konik_polanowy

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.05.06.md

How a single typo led to RCE in Firefox - https://kqx.io/post/firefox0day/

How I make CTF challenges harder to solve with AI - https://danisy-eisyraf-portfolio.super.site/blog-posts/how-i-make-ctf-challenges-harder-to-solve-with-ai

The Cost of Understanding: LLM-Driven Reverse Engineering vs Iterative LLM Obfuscation - https://www.elastic.co/security-labs/llm-reversing-vs-llm-obfuscation

N-Day Research with AI: Using Ollama and n8n - https://ghostbyt3.github.io/blog/nday-research-ai

gdrv3.sys - Reverse Engineering a Signed Kernel Driver with 13 Hardware Access Primitives - https://zonifer.dev/posts/byovd-kernel-driver-hardware-primitives.html

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.05.04.md

Bug bounty is the future of CTF...? - https://blog.krauq.com/post/bug-bounty-is-the-future-of-ctf

CVE-2026-21876: Critical Multipart Charset Bypass Fixed in CRS 4.22.0 and 3.3.8 - https://coreruleset.org/20260106/cve-2026-21876-critical-multipart-charset-bypass-fixed-in-crs-4.22.0-and-3.3.8/

WhatsApp Signal Privacy Vulnerability: Silent Tracking Attack Exposed (2026) - https://baizaar.tools/whatsapp-signal-privacy-vulnerability-attack-2026/

MongoBleed: CVE-2025-14847 Memory Corruption in MongoDB. Your Database Talks Back - https://phoenix.security/mongobleed-vulnerability-cve-2025-14847/

Claude Magic String Denial of Service - https://hackingthe.cloud/ai-llm/exploitation/claude_magic_string_denial_of_service/

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.05.02.md

Introducing MCP-Scan: Protecting MCP with Invariant https://invariantlabs.ai/blog/introducing-mcp-scan

Thinking in Graphs with IPAHound https://swarm.ptsecurity.com/thinking-in-graphs-with-ipahound/

A brief analysis of a vulnerability in the glibc (CVE-2025-4802) https://allelesecurity.com/libc-vuln-analysis/

Digital Forensics: Basic Linux Analysis After Data Exfiltration https://hackers-arise.com/digital-forensics-basic-linux-analysis-after-data-exfiltration/

Hooked on Linux: Rootkit Taxonomy, Hooking Techniques and Tradecraft https://www.elastic.co/security-labs/linux-rootkits-1-hooked-on-linux

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.04.30.md

Malware Development Essentials for Operators - https://f00crew.org/0x33

Reverse engineering my cloud-connected e-scooter and finding the master key to unlock all scooters - https://blog.nns.ee/2026/01/06/aike-ble/

DLL Sideloading & Proxying for Advance Red Team Engagements - https://www.zerotracelab.com/blog/dll-sideloading

From KernelSnitch to Practical msg_msg/pipe_buffer Heap KASLR Leaks - https://lukasmaar.github.io/posts/heap-kaslr-leak/index.html

Automating the Operator: Integrating LLMs into Offensive Security Workflows - https://www.armadin.com/blog-posts/automating-the-operator-integrating-llms-into-offensive-security-workflow

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.04.28.md

C2 Redirectors: Advanced Infrastructure for Modern Red Team Operations - https://xbz0n.sh/blog/c2-redirectors

When WebSockets Lead to RCE in CurseForge - https://elliott.diy/blog/curseforge/

Finding Gadgets Like it’s 2026 - https://www.atredis.com/blog/2026/3/12/findings-gadgets-like-its-2026

Learn Something Old Every Day, Part XX: 8087 Emulation on 8086 Systems - https://www.os2museum.com/wp/learn-something-old-every-day-part-xx-8087-emulation-on-8086-systems/

It's Not Always DNS: Exploring How Name Resolution Works - https://cefboud.com/posts/dns-name-resolution-deep-dive-internals/

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.04.26.md

Some notes on the security properties of the pipe_buffer kernel object - https://a13xp0p0v.github.io/2026/04/20/pipe-buffer-experiments.html

Petlibro: Your Pet Feeder Is Feeding Data To Anyone Who Asks - https://bobdahacker.com/blog/petlibro

Prepared Statements? Prepared to Be Vulnerable - https://blog.mantrainfosec.com/blog/18/prepared-statements-prepared-to-be-vulnerable

Evading Elastic EDR's call stack signatures with call gadgets - https://offsec.almond.consulting/evading-elastic-callstack-signatures.html

Every minute you aren't running 69 agents, you are falling behind - https://geohot.github.io//blog/jekyll/update/2026/03/11/running-69-agents.html

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.04.24.md

Needle in the haystack: LLMs for vulnerability research - https://devansh.bearblog.dev/needle-in-the-haystack/

Detecting Vision-Based AI Agents: Operator and Beyond - https://webdecoy.com/blog/detecting-vision-based-ai-agents-operator-computer-use/

Astral Projection: Advanced Module Stomping - https://kuwaitist.github.io/posts/Astral-Projection/

Now You See mi: Now You're Pwned - https://labs.taszk.io/articles/post/nowyouseemi/

