@MrT4ntr4 Thanks for informing.
Yes, it was a compromise happens because of leaked Admin API credentials to inject a ClickFix JavaScript payload. But the issue is rectified now and the blog is healthy.
triagz is officially out of beta!!
With a complete redesign and steady feature improvements, triagz has graduated from beta and is now live with v1.0.1.
Explore here for AI based connected endpoint research experince: https://t.co/LYXOOvl5pa
Triagz Early Beta Release is now live!
Introducing the first platform that can transform your endpoint machine into Agentic with just a single click for comprehensive endpoint analysis and research.
We support all three platforms!
Check it out here: https://t.co/LYXOOvkxzC
Good Morning! Just published a blog post diving into Windows Kernel LFH exploitation in the latest Windows 24h2 build, Focusing on controlled allocations to achieve arbitrary read/write in the kernel.
https://t.co/ZAGDKCNZOp
This is a great read for people interested in hypervisor development in both pre-boot and post-boot (Windows) environment, the source is public and written in rust as well. Great work @memn0ps 😀🙌
https://t.co/2grnJgj5hi
https://t.co/Ft32AKrx1P
https://t.co/orsBcoXaPP
The embargo (12:00 UTC 2025-06-10) is over, let's start a thread on Hydroph0bia (CVE-2025-4275), a trivial SecureBoot and FW updater signature bypass in almost any Insyde H2O-based UEFI firmware used since 2012 and still in use today.
English writeup: https://t.co/DYLj3oBDkg
with offensivecon around the corner, i figured id write another post on linux kernel exploitation techniques - this time i cover the world of page table exploitation! enjoy 🤓
https://t.co/dqW9eMJkVI
Two new side-channel attacks against Apple CPUs that can leak sensitive data from the processor's memory
SLAP (Speculation Attacks via Load Address Prediction) and FLOP (False Load Output Predictions)
https://t.co/8OxbdIy99X
Nice paper! 🔥 No fix implemented, AFAIK.
Like the general idea that leaking the address of an exploit-controlled object of one type effectively means leaking the address of an object of another chosen type, as we can put the latter object onto the same page via cross-cache.
New attack on x86 secure enclaves, specifically AMD SEV this time. SEV is AMD's answer to Intel TDXs.
Basically tricking the CPU into thinking the DRAM is a different size, causing physical address aliasing, which can then be exploited
Outrageous technique: barely legal use of x86 CPU instruction enables you to catch and 𝗰𝗮𝗻𝗰𝗲𝗹 impeding pagefault before it actually happens.
③: catch PAGE_GUARD or invalid access
⓪: do previously illegal reads at high IRQL, safely
#vpgatherqq#vpscatterqq scatter/gather