ACCESS GRANTED
Terminal ESC
$
Type to search posts or enter a command (try "help")
All Posts
2026-05-15
CVE-2026-31431: Linux Page Cache LPE via algif_aead Scratch Write
A logic flaw in the kernel's authencesn AEAD template lets an unprivileged user write four controlled bytes into the page cache of any readable file. Splice in /usr/bin/su, patch in shellcode, execute it as root.
red teamlinuxkernellpecryptocontainer-escape
8 min
2026-03-20
JumbleJuice: Shellcode Encoding for Payload Development
I built a shellcode encoder that outputs ready-to-paste code snippets in C, C#, Go, Python, Rust, and Nim. Six encoding schemes, zero dependencies. Here's how it works and why I needed it.
toolsshellcodeencodingpayload-devevasiongolang
5 min
2026-03-15
Bypassing EDR with Syscall Proxying
EDR products hook ntdll.dll to watch your syscalls. Syscall proxying lets you slip past those hooks by borrowing clean stubs from modules the EDR didn't bother to patch.
red teamwindowsevasionsyscallsopsec
3 min
2026-03-10
CI/CD Pipeline Attack Surface Mapping
Every CI/CD pipeline is an attack surface. From GitHub Actions to Jenkins, this post maps the common attack vectors and shows how to find them in your own infrastructure.
devsecopscicdgithub-actionssupply-chainjenkins
2 min
2025-11-10
CVE-2025-59287: Unauthenticated RCE in WSUS via Deserialization
A CVSS 9.8 deserialization flaw in WSUS lets an unauthenticated attacker pop a SYSTEM shell on any unpatched WSUS server. No credentials required, just network access to port 8530.
red teamwindowswsusdeserializationrceactive-directory
2 min