banner
LightNews LightNews
warthogtk.bsky.social
WarthogTK
@warthogtk.bsky.social
460 followers 1.7K following 620 posts
Pentester | Ex MD (Intensivist & Healthcare Simulation) | (Black) Arch Enthusiast | Infosec - AD - Windows Internals/Maldev enthusiast | Geopolitics, Defense, Disinformation, Hybrid warfare | DCS, Gaming, Metal (OU=FR,DC=WORLD,DC=UNIVERSE)
Posts Media Videos Starter Packs
warthogtk.bsky.social
WarthogTK @warthogtk.bsky.social · 12h
Cloudflare Image Proxy CSPT Exploit Explained blog.voorivex.team/cloudflare-i...
Cloudflare Image Proxy CSPT Exploit Explained
Explore Cloudflare's Image Proxy as a CSPT exploit tool, enabling impactful cross-origin path traversal attacks through redirect techniques
blog.voorivex.team
warthogtk.bsky.social
WarthogTK @warthogtk.bsky.social · 14h
Signal dévoile un protocole de chiffrement post-quantique conçu pour garantir la confidentialité persistante des échanges et la sécurité post-compromission, sans altérer les performances de l'application securite.developpez.com/actu/376845/...
Signal dévoile un protocole de chiffrement post-quantique conçu pour garantir la confidentialité persistante des échanges et la sécurité post-compromission, sans altérer les performances de l'application
Signal anticipe la menace quantique et renforce sa sécurité avec un nouveau protocole de chiffrement post-quantique. L'application lance Sparse Post-Quantum Ratchet (SPQR), un mécanisme avancé qui…
securite.developpez.com
warthogtk.bsky.social
WarthogTK @warthogtk.bsky.social · 14h
À Prisma Media, les salariés craignent d’être à leur tour avalés par Bolloré www.mediapart.fr/journal/cult...
À Prisma Media, les salariés craignent d’être à leur tour avalés par Bolloré
Après quatre années passées à échapper au rouleau compresseur du milliardaire breton, c’est au tour des rédactions du groupe Prisma de servir de marchepied médiatique à l’extrême droite. Plusieurs in…
www.mediapart.fr
warthogtk.bsky.social
WarthogTK @warthogtk.bsky.social · 16h
NetworkHound Advanced Active Directory network topology analyzer with SMB validation, multiple authentication methods (password/NTLM/Kerberos), and comprehensive network discovery. Export results as BloodHound‑compatible OpenGraph JSON. github.com/mordavid/Net...
GitHub - MorDavid/NetworkHound: Advanced Active Directory network topology analyzer with SMB validation, multiple authentication methods (password/NTLM/Kerberos), and comprehensive network discovery. Export results as BloodHound‑compatible OpenGraph JSON.
Advanced Active Directory network topology analyzer with SMB validation, multiple authentication methods (password/NTLM/Kerberos), and comprehensive network discovery. Export results as BloodHound‑...
github.com
1
warthogtk.bsky.social
WarthogTK @warthogtk.bsky.social · 19h
CVE-2025-59287 WSUS Remote Code Execution | HawkTrace hawktrace.com/blog/CVE-202...
CVE-2025-59287 WSUS Remote Code Execution
A technical WSUS advisory for CVE-2025-59287: unsafe deserialization in Windows Server Update Services that allows remote code execution.
hawktrace.com
1 1
warthogtk.bsky.social
WarthogTK @warthogtk.bsky.social · 22h
Yet Another DCOM Object for Command Execution Part 1 sud0ru.ghost.io/yet-another-...
Yet Another DCOM Object for Command Execution Part 1
If you’re a penetration tester, you know that lateral movement is becoming increasingly difficult, especially in well defended environments. One technique for command execution has been the use of…
sud0ru.ghost.io
warthogtk.bsky.social
WarthogTK @warthogtk.bsky.social · 22h
Denial of Fuzzing: Rust in the Windows kernel - Check Point Research research.checkpoint.com/2025/denial-...
Denial of Fuzzing: Rust in the Windows kernel - Check Point Research
Summary Check Point Research (CPR) identified a security vulnerability in January 2025 affecting the new Rust-based kernel component of the Graphics Device Interface (commonly known as GDI) in…
research.checkpoint.com
warthogtk.bsky.social
WarthogTK @warthogtk.bsky.social · 1d
CRLF Injection Nested Response Splitting CSP Gadget lab.ctbb.show/research/crl...
CRLF Injection Nested Response Splitting CSP Gadget
If you can do CRLF injection in the response header, most likely you can also do response resplitting to achieve reflected XSS. Even if a strict CSP is in place, you could bypass it by using response…
lab.ctbb.show
warthogtk.bsky.social
WarthogTK @warthogtk.bsky.social · 1d
Leveraging Raw Disk Reads to Bypass EDR
medium.com/workday-engi...
Leveraging Raw Disk Reads to Bypass EDR
Drivers are a common part of every Windows environment, and many of them provide low-level functionality. This blog details how to connect…
medium.com
warthogtk.bsky.social
WarthogTK @warthogtk.bsky.social · 1d
Better Exfiltration via HTML Injection d0nut.medium.com/better-exfil...