Jenny was a Friend of Mine - MCPs and Friends - https://blog.zsec.uk/bullyingllms/

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.04.22.md

How I Reverse Engineered a Rust Botnet and Built a C2 Honeypot to Monitor Its Targets - https://beelzebub.ai/blog/rust-ddos-botnet-honeypot-c2-decoding/

When OAuth Becomes a Weapon: Lessons from CVE-2025-6514 - https://amlalabs.com/blog/oauth-cve-2025-6514/

Replaced by a Goldfish - https://clawd.it/posts/10-replaced-by-a-goldfish/

(CVE-2025-47985) Windows Event Tracing Insufficient Validation Leading to Elevation of Privilege - https://starlabs.sg/advisories/25/25-47985/

AWS Penetration Testing Guide: Techniques & Methodology - https://deepstrike.io/blog/aws-penetration-testing-guide-techniques-and-methodology

#informatyka

ink on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.04.20.md

Turning a Chinese IoT camera into an owl livestream - https://blog.alexbeals.com/posts/owl-cam

Microsoft Brokering File System Elevation of Privilege Vulnerability - https://www.pixiepointsecurity.com/blog/nday-cve-2025-29970/

Improving the stealthiness of memory injections techniques - https://naksyn.com/edr%20evasion/2023/06/01/improving-the-stealthiness-of-memory-injections.html

Vulnhalla: Picking the true vulnerabilities from the CodeQL haystack - https://www.cyberark.com/resources/threat-research-blog/vulnhalla-picking-the-true-vulnerabilities-from-the-codeql-haystack

DSCourier: Weaponizing DSC via WinGet COM API for Evasive Execution - https://eclipsesec.com/posts/DSCourier/

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.04.18.md

Open source is dying - https://breakdev.org/open-source-is-dying/

TruffleHog now detects JWTs with public-key signatures and verifies them for liveness - https://trufflesecurity.com/blog/trufflehog-now-detects-jwts-with-public-key-signatures-and-verifies-them-for-liveness

A Decade of Docker Containers - https://cacm.acm.org/research/a-decade-of-docker-containers/

Inside PostHog - https://mehmetince.net/inside-posthog-how-ssrf-a-clickhouse-sql-escaping-0day-and-default-postgresql-credentials-formed-an-rce-chain-zdi-25-099-zdi-25-097-zdi-25-096/

SilentMoonwalk: Implementing a dynamic Call Stack Spoofer - https://klezvirus.github.io/posts/Stackmoonwalk/

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.04.16.md

Fail Open, Game Over: Turning a One-Line Tomcat Fix into Unauthenticated RCE - https://www.striga.ai/research/tomcat-tribes-unauth-rce

A Race Within A Race: Exploiting CVE-2025-38617 in Linux Packet Sockets - https://blog.calif.io/p/a-race-within-a-race-exploiting-cve

Introducing ConfigManBearPig, a BloodHound OpenGraph Collector for SCCM - https://specterops.io/blog/2026/01/13/introducing-configmanbearpig-a-bloodhound-opengraph-collector-for-sccm/

Cobalt Strike - CDN / Reverse Proxy Setup - https://redops.at/en/blog/cobalt-strike-cdn-reverse-proxy-setup

The Mystery of ASJO.ORG - https://acid.vegas/blog/the-mystery-of-asjo-org/

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.04.14.md

Pwning Santa before the bad guys do - https://dangerzone.rocks/news/2025-12-10-santa-pwn/

Lessons Learned From RITSEC CTF - https://sylvie.fyi/posts/ritsec-2026/

BitLocker's Little Secrets: The Undocumented FVE API - https://itm4n.github.io/bitlocker-little-secrets-the-undocumented-fve-api/

Bypassing egress filtering in BullFrog GitHub Action - https://devansh.bearblog.dev/bullfrog-dns-pipelining/

Introducing VulHunt: A High-Level Look at Binary Vulnerability Detection - https://www.binarly.io/blog/vulhunt-intro

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.04.12.md

VMware Guest To Host - https://r0keb.github.io/posts/VMware-Guest-To-Host/

mitmproxy for fun and profit: Interception and Analysis of Application Traffic - https://www.synacktiv.com/en/publications/mitmproxy-for-fun-and-profit-interception-and-analysis-of-application-traffic

Another Crack in the Chain of Trust: Uncovering (Yet Another) Secure Boot Bypass - https://www.binarly.io/blog/another-crack-in-the-chain-of-trust

Illuminating VoidLink: Technical analysis of the VoidLink rootkit framework - https://www.elastic.co/security-labs/illuminating-voidlink

Clang Hardening Cheat Sheet - Ten Years Later - https://blog.quarkslab.com/clang-hardening-cheat-sheet-ten-years-later.html

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.04.10.md

Sleeping Beauty: Putting Adaptix to Bed with Crystal Palace - https://maorsabag.github.io/posts/adaptix-stealthpalace/sleeping-beauty/

Total.js RCE gadgets all around - https://lab.ctbb.show/research/totaljs-rce-gadgets

