Moritz Sanft

75 Followers
176 Following
129 Posts
security software engineer, ctf @fluxfingers
Homepagehttps://msanft.foo
GitHubhttps://github.com/msanft
My colleague Paul (@katexochen) has done a great write-up of how a malicious host (e.g. cloud provider) can trivially compromise confidential VMs, and how we mitigated the attack at Edgeless Systems. Read his blog post: https://lobste.rs/domains/katexochen.aro.bz
#security #confidentialcomputing #firmware
katexochen.aro.bz | Lobsters

Honey wake up, new windows activation key just dropped

https://www.justice.gov/epstein/files/DataSet%201/EFTA00002467.pdf

I’ll be at #39c3 from today. Find me in the #CTF area if you want to chat
I’ll be at #39c3 from today. Find me in the #CTF area if you want to chat

RE: https://infosec.exchange/@wiz/115690193527755927

Off to London, and ready to pwn!🐞🐰

Looking forward to meet some of my peers here at Blackhat and around the Zeroday.cloud event!

Feel free to approach me to talk all things security research🙂

Best of luck everyone with your entries!

New blog post: Why the Sanitizer API is just `setHTML()` - https://frederikbraun.de/why-sethtml.html
Why the Sanitizer API is just <code>setHTML()</code>

Why the Sanitizer API is just <code>setHTML()</code>

Frederik Braun

Interesting Git repos of the week:

Detection:

* https://github.com/reconurge/flowsint - defenders think in graphs
* https://github.com/AlchemicalChef/Safeguard - protect your Entra identity

Bugs:

* https://github.com/0xilis/CVE-2024-27876 - @0xilis says have a shitty Apple with maggots in it
* https://github.com/msanft/CVE-2025-55182 - there are various folks working on this React bug, here's one of the more useful ones from @moritz

Exploitation:

* https://github.com/gadievron/raptor - a whole host of luminaries including @HalvarFlake, @dcuthbert and @gadi demonstrate how they'd abuse AI and LLMs
* https://github.com/JJTech0130/pypush - @jjtech's iMessage client in Python
* https://github.com/Dark-Avenger-Reborn/DRILL_V3 - C2 framework
* https://github.com/EvilBytecode/GoDefender - bypass all the things
* https://github.com/R3DRUN3/magnet - simulation tooling for purple teams
* https://github.com/AlchemicalChef/ADSecurityAudit - looking for holes in AD
* https://github.com/AlchemicalChef/EntraAudit - looking for holes in Entra
* https://github.com/BadSamuraiDev/bs-lists - make sure you're not on @badsamurai's naughty list

Hard hacks:

* https://github.com/llsoftsec/llsoftsecbook - low-level security for compiler nerds from @kbeyls and friends

Hardening:

* https://github.com/hexagonal-sun/moss-kernel - Rust powered Linux-like kernel
* https://github.com/N1ckDunn/COBOLCodeSecurity - @nickdunn talks COBOL
* https://github.com/bit-broker/bit-broker - policy based data sharing framework

#code, #security, #research

GitHub - reconurge/flowsint: A modern platform for visual, flexible, and extensible graph-based investigations. For cybersecurity analysts and investigators.

A modern platform for visual, flexible, and extensible graph-based investigations. For cybersecurity analysts and investigators. - reconurge/flowsint

GitHub

Since I started to analyze #CVE-2025-55182 (#React, #NextJS #RCE) at work today, I decided to publish my analysis findings so far, given all the fuzz about the vulnerability: https://github.com/msanft/CVE-2025-55182

Feel free to contribute to the search for a proper RCE sink!

I went through the NixOS 25.11 release notes and picked some of the changes that I found particularly interesting. 🧵

#NixOS #nixpkgs

Due to AI, this box now costs 500% more