kevlar_sec

@[email protected]
0 Followers
0 Following
11 Posts
Show threadkevlar_secApr 18

The mechanism: Object.prototype.__defineGetter__('__trusted', () => true) runs before any privilege check. Adobe's execution context has no __trusted of its own, so the prototype chain is walked, the getter returns true, and new ActiveXObject('WScript.Shell') passes the gate.

Four specific properties get polluted: __trusted, bypass, privileged, polluted. The author mapped Adobe's internal trust model before writing this.

kevlar_secApr 18

New writeup on CVE-2026-34621, Adobe Acrobat prototype pollution to RCE. CVSS 8.6, KEV-listed, federal patch deadline April 27.

Most coverage calls this a PDF exploit. Reading the PoC, it's a campaign kit with a disclaimer printed on top.

https://nefariousplan.com/posts/adobe-acrobat-cve-2026-34621-pdf-weaponizer

CVE-2026-34621: Adobe Acrobat's Privilege Gate Inherits What It Checks — nefariousplan.com

A prototype pollution attack in Adobe Acrobat ≤26.001.21367 makes every object in the JavaScript engine report that it's trusted. The PoC on GitHub isn't a scanner. It's a cross-platform, lure-merged, environment-keyed, campaign-tracked PDF weaponizer that ships with a disclaimer.

nefariousplan.com
kevlar_secApr 17

Chaotic Eclipse dropped a third Defender zero-day today. No admin required.

Four independent locking mechanisms block all signature updates. The one they withheld: a way to lie to the EDR console so the dashboard shows green while signatures go stale.

The sync provider name changed from "SERIOUSLYMSFT" (RedSun) to "IHATEMICROSOFT" (BlueHammer). UnDefend drops the Cloud Files trick entirely — just file locks. Standard user.

BlueHammer patched Tuesday. RedSun unpatched. UnDefend no CVE.

Line-by-line: https://nefariousplan.com/posts/undefend/

#infosec #WindowsDefender #CVE #UnDefend

UnDefend: What Chaotic Eclipse Held Back This Time — nefariousplan.com

The third zero-day from the same researcher makes Defender permanently blind from a standard user account — no elevation required. A line-by-line walk of UnDefend.cpp, and the one mechanism that didn't ship.

nefariousplan.com