#security #confidentialcomputing #firmware
| Homepage | https://msanft.foo |
| GitHub | https://github.com/msanft |
| Homepage | https://msanft.foo |
| GitHub | https://github.com/msanft |
Honey wake up, new windows activation key just dropped
https://www.justice.gov/epstein/files/DataSet%201/EFTA00002467.pdf
RE: https://infosec.exchange/@wiz/115690193527755927
Off to London, and ready to pwn!🐞🐰
Looking forward to meet some of my peers here at Blackhat and around the Zeroday.cloud event!
Feel free to approach me to talk all things security research🙂
Best of luck everyone with your entries!
Interesting Git repos of the week:
Detection:
* https://github.com/reconurge/flowsint - defenders think in graphs
* https://github.com/AlchemicalChef/Safeguard - protect your Entra identity
Bugs:
* https://github.com/0xilis/CVE-2024-27876 - @0xilis says have a shitty Apple with maggots in it
* https://github.com/msanft/CVE-2025-55182 - there are various folks working on this React bug, here's one of the more useful ones from @moritz
Exploitation:
* https://github.com/gadievron/raptor - a whole host of luminaries including @HalvarFlake, @dcuthbert and @gadi demonstrate how they'd abuse AI and LLMs
* https://github.com/JJTech0130/pypush - @jjtech's iMessage client in Python
* https://github.com/Dark-Avenger-Reborn/DRILL_V3 - C2 framework
* https://github.com/EvilBytecode/GoDefender - bypass all the things
* https://github.com/R3DRUN3/magnet - simulation tooling for purple teams
* https://github.com/AlchemicalChef/ADSecurityAudit - looking for holes in AD
* https://github.com/AlchemicalChef/EntraAudit - looking for holes in Entra
* https://github.com/BadSamuraiDev/bs-lists - make sure you're not on @badsamurai's naughty list
Hard hacks:
* https://github.com/llsoftsec/llsoftsecbook - low-level security for compiler nerds from @kbeyls and friends
Hardening:
* https://github.com/hexagonal-sun/moss-kernel - Rust powered Linux-like kernel
* https://github.com/N1ckDunn/COBOLCodeSecurity - @nickdunn talks COBOL
* https://github.com/bit-broker/bit-broker - policy based data sharing framework

A modern platform for visual, flexible, and extensible graph-based investigations. For cybersecurity analysts and investigators. - reconurge/flowsint
Since I started to analyze #CVE-2025-55182 (#React, #NextJS #RCE) at work today, I decided to publish my analysis findings so far, given all the fuzz about the vulnerability: https://github.com/msanft/CVE-2025-55182
Feel free to contribute to the search for a proper RCE sink!