DebugPrivilege

I know that SharePoint CVE is a hot topic now, but if you are curious how to analyze such similar exploits through WinDbg. Take a look at this write-up!

I have been presenting the risk to Active Directory if VMware infrastructure isn't well protected since 2015. adsecurity.org/wp-content/upl… VMWare admins can access the storage associated with virtual Domain Controllers and therefore have access to the AD database file (ntds.dit).…

People still run SharePoint On-Premises? 🤯

MSTIC blog on Sharepoint exploitation At least 3 actors exploiting CVE-2025-49706 & CVE-2025-49704 as early as July 7: Linen Typhoon Violet Typhoon Storm-2603 (CN-based actor deployed Warlock & Lockbit ransomware in past - current motivation unknown) microsoft.com/en-us/security…

Active Mass Exploitation of ToolShell (CVE-2025-53770) 45.191.66.77 🇧🇷 AS 269670 ( VIACLIP INTERNET E TELECOMUNICACOES LTDA) 0 detections on VT

Who will attend BlackHat/DEFCON this year?

Can someone share me a memory dump of the exploited w3wp.exe process + IIS logs? DM me… I would appreciate it. Was thinking to do a blog post about analyzing this CVE with WinDbg… 🙂

Greg 👍

Smb Signing is one of the best security measures an organization can take. Who has this fully enabled in their org?

Starting my new job tomorrow! 🫣

I just released COMmander - a .NET tool designed to provide an easy to use interface for COM and RPC based attacks. It taps into the Microsoft-Windows-RPC ETW provider and allows you to provide a customizable rule set for detections. github.com/HullaBrian/COM…

If you’re into EDR, Detection Engineering, and so on. Give @felixm_pw a follow. Some awesome stuff from his side is coming 🔜

Brand new 😍 40-hour EDR Internals: Research & Development live workshop with my friend @zodiacon Starts 23 Oct 2025 🚀🔥 Early-bird $1,450 ends 30 Sep; Details: trainsec.net/courses/edr-in… #EDRInternals #KernelDevelopment #ReverseEngineering #CyberSecurityTraining #MalwareAnalysis…

The @PaloAltoNtwks article about TGR-CRI-0045 unit42.paloaltonetworks.com/initial-access… is interesting. However, if you are reading it, it talks about TGR-CRI-0045 only. This is not the only thing attackers can do. - First, they don't need to run command. - If they load raw C# code, it may…

One of the things I wish we would be more transparent about in InfoSec is salary. It’s unbelievable annoying to figure out at a later stage that you’ve been underpaid or got lowballed. Take your financials seriously…

Do you know what's running on your Domain Controllers? During about 15% of assessments, we find a scheduled task that runs a script that's located on a share. We also find software that shouldn't be on a DC like VNC, Opera, Google Chrome, etc. Review your DCs to ensure they…

I pulled 2 years of workforce data from 9 major companies. - At Intel: 3 out of every 4 engineering roles no longer exist - At Microsoft: 7 out of 10 managers have been scrubbed from the org - At Ford: nearly 9 out of 10 senior staff roles are gone This isn’t just about…

I think these layoffs in tech are a good sign that you should never feel comfortable because you never know whether you’re next or not. Be able to adapt to different domains is needed imo.