Tool:
github.com/d0nutptr/sic
Better Exfiltration via HTML Injection
This is a story about how I (re)discovered an exploitation technique and took a bug with fairly limited impact to a 5 digit bounty by…
d0nut.medium.com
warthogtk.bsky.social
WarthogTK @warthogtk.bsky.social · 1d
Next.js and the Mutated Middleware

blog.rootsys.at/posts/nextjs...
RootSys | Next.js and the Mutated Middleware
Welcome to the RootSys blog — a space dedicated to cutting-edge security research, deep-dive vulnerability analyses, and insights from the forefront of offensive security.
www.bugbountyhunting.com
1 2
warthogtk.bsky.social
WarthogTK @warthogtk.bsky.social · 3d
REGEXSS: How .* Turned Into over $6k in Bounties

sec.stealthcopter.com/regexss/
The Emulator's Gambit: Executing Code from Non-Executable Memory - RedOps
When experimenting with virtual memory in Windows, I asked myself: Is there a way to execute shellcode from a PE section like .data—which is readable and writable (RW) by default—without calling…
sec.stealthcopter.com
warthogtk.bsky.social
WarthogTK @warthogtk.bsky.social · 3d
6 Easy Bugs to Find in Golang Source Code Reviews pentesterlab.com/blog/6-easy-...
6 Easy Bugs to Find in Golang Source Code Reviews
Learn to spot 6 common security vulnerabilities in Go code reviews: directory traversal, weak randomness, hostname validation flaws, timing attacks, zip slip, and hardcoded secrets. Practical…
pentesterlab.com
1 1
warthogtk.bsky.social
WarthogTK @warthogtk.bsky.social · 3d
There's More than One Way to Trigger a Windows Service trustedsec.com/blog/theres-...
There's More than One Way to Trigger a Windows Service
Our custom solutions are tailored to address the unique challenges of different roles in security.
trustedsec.com
warthogtk.bsky.social
WarthogTK @warthogtk.bsky.social · 3d
yIKEs (WatchGuard Fireware OS IKEv2 Out-of-Bounds Write CVE-2025-9242) labs.watchtowr.com/yikes-watchg...
yIKEs (WatchGuard Fireware OS IKEv2 Out-of-Bounds Write CVE-2025-9242)
Note from editor: Before we begin, a big welcome to McCaulay Hudson, the newest member of the watchTowr Labs team with his inaugural blog post! Welcome to the mayhem, McCaulay! Today is the 8th of…
labs.watchtowr.com
1
warthogtk.bsky.social
WarthogTK @warthogtk.bsky.social · 3d
A Gentle Crash Course to LLMs - SpecterOps specterops.io/blog/2025/10...
A Gentle Crash Course to LLMs - SpecterOps
This is a crash course on the evolution of Machine Learning and modem AI and Large Language Models, and the security implications that come with them.
specterops.io
warthogtk.bsky.social
WarthogTK @warthogtk.bsky.social · 4d
The Emulator's Gambit: Executing Code from Non-Executable Memory - RedOps
redops.at/en/blog/the-...
The Emulator's Gambit: Executing Code from Non-Executable Memory - RedOps
When experimenting with virtual memory in Windows, I asked myself: Is there a way to execute shellcode from a PE section like .data—which is readable and writable (RW) by default—without using…
redops.at
Reposted by WarthogTK
pylos.co
Joe Slowik @pylos.co · 4d
"Patch your F5 BIG-IP immediately"
3 2 20
Reposted by WarthogTK
liberation.fr
Libération @liberation.fr · 4d
L'offre de rachat de SFR par Bouygues, Orange et Free publiée mardi soir, rejetée le lendemain par le groupe Altice, semble sonner le début de négociations pour la vente de l’opérateur.

