Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.05.22.md

The QNAP Pattern - https://runiclabs.io/research/qnap-architecture/

Damned OOB - https://ze3tar.github.io/post-zcrx.html

The 429 Microsoft Graph Mystery - https://www.r-tec.net/r-tec-blog-the-429-microsoft-graph-mystery.html

Harness design for long-running application development - https://www.anthropic.com/engineering/harness-design-long-running-apps

GhostTree: Unveiling Path Manipulation Techniques to Bypass Windows Security - https://www.varonis.com/blog/ghosttree-ntfs-trick

#informatyka

To już równe 30 lat. W maju 1996 udostępniono numer 0202122.

#feeloldyet?

#internet #technologia #tepsa #informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.05.20.md

Windows Shell Links in C++: How to Read and Write .lnk Files - https://trainsec.net/library/windows-kernel/windows-shell-links-in-c-how-to-read-and-write-lnk-files/

Where Have All the Complex Windows Malware and Their Analyses Gone? - https://r136a1.dev/2026/05/07/where-have-all-the-complex-malware-and-their-analyses-gone/

CVE-2026-20079 - Cisco FMC Authentication Bypass RCE Analysis - https://www.vulncheck.com/blog/cisco-fmc-auth-bypass-cve-2026-20079

Giving an Agent a Rooted Android Phone - https://workers.io/blog/autonomous-mobile-pentesting/

Ansible Security and Compliance - https://slicker.me/netsec/ansible-security-compliance.html

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.05.18.md

The ServiceNow AI Vulnerability: What Went Wrong and How to Secure Your AI Agents - https://opena2a.org/blogs/servicenow-ai-vulnerability

WinBoat: Drive by Client RCE + Sandbox escape - https://hack.do/posts/winboat-guest-service-host-rce/

After the Takedown: Excavating Abuse Infrastructure with DNS Sinkholes - https://disclosing.observer/2026/01/14/excavating-abuse-infrastructure-dns-sinkholes.html

DLL Sideloading & Proxying for Advance Red Team Engagements - https://www.zerotracelab.com/blog/dll-sideloading

Analysis of Python's .pth files as a persistence mechanism - https://dfir.ch/posts/publish_python_pth_extension/

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.05.16.md

Introduction to Windows shellcode development – Part 1 - https://securitycafe.ro/2015/10/30/introduction-to-windows-shellcode-development-part1/

Reinforcement Learning for Hacking? - https://s1r1us.ninja/posts/reinforcement-learning-for-hacking/

How We Cut LLM Costs by 59% With Prompt Caching - https://projectdiscovery.io/blog/how-we-cut-llm-cost-with-prompt-caching

Instagram account takeover via Meta Pixel script abuse - https://ysamm.com/uncategorized/2026/01/16/leaking-fbevents-ato.html

Automating MS-RPC vulnerability research - https://www.incendium.rocks/posts/Automating-MS-RPC-Vulnerability-Research/

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.05.14.md

CEliteLLM – LiteLLM 1.83.14: Chaining an Environment Variable Leak with Jinja2 SSTI for Remote Code Execution - https://mccaulay.co.uk/rcelitellm-litellm-1-83-14-chaining-an-environment-variable-leak-with-jinja2-ssti-for-remote-code-execution/

Bad Vibes: Comparing the Secure Coding Capabilities of Popular Coding Agents - https://blog.tenzai.com/bad-vibes-comparing-the-secure-coding-capabilities-of-popular-coding-agents/

Drone Hacking Part 1: Dumping Firmware and Bruteforcing ECC - https://neodyme.io/en/blog/drone_hacking_part_1/

Teaching ZFS about time - https://oshogbo.com/blog/86/

Reprompt: The Single-Click Microsoft Copilot Attack that Silently Steals Your Personal Data - https://www.varonis.com/blog/reprompt

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.05.12.md

CSRF Protection without Tokens or Hidden Form Fields - https://blog.miguelgrinberg.com/post/csrf-protection-without-tokens-or-hidden-form-fields

Extending my access: Abusing installed extensions for post compromise - https://futuresight.club/posts/extending-my-access/

exfiltration using numeric-only outputs - https://blog.ikaes.de/exfiltration-using-numeric-only-outputs/

Jenny was a Friend of Mine - MCPs and Friends - https://blog.zsec.uk/bullyingllms/

BACnet-scan - Tool for BACnet/IP and BACnet/SC discovery - https://ricardojoserf.github.io/bacnetscan/

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.05.10.md

CVE-2025-6554: The (rabbit) Hole - https://retr0.zip/blog/cve-2025-6554-the-rabbit-hole.html

EDR Tradecraft: Internals, Detection, Evasion & Advanced Researchg - https://0xdbgman.github.io/posts/edr-internals-research-and-bypass/

WTF Are Abliterated Models? Uncensored LLMs Explained- https://webdecoy.com/blog/wtf-are-abliterated-models-uncensored-llms-explained/

The Claude C Compiler: What It Reveals About the Future of Software - https://www.modular.com/blog/the-claude-c-compiler-what-it-reveals-about-the-future-of-software

First Week, First Hack: Compromising a Package with 40 Million Weekly Downloads - https://www.landh.tech/blog/20260402-img-colour-supply-chain-hack/

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.05.08.md

[Cryptodev-linux] Page-level UAF exploitation - https://nasm.re/posts/cryptodev-linux-vuln/

[Research] LLVM based VMProtect Devirtualization: Part 1 (EN) - https://hackyboiz.github.io/2025/09/11/banda/LLVM_based_VMP/en/

Fuzzing to Zero-Day: Pwning V8CTF With TurboFan Type Confusion, CVE-2025-2135 - https://www.zellic.io/blog/pwning-v8ctf/