Hunting Bugs in Linux Kernel With KASAN: How to Use it & What's the Benefit? - https://slavamoskvin.com/hunting-bugs-in-linux-kernel-with-kasan-how-to-use-it-whats-the-benefit/

Revisiting Two-Shot Kernel Shellcode Execution From Control Flow Hijacking - https://blog.zolutal.io/two-shot-kernel-shellcode/

Milking the last drop of Intego - Time for Windows to get its LPE - https://blog.quarkslab.com/milking-the-last-drop-of-intego-time-for-windows-to-get-its-lpe.html

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.04.08.md

Now You See mi: Now You're Pwned - https://labs.taszk.io/articles/post/nowyouseemi/

Unwind Data Can't Sleep - Introducing InsomniacUnwinding - https://lorenzomeacci.com/unwind-data-cant-sleep-introducing-insomniacunwinding

CVE-2025-64669: Uncovering Local Privilege Escalation Vulnerability in Windows Admin Center - https://cymulate.com/blog/cve-2025-64669-windows-admin-center/

When Audits Fail Part 2: From Pre-Auth SSRF to RCE in TRUfusion Enterprise - https://www.rcesecurity.com/2026/02/when-audits-fail-from-pre-auth-ssrf-to-rce-in-trufusion-enterprise/

From DDS Packets to Robot Shells: Two RCEs in Unitree Robots (CVE-2026-27509 & CVE-2026-27510) - https://boschko.ca/unitree-go2-rce

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.04.06.md

8 Million Users' AI Conversations Sold for Profit by "Privacy" Extensions - https://www.koi.ai/blog/urban-vpn-browser-extension-ai-conversations-data-collection

Attempting Cross Translation Unit Taint Analysis for Firefox - https://attackanddefense.dev/2025/12/16/attempting-cross-translation-unit-static-analysis.html

Defending Against L7 DDoS and Web Bots with Tempesta FW - https://tempesta-tech.com/blog/defending-against-l7-ddos-and-web-bots-with-tempesta-fw/

Hacking Moltbook: The AI Social Network Any Human Can Control - https://www.wiz.io/blog/exposed-moltbook-database-reveals-millions-of-api-keys

Makop ransomware: GuLoader and privilege escalation in attacks against Indian businesses - https://www.acronis.com/en/tru/posts/makop-ransomware-guloader-and-privilege-escalation-in-attacks-against-indian-businesses/

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.04.04.md

68% Of Phishing Websites Are Protected by CloudFlare - https://blog.sicuranext.com/68-of-phishing-websites-are-protected-by-cloudflare/

N-Day Research with AI: Using Ollama and n8n - https://ghostbyt3.github.io/blog/nday-research-ai

Defeating Anti-Reverse Engineering: A Deep Dive into the 'Trouble' Binary - https://binary.ninja/2026/01/23/reversing-linux-anti-re.html

Vulnerability Research Is Cooked - https://sockpuppet.org/blog/2026/03/30/vulnerability-research-is-cooked/

A Sliver dropper that asks GPT-4 for permission - https://www.derp.ca/research/ai-gated-sliver-dropper/

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.04.02.md

DiceCTF 2026 Quals - https://ptr-yudai.hatenablog.com/entry/2026/03/16/174349

Declarative Binary Parsing for Security Research with Kaitai Struct - https://husseinmuhaisen.com/blog/declarative-binary-parsing-for-security-research-with-kaitai-struct/

SekaiCTF 2023 - Leakless Note - https://www.kalmarunionen.dk/writeups/2023/sekai/leakless-notes/

Creative approaches to coding FUD Stagers - https://g3tsyst3m.com/fud/Creative-approaches-to-coding-a-FUD-Stagers/

How to Use Ghidra to Analyse Shellcode and Extract Cobalt Strike Command & Control Servers - https://www.embeeresearch.io/ghidra-basics-shellcode-analysis/

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.03.31.md

Privilege escalation with SageMaker and there's more hiding in execution roles - https://www.plerion.com/blog/privilege-escalation-with-sagemaker-and-execution-roles

The art of Self-Mutating Malware - https://f00crew.org/0x48

Abusing Modern Browser Features for Phishing - https://certitude.consulting/blog/en/abusing-modern-browser-features-for-phishing/

An Operators Guide to Beacon Object Files - https://maldev.nl/posts/operator-guide-bof/

Reversing BEDaisy.sys: Static Analysis of BattlEye's Kernel Anti-Cheat Driver - https://s4dbrd.github.io/posts/reversing-bedaisy/

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.03.29.md

In WAF we (should not) trust - https://blog.quarkslab.com/in-waf-we-should-not-trust.html

Run XDRInternals as GitHub Action - https://cloudbrothers.info/en/run-xdrinternal-github-action/

Introducing ConfigManBearPig, a BloodHound OpenGraph Collector for SCCM - https://specterops.io/blog/2026/01/13/introducing-configmanbearpig-a-bloodhound-opengraph-collector-for-sccm/

NTLM-Relaying in 2026 - https://seccore.at/blog/ntlmrelay1/

Scam Telegram: Uncovering a network of groups spreading crypto drainers - https://timsh.org/scam-telegram-investigation/

#informatyka