocking Secure-By-Design signers right on schedule - every January. Welcome back to another
Command & Conquer'd: worming RCEs through a classic multiplayer game. Check out the full writeup from our @DistrictCon Junkyard submission here:
https://www.atredis.com/blog/2026/1/26/generals
By @drone and @jordan9001
General Graboids: Worms and Remote Code Execution in Command & Conquer โ Atredis Partners
[this work was conducted collaboratively by Bryan Alexander and Jordan Whitehead] This post details several vulnerabilities discovered in the online game Command & Conquer: Generals. We recently presented some of this work at an information security conference and this post contains techni
@gsuberland IIRC you were looking at some of this source last year too, right?
General Graboids: Worms and Remote Code Execution in Command & Conquer โ Atredis Partners
[this work was conducted collaboratively by Bryan Alexander and Jordan Whitehead] This post details several vulnerabilities discovered in the online game Command & Conquer: Generals. We recently presented some of this work at an information security conference and this post contains techni
buherator"Reverse engineering my cloud-connected e-scooter and finding the master key to unlock all scooters" by Rasmus Moorats
https://blog.nns.ee/2026/01/06/aike-ble/
https://blog.nns.ee/2026/01/06/aike-ble/
