zer0luck.eth

We'd love to be proven wrong here. As a red team, few things are more exciting than a reliable nginx RCE. For some context: we discovered at least two nginx 0-days and successfully weaponized one into a full RCE, bypassing ASLR with no external dependencies. We were thrilled, until we realized both bugs appear to require highly unusual nginx configs that we've yet to encounter in the wild. That's why we built ngxray: https://t.co/OSD6xYI4PI. After analyzing 35,000+ nginx configurations from GitHub, we found exactly one instance vulnerable to nginx-rift, in an abandoned project. We found none vulnerable to nginx-poolslip. Users should absolutely patch. But from a red team perspective, these exploits have been worthless. We've never encountered a target where they'd have been useful. If anyone has evidence that these configs are common in real-world deployments, we'd like to see it. Everybody wants their five minutes of Twitter fame. That's fine. But extraordinary claims still require extraordinary evidence.

BYOVD and LSASS Dumping in the Era of Modern EDR The author examines the BYOVD (Bring Your Own Vulnerable Driver) technique as a method to bypass modern Windows protections and EDR solutions. The article demonstrates how using a vulnerable but signed driver (e.g., "PDFWKRNL.sys") enables access to kernel operations through insecure IOCTL interfaces, effectively creating primitives for kernel-level memory manipulation. The exploitation is structured as a chain of techniques: loading a vulnerable driver, obtaining a kernel-level primitive, disabling LSASS protection, and subsequently dumping its memory. To evade EDR, additional stealth methods are employed, including process cloning via "NtCreateProcessEx" (instead of direct access to LSASS), hooking "MiniDumpWriteDump" via a callback to perform in-memory dumping only, and applying XOR obfuscation before writing data to disk. 📎 Article: https://t.co/H4VPGMGk7d #dbugs_attacks

The creator of Linux just publicly called out the AI hype. Word for word. Linus Torvalds took the stage at Open Source Summit 2026 and said this: "When I see people saying 99% of our code is written by AI, I literally get angry. Because those same people — I can pretty much guarantee — 100% of their code is written by compilers. But they never say that." He is not anti AI. The Linux kernel saw a 20% jump in submissions this release because of AI tools. He uses it. He gets it. His point is something most people are too afraid to say. AI is a productivity tool exactly like compilers were. Compilers boosted programming by 1000x. AI adds another 10x on top. Enormous. But nobody says "the compiler wrote my code." So why are we saying AI wrote it? He also flagged something nobody is talking about. AI is flooding small open source projects with drive-by bug reports. Someone runs a prompt, files a report and disappears when asked for a patch. Maintainers with one or two people are drowning trying to keep up. "Sometimes AI reports a bug and when you ask for more information the person has done that drive-by and does not even answer your question. That is the real burnout issue." And his final warning was the sharpest of all. "People who do not understand the complexity of systems will prompt systems and write processes that will fail." The AI hype crowd is very loud right now. Linus has been building real systems for 35 years. When he talks, engineers listen. Full interview here: https://t.co/LmXJtvKc4O

The world’s largest residential proxy network runs on consent, TLS and vibes. The TV is always watching and apparently it is also available for contract work in surveillance or data acquisition? Bright Data sells access to a residential proxy network, the kind customers use to route requests through real home IP addresses instead of datacenter IPs that Cloudflare, DataDome and HUMAN are trained to block. The supply comes from an SDK embedded in consumer apps. So: CTV games, messengers, mobile apps and screensavers. With consent somewhere upstream, the device becomes an exit node. The TV is perfect for this job. It is plugged in, on WiFi, often unattended and barely supervised. It also asks for consent through a privacy policy and a remote-control UI, which is one way to make “informed choice” look like an endurance sport. One config flag tells the SDK to ignore whether the screen is on. Another tells it to ignore whether the user is on a call. In this economy, watching TV counts as downtime. https://t.co/WvFVvEFrzY

LPE in the Linux kernel's CIFS client implementation CVE: CVE-2026-46243 PT ID: PT-2026-45478 Vendor: Linux Product: Linux CVSS: 7.8 Credits: Asim Viladi Oglu Manizada Description: A privilege escalation vulnerability was found in the Linux kernel's CIFS client implementation. This could allow a local attacker to impersonate other users, bypass authentication in SMB mount operations, and potentially gain unauthorized access to network file shares or escalate privileges. References: • https://t.co/L5OiuPXz4B • https://t.co/mIieH2yll0 PoC/Exploit: • https://t.co/a8NDymy5TB • https://t.co/baod4Pqm2z #dbugs_vuln

🚨 Windows Netlogon 0-Click RCE Vulnerability Now Actively Exploited In The Wild | Source: https://t.co/Iym37fFkgU The critical Windows Netlogon remote code execution (RCE) vulnerability tracked as CVE-2026-41089 is now under active exploitation in the wild, significantly raising the risk profile for unpatched Windows Server environments. The flaw affects Windows servers configured as domain controllers and allows unauthenticated remote attackers to execute arbitrary code with SYSTEM-level privileges by sending specially crafted Netlogon network requests. To exploit CVE-2026-41089, an attacker only needs network access to a vulnerable domain controller’s Netlogon service. #cybersecuritynews #windows

Escaping the Browser Sandbox via the Windows Kernel Vulnerability CVE-2026-40369 PT ID: PT-2026-40204 The article examines the vulnerability CVE-2026-40369 -> (https://t.co/efthrw5oI5), which enables a browser sandbox escape due to an error in handling a system call. The author shows how even a limited ability to write to kernel memory can be turned into a full exploitation primitive. The material подробно demonstrates the exploitation process, including gaining SYSTEM privileges and bypassing security mechanisms. Ultimately, the vulnerability allows an attacker to move from code execution inside the browser to full control over the operating system. References: • https://t.co/zrGmYG6677 📎 Article: https://t.co/gJCxigHaom #dbugs_attacks

🐧 Linux Kernel Defence Map — Visual Guide to Linux Security Hardening 🛡️ Linux kernel security is complex. This project makes it easier to understand. • Maps vulnerabilities, exploits & kernel defenses • Covers mitigation technologies and hardening features • Links security concepts with real CWE categories • Helps navigate Linux kernel security documentation • Built with GraphViz for easy exploration and updates • Includes Kernel Hardening Checker to audit your kernel config A valuable resource for Linux security engineers, kernel researchers, red teamers, and defenders looking to understand how modern kernel protections work. 🔗 https://t.co/sbby5o2HRw #Linux #KernelSecurity #CyberSecurity #OpenSource #LinuxHardening #Infosec #SecurityResearch