Un deal qui serait lourd de conséquences pour les salariés comme pour les télécoms français dans leur ensemble.
Rachat de SFR par Bouygues, Orange et Free : des questions à l’appel
L’offre publiée mardi soir, rejetée le lendemain par le groupe Altice, semble sonner le début de négociations pour la vente de l’opérateur. Un deal qui serait lourd de conséquences pour les salariés comme pour les télécoms français.
www.liberation.fr
1 3 3
warthogtk.bsky.social
WarthogTK @warthogtk.bsky.social · 4d
F5 has just revealed a major cyberattack: hackers have stolen unpublished vulnerabilities and source code from Big-IP. This operation was attributed to state-sponsored actors.

F5:
my.f5.com/manage/s/art...

CISA:
www.cisa.gov/news-events/...
myF5
my.f5.com
1 1
warthogtk.bsky.social
WarthogTK @warthogtk.bsky.social · 4d
Comment migrer de Windows 10 à Windows 11 avec WAPT ? www.it-connect.fr/utiliser-wap...
Comment migrer de Windows 10 à Windows 11 avec WAPT ?
Ce tutoriel explique comment utiliser la solution WAPT pour migrer des PC de Windows 10 à Windows 11 ou de Windows 10 à Linux pour les machines non compatibles.
www.it-connect.fr
warthogtk.bsky.social
WarthogTK @warthogtk.bsky.social · 4d
Bypassing WAFs Using Oversized Requests

www.blackhillsinfosec.com/bypassing-wa...
Hacking Next.js Targets: Advanced SSRF Exploitation Guide
Learn how to identify and hunt for SSRF vulnerabilities in Next.js targets using different testing methods. Read the article now!
www.intigriti.com
warthogtk.bsky.social
WarthogTK @warthogtk.bsky.social · 5d
Patching Android ARM64 library initializers for easy Frida instrumentation and debugging

blog.nviso.eu/2025/10/14/p...
Patching Android ARM64 libraries for Frida instrumentation
Discover techniques for Android ARM64 library patching and Frida instrumentation.
www.wiz.io
warthogtk.bsky.social
WarthogTK @warthogtk.bsky.social · 6d
Wiz Finds Critical Redis RCE Vulnerability: CVE‑2025‑49844 www.wiz.io/blog/wiz-res...
Wiz Finds Critical Redis RCE Vulnerability: CVE‑2025‑49844 | Wiz Blog
A 13‑year Redis flaw (CVE‑2025‑49844) allows attackers to escape Lua sandbox and run code on hosts. See Wiz Research’s analysis and mitigations.
www.wiz.io
warthogtk.bsky.social
WarthogTK @warthogtk.bsky.social · 6d
Mic-E-Mouse sites.google.com/view/mic-e-m...
Mic-E-Mouse
Your computer mouse has big ears. Image courtesy of GPT4/Dall-E-3, generated using the keywords "computer mouse with big ears and a microphone as a scroll wheel."
sites.google.com