@vulnbot @cR0w this is fake or at least incomplete

To join the recent series of great Windows Defender content (defendnot, EvilentCoerce) I published a status report on mpclient development:

Fuzzing Windows Defender with loadlibrary in 2025

https://scrapco.de/blog/fuzzing-windows-defender-with-loadlibrary-in-2025.html

#Fuzzing #ReverseEngineering #Antivirus

@jpmens @bagder Well, if your backups can be restored using a web API, curl can actually help!

the latest incarnation of this is someone saying that curl can be used to download a ".curlrc" into your $HOME and then curl might do bad things in subsequent invokes.

The first step is "just" to trick a user to run a curl command line doing the bad.

... if you can trick a user into running an arbitrary command, you can of course do so much more harm than just this.

I think it’s really funny that in windows the standard libraries serve to abstract away incompatibilities between the kernel of different windows releases while this funny thing:

• GLibc

in the lunix world does the exact opposite

A practical NTLM relay attack using the MS-EVEN RPC protocol and antivirus-assisted coercion https://github.com/Thunter-HackTeam/EvilentCoerce

@SecurityWriter This has been my hypothesis for the last few years, but more on the cloud side.

Cloud’s fundamental problem is that compute requirements scale in human terms, maybe growing by 10-20% a year for a successful business. Compute and storage availability doubles every year or two.

This means that, roughly speaking, the dollar value of the cloud requirements for most companies halves every couple of years. For a lot of medium-sized companies, their entire cloud requirements could be met with a £50 Raspberry Pi, a couple of disks for redundancy, and a reliable Internet connection.

Most of the cloud growth was from bringing in new customers, not from existing customers growing.

Worse, the customers whose requirements do grow are starting to realise that they have such economies of scale that outsourcing doesn’t win them much: Microsoft or Amazon’s economies of scale don’t give them much bigger savings and those savings are eaten by profit.

They really need something where the computer requirement is so big that no one really wants to do it on prem. And something where the requirements grow each year.

AI training is perfect. You want infinite GPUs, for as short a time as possible. You don’t do it continuously (you may fine tune, but that’s less compute intensive), so buying the GPUs would involve having them sit idle most of the time. Renting, even with a significant markup, is cheaper. Especially when you factor in the infrastructure required to make thousands of GPUs usable together. And each model wants to be bigger than the last so needs more compute. Yay!

Coincidentally, the biggest AI boosters are the world’s second and third largest cloud providers.

FYI if you’re willing to link with ntdll or dynamically resolve it there’s a ton of APIs that return TEB/PEB or leave them in one of the registers.
(Don’t believe official return values. MSDN is a liar!)

https://bird.makeup/@vxunderground/1920208595808821334

Today 80 years ago Nazi Germany declared its unconditional surrender, ending the World War II.

#VictoryDay

How I ruined my vacation by reverse engineering [Windows Security Center]

https://blog.es3n1n.eu/posts/how-i-ruined-my-vacation/

Defender disabler tool:

https://github.com/es3n1n/defendnot

I have improved the cloud overview article with headlines that should make things somewhat clearer. Previously it was a bit of a wall of text. https://berthub.eu/articles/posts/cloud-overview/

Recon training prices go up beginning of May! If Linux binary analysis and malware are down your alley, check out my 4-day training on the topic 🤓
https://recon.cx/2025/trainingLinuxMalwareReverseEngineering.html

[RSS] CVE-2024-11477- 7-Zip ZSTD Buffer Overflow Vulnerability - Crowdfense

https://www.crowdfense.com/cve-2024-11477-7zip-zstd-buffer-overflow

[RSS] exploits.club Weekly Newsletter 71 - Lots Of Linux, MacOS OOB Writes, Enterprise Pre-Auth RCEs, and More

https://blog.exploits.club/exploits-club-weekly-newsletter-71-lots-of-linux-macos-oob-writes-enterprise-pre-auth-rces-and-more/

New Project Zero issue:

XNU VM_BEHAVIOR_ZERO_WIRED_PAGES behavior allows writing to read-only pages

https://project-zero.issues.chromium.org/issues/391518636

CVE-2025-24203

@da_667 @NosirrahSec put it this way, if I call in CrowdStrike and they send me Clippy reports, I will no longer call in CrowdStrike.

It makes me super uncomfortable that globbing in Bash can turn into code execution. The fact that the name of a file can change the behavior of ls is scary. This also works for other commands that you tend to glob with, such as rm.

Overview of Map Exploitation in v8 by @nyaaaaa_ovo

https://xia0.sh/blog/visit-the-map/visit-the-map

with offensivecon around the corner, i figured id write another post on linux kernel exploitation techniques - this time i cover the world of page table exploitation! enjoy 🤓

https://sam4k.com/page-table-kernel-exploitation/

@cR0w I think we'd need at least another digit given the shit I've seen on the open web in the last few decades...