CVE-2026-31431: Linux Page Cache LPE via algif_aead Scratch Write
A logic flaw in the kernel's authencesn AEAD template lets an unprivileged user write four controlled bytes into the page cache of any readable file. Splice in /usr/bin/su, patch in shellcode, execute it as root.
JumbleJuice: Shellcode Encoding for Payload Development
I built a shellcode encoder that outputs ready-to-paste code snippets in C, C#, Go, Python, Rust, and Nim. Six encoding schemes, zero dependencies. Here's how it works and why I needed it.
Bypassing EDR with Syscall Proxying
EDR products hook ntdll.dll to watch your syscalls. Syscall proxying lets you slip past those hooks by borrowing clean stubs from modules the EDR didn't bother to patch.
CI/CD Pipeline Attack Surface Mapping
Every CI/CD pipeline is an attack surface. From GitHub Actions to Jenkins, this post maps the common attack vectors and shows how to find them in your own infrastructure.
CVE-2025-59287: Unauthenticated RCE in WSUS via Deserialization
A CVSS 9.8 deserialization flaw in WSUS lets an unauthenticated attacker pop a SYSTEM shell on any unpatched WSUS server. No credentials required, just network access to port 8530.