For those who don't know they do track TPM information between reimages. I've been told previoisly by multiple ex-MS SOC staff that this is exactly what's used to track people for half a decade even if they are privacy conscious.
VPNs, TOR, etc doesn't matter when Microsoft is tracking your physical hardware and tracking your system activities over years....
A 27B Uncensored model that built for specifically for offensive security tooling (need 12 GB)
- Fine-tuned on real bug bounty reports & CVEs
- Generates complete, ready-to-run Nuclei templates, Full CVE PoC script, Webshell upload bypass, and exploits, code reviews
- Zero refusals. Full artifacts every time.
trained with 2,541 of real bug bounty & offensive security reports.
Q6_K quant (21GB) for maximum quality on server-grade GPUs.
Exploring the relationship between compilers, obfuscation, and de-obfuscation through LLVM, by Robert Yates (@quarkslab)
https://t.co/7rfwhEczcz
#infosec
Agents need better tools for reversing! I'm releasing declib (previously libbs), with a new CLI today that gives agents CLI access to 4 decompilers (IDA, Ghidra, Binja, angr), parity feature support to most MCP (12 features), and the ability to sync those changes across decs!
`macpow` : un TUI en temps réel pour visualiser la consommation électrique composant par composant sur Apple Silicon — CPU, GPU, ANE, DRAM, batterie, périphériques, processus…
https://t.co/XZt386VoTP
New blog post on reverse engineering and modifying HDD firmware. In this part I cover obtaining, analyzing, and modifying firmware, using backdoor commands to hot patch code in RAM, and using JTAG to debug a live HDD https://t.co/9vVt26JHxO
One researcher. ~$300 in API tokens. A working PoC against an April Patch Tuesday CVE.
Open-sourcing PatchWatch + Pocsmith, an agentic patch-diffing → exploit pipeline I built from off-the-shelf parts.
https://t.co/J3VwhqB3JY
I'm done paying $500 a month for anti-detect browsers after finding this.
It's called CloakBrowser. A stealth Chromium that scores 0.9 on reCAPTCHA v3 (same as a real human) and passes 14 out of 14 bot detection tests.
- Auto-resolves Cloudflare Turnstile
- Beats FingerprintJS and BrowserScan
- TLS fingerprint identical to real Chrome
- Drop-in Playwright replacement (one line swap)
100% Opensource. MIT License.
What you usually pay for vs CloakBrowser:
Bright Data scraping browser → $500+/month
Browserless stealth tier → $200+/month
Custom anti-detect builds → $10K+ engineering
CloakBrowser → pip install, 200MB binary, done.
The reason it actually works:
Most stealth libraries (playwright-stealth, undetected-chromedriver, puppeteer-extra) inject JavaScript or tweak flags. Every Chrome update breaks them. Antibot systems detect the patches themselves.
CloakBrowser patches Chromium's C++ source code in 16 places. Canvas, WebGL, audio fingerprint, fonts, hardware concurrency, GPU vendor strings, WebDriver flag, TLS fingerprint.
All compiled into the binary. Detection sites see a real browser because it is a real browser.
Stock Playwright scores 0.1 on reCAPTCHA v3. CloakBrowser scores 0.9.
Same code. Same API. One import change.
Make it blink!
This new article unpacks how Mehdi and Matthieu achieved an over-the-air exploitation of the #PhilipsHue Bridge via a #Zigbee bug.
Read all about the technical details, how they proved it is exploitable at #Pwn2Own Cork 2025, and the underlying vulnerability here 👇 https://t.co/IfPNhfU9nh
Exploiting Reversing (ER) series: article 09 | Exploitation Techniques: CVE-2024-30085 (part 03)
Today I am releasing the nineth article in the Exploiting Reversing Series (ERS). In “Exploitation Techniques | CVE-2024-30085 (Part 09)” I provide a 106-page deep dive and a comprehensive roadmap for vulnerability exploitation:
https://t.co/V0K5p1Y3wH
Key features of this edition:
[+] Dual Exploit Strategies: Two distinct exploit editions built on the cldflt.sys heap overflow.
[+] PreviousMode Edition: Exploit cldflt.sys via WNF OOB + Pipe Attributes + ALPC + _KTHREAD.PreviousMode flip: elevation of privilege of a regular user to SYSTEM.
[+] PPL Bypass Edition: Exploit cldflt.sys via WNF OOB + PreviousMode flip + _EPROCESS.Protection strip + MiniDumpWriteDump: elevation of regular user to SYSTEM.
[+] Solid Reliability: Two complete, stable exploits, including a multi-step cleanup phase that restores the corrupted pipe attribute Flink and _KTHREAD.PreviousMode before process exit, preventing crash on cleanup.
This article guides you through two additional techniques for exploiting the CVE-2024-30085 Heap Buffer Overflow. While demonstrated here, these methods can be adapted as exploitation techniques for many other kernel targets.
I hope this serves as a definitive resource for your research. If you find it helpful, please feel free to share it or reach out with your feedback!
I would like to thank Ilfak Guilfanov (@ilfak) and Hex-Rays SA (@HexRaysSA) for their constant and uninterrupted support, which has been vital in helping me produce this series.
The following articles will continue the miniseries about iOS and Chrome, which are my areas of research.
Enjoy the reading and have an excellent day.
#exploit #exploitdevelopment #windows #exploitation #vulnerability #minifilterdriver #kernel #heapoverflow
GitHub - net2share/nethopper: Share internet access from a free network to a restricted one using Xray-core reverse proxy and SOCKS5. · GitHub https://t.co/gCLVxhj8x6