Shadow SSDT Hijacking: Achieving Kernel Code Execution via Read-Write Primitives - https://www.exploitpack.com/blogs/news/shadow-ssdt-hijacking-to-achieve-kernel-code-execution-via-rw-primitives

ImageMagick: From Arbitrary File Read to File Write In Every Policy - https://pwn.ai/blog/imagemagick-from-arbitrary-file-read-to-rce-in-every-policy-zeroday

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.05.06.md

How a single typo led to RCE in Firefox - https://kqx.io/post/firefox0day/

How I make CTF challenges harder to solve with AI - https://danisy-eisyraf-portfolio.super.site/blog-posts/how-i-make-ctf-challenges-harder-to-solve-with-ai

The Cost of Understanding: LLM-Driven Reverse Engineering vs Iterative LLM Obfuscation - https://www.elastic.co/security-labs/llm-reversing-vs-llm-obfuscation

N-Day Research with AI: Using Ollama and n8n - https://ghostbyt3.github.io/blog/nday-research-ai

gdrv3.sys - Reverse Engineering a Signed Kernel Driver with 13 Hardware Access Primitives - https://zonifer.dev/posts/byovd-kernel-driver-hardware-primitives.html

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.05.04.md

Bug bounty is the future of CTF...? - https://blog.krauq.com/post/bug-bounty-is-the-future-of-ctf

CVE-2026-21876: Critical Multipart Charset Bypass Fixed in CRS 4.22.0 and 3.3.8 - https://coreruleset.org/20260106/cve-2026-21876-critical-multipart-charset-bypass-fixed-in-crs-4.22.0-and-3.3.8/

WhatsApp Signal Privacy Vulnerability: Silent Tracking Attack Exposed (2026) - https://baizaar.tools/whatsapp-signal-privacy-vulnerability-attack-2026/

MongoBleed: CVE-2025-14847 Memory Corruption in MongoDB. Your Database Talks Back - https://phoenix.security/mongobleed-vulnerability-cve-2025-14847/

Claude Magic String Denial of Service - https://hackingthe.cloud/ai-llm/exploitation/claude_magic_string_denial_of_service/

#informatyka

rnicrosoft i ich słynne oprogramowanie vvindows xD

#heheszki #gownowpis #scam #informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.05.02.md

Introducing MCP-Scan: Protecting MCP with Invariant https://invariantlabs.ai/blog/introducing-mcp-scan

Thinking in Graphs with IPAHound https://swarm.ptsecurity.com/thinking-in-graphs-with-ipahound/

A brief analysis of a vulnerability in the glibc (CVE-2025-4802) https://allelesecurity.com/libc-vuln-analysis/

Digital Forensics: Basic Linux Analysis After Data Exfiltration https://hackers-arise.com/digital-forensics-basic-linux-analysis-after-data-exfiltration/

Hooked on Linux: Rootkit Taxonomy, Hooking Techniques and Tradecraft https://www.elastic.co/security-labs/linux-rootkits-1-hooked-on-linux

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.04.30.md

Malware Development Essentials for Operators - https://f00crew.org/0x33

Reverse engineering my cloud-connected e-scooter and finding the master key to unlock all scooters - https://blog.nns.ee/2026/01/06/aike-ble/

DLL Sideloading & Proxying for Advance Red Team Engagements - https://www.zerotracelab.com/blog/dll-sideloading

From KernelSnitch to Practical msg_msg/pipe_buffer Heap KASLR Leaks - https://lukasmaar.github.io/posts/heap-kaslr-leak/index.html

Automating the Operator: Integrating LLMs into Offensive Security Workflows - https://www.armadin.com/blog-posts/automating-the-operator-integrating-llms-into-offensive-security-workflow

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.04.28.md

C2 Redirectors: Advanced Infrastructure for Modern Red Team Operations - https://xbz0n.sh/blog/c2-redirectors

When WebSockets Lead to RCE in CurseForge - https://elliott.diy/blog/curseforge/

Finding Gadgets Like it’s 2026 - https://www.atredis.com/blog/2026/3/12/findings-gadgets-like-its-2026

Learn Something Old Every Day, Part XX: 8087 Emulation on 8086 Systems - https://www.os2museum.com/wp/learn-something-old-every-day-part-xx-8087-emulation-on-8086-systems/

It's Not Always DNS: Exploring How Name Resolution Works - https://cefboud.com/posts/dns-name-resolution-deep-dive-internals/

#informatyka

Podstawowe obowiązki podmiotów kluczowych i ważnych wynikające z unijnej dyrektywy NIS2 / ustawy KSC 2.0.

Zarządzasz siecią komputerową, serwerami, danymi w firmie która wpadła na listę NIS2 / KSC? Coś dla Ciebie.

Zapraszam do lektury:

https://czasopismo.legeartis.org/2026/04/nis2-obowiazki-podmiotow-kluczowych-waznych-krajowy-system-cyberbezpieczenstwa/

#sysadmin #informatyka #siecikomputerowe #cyberbezpieczenstwo #cybersecurity #prawo #nis2 #ksc

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.04.26.md

Some notes on the security properties of the pipe_buffer kernel object - https://a13xp0p0v.github.io/2026/04/20/pipe-buffer-experiments.html

Petlibro: Your Pet Feeder Is Feeding Data To Anyone Who Asks - https://bobdahacker.com/blog/petlibro

Prepared Statements? Prepared to Be Vulnerable - https://blog.mantrainfosec.com/blog/18/prepared-statements-prepared-to-be-vulnerable

Evading Elastic EDR's call stack signatures with call gadgets - https://offsec.almond.consulting/evading-elastic-callstack-signatures.html

Every minute you aren't running 69 agents, you are falling behind - https://geohot.github.io//blog/jekyll/update/2026/03/11/running-69-agents.html

#informatyka