Ivan Ožić Bebek

@[email protected]
190 Followers
154 Following
1.2K Posts
Penetration Tester
LocationZagreb, Croatia
Webhttps://iozicbeb.github.io
Ivan Ožić Bebek17h ago
How Windows PE Files Use Custom Resources to Embed Anything https://trainsec.net/library/windows-internals/how-windows-pe-files-use-custom-resources-to-embed-anything/
Ivan Ožić Bebek21h ago
mle✨22h ago

I've worn a Garmin for 10+ years and logged thousands of runs, rides, hikes...you name it. That data can also tell you where I live, where I've traveled, and when I've been under stress.

After reading @zackwhittaker 's recent story on Oura ring's lack of transparency reporting, I was curious about the current state of other wearables.

I looked at 12 major wearable brands to see who publishes transparency reports (aka the documents that tell you how often a company hands your data to the government).

2 out of 12 do: Apple and Google/Fitbit.

https://whyli.me/blog/wearable-transparency/

https://emilyaustin.github.io/wearable-tracker/

#infosec #privacy #running

Ivan Ožić Bebek1d ago
BYOVD tool for manipulating Windows Protected Process Light (PPL) protection at the kernel level https://github.com/redteamfortress/PPLShade
GitHub - redteamfortress/PPLShade: BYOVD tool for manipulating Windows Protected Process Light (PPL) protection at the kernel level.

BYOVD tool for manipulating Windows Protected Process Light (PPL) protection at the kernel level. - redteamfortress/PPLShade

GitHub
Ivan Ožić Bebek2d ago
Nightmare-Eclipse GitHub account got deleted https://deadeclipse666.blogspot.com/2026/05/july-14th.html
July 14th

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Okay, So let me get this straight, when I actively asked you to communicate with me, you ref...

Ivan Ožić Bebek3d ago
CVE-2026-28910: Breaking macOS App Sandbox Data Containers, TCC, and Hijacking Apps Using Archive Utility https://mysk.blog/2026/05/19/cve-2026-28910/
Ivan Ožić Bebek4d ago
IFIN - The Independent Federated Intelligence Network4d ago

We regret to inform you that yet another GitHub attack is underway—this time compromising GitHub Actions with infostealer scripts.

https://discourse.ifin.network/t/5600-github-accounts-compromised-in-megalodon-attack/490

#ThreatIntel #ThreatIntelligence #IFIN

Ivan Ožić Bebek4d ago
How an image could compromise your Mac: understanding an ExifTool vulnerability (CVE-2026-3102) https://securelist.com/exiftool-compromise-mac/119866/
How an image could compromise your Mac: understanding an ExifTool vulnerability (CVE-2026-3102)

We explain how a flaw in ExifTool allows attackers to compromise macOS systems via a malicious image (CVE-2026-3102).

Kaspersky
Ivan Ožić Bebek4d ago
Modules and Monoliths https://aff-wg.org/2026/05/21/modules-and-monoliths/
Modules and Monoliths

Last week, memN0ps published DoublePulsar: A User-defined Reflective Loader in the Crystal Palace and Tradecraft Garden Era. It’s a lengthy blog post, about 50 printed pages. And, most of those are…

Adversary Fan Fiction Writers Guild
Ivan Ožić Bebek4d ago
Mapping Tailscale Attack Paths in BloodHound https://specterops.io/blog/2026/05/21/tailscalehound/
Introducing TailscaleHound: Mapping Tailscale Attack Paths in BloodHound

TailscaleHound is an OpenGraph collector for BloodHound that maps Tailscale users, devices, groups, tags, ACLs, grants, SSH rules, routes, app connectors, services, keys, invites, webhooks, and hybrid Azure identity relationships

SpecterOps
Ivan Ožić Bebek4d ago
Will Dormann4d ago

Are you a FreeBSD person, jealous of all the Windows and Linux LPEs we've got these days?

Don't worry. FatGid has got your back. It was fixed last year and officially assigned CVE-2026-45250 today

Current FreeBSD versions (released yesterday) are unaffected

I'm not sure why the official PoC uses /tmp/rsh as /tmp is mounted with nosuid, but whatevs. 🤷‍♂️