PSA update your INSTAR cameras. Our teammate Michael Imfeld identified a critical RCE (CVE-2025-8760) on 2k+ and 4K devices. Find the advisory here:
modzero.com/en/advisorie...
A colleague of mine found exposed credentials potentially granting access to Synology Teams backups. Check the full analysis and scan your tenants for IOCs. #cybersecurity #infosec #disclosure
modzero.com/en/blog/when...
Innenminister Dobrindt meint: Die Einstufung der AfD als βgesichert rechtsextremβ reicht nicht fΓΌr ein Parteiverbot?
Kein Problem β wir legen nach: Mit unserer Belegsammlung schaffen wir die Grundlage fΓΌr ein umfassendes Gutachten zum AfD-Verbotsverfahren. Mehr dazu: fragdenstaat.de/aktionen/afd...
Both defenders and red teamers will be interested in this tool drop and deep dive into psexec from AurΓ©lien.
He, Michael, and Reino built susinternals that makes use of the Microsoft signed psexec service binary on the host instead of the more easily flagged RemCom.
sensepost.com/blog/2025/ps...
ROPing our way to βYay, RCEβ - and a lesson in the importance of a good nights sleep!
Follow our Colleague Michaels journey of developing an ARM ROP chain to exploit a buffer overflow in uc-http
modzero.com/en/blog/ropi...
NEU: Hier ist das geheime Verfassungsschutz-Gutachten zur AfD in voller LΓ€nge. Fast 5000 Quellen hat die BehΓΆrde in den vergangenen Jahren ausgewertet, jetzt hat @netzpolitik.org das Gutachten verΓΆffentlicht.
In Chrome:
Object.values(this)[165].bind(this)()
This is a great post on bug bounty reddit!
OP reported an IDOR, gets paid $2,000, and then realizes it never was IDOR. It's just a cached response...
Issue #2 joined the 'over 100K downloads' club. All thanks to you!
Now Issue #4 is applying for a membership there, and it's not far from getting in :)
Want to help? Tell your friends about us!
pagedout.institute
I am glad you like it!
I wrote a blog post about SSTI in Thymelaf - hopefully it helps some people pentesting up-to-date Spring Boot applications :)
(please re-post for reach - thank you!)
Learned a cool new Linux trick? Know an interesting quirk in a network protocol? Or have something else to share?
Write a 1-page article for the #6 issue of Paged Out! :)
pagedout.institute?page=cfp.php
Soft deadline is Feb 1st.
My videos for Flare-On 2024 are live! Watch me reverse engineer all the challenges from start to end. ππ₯³
+ Commentary video featuring SuperFashi, where we review the chals together.
* 45 hours of content
* 400+ GB of raw footage
Merry Christmas! Link: www.youtube.com/watch?v=vwW9...
Re-sharing to keep bluesky rolling
go.bsky.app/EhGFSVj
A thumbnail with a blue, black, and green gradient background, with the VS Code and GitHub Copilot logos in the foreground and a graphic of the Copilot Chat window hovering below.
Announcing GitHub Copilot Free!
A new free tier for GitHub Copilot, available for everyone today in VS Code.
No trial. No subscription. No credit card required.
Learn more in our blog: aka.ms/copilot-free
I just wrote a new blog post! This is how I (ab)used a jailed file write bug in Tomcat/Spring. Enjoy!
Remote Code Execution with Spring Properties :: srcincite.io/blog/2024/11...
I can highly recommend Shazzer from @garethheyes.co.uk, such a great tool for XSS research!
I'm glad to release the tool I have been working hard on the last month: #KrbRelayEx
A Kerberos relay & forwarder for MiTM attacks!
>Relays Kerberos AP-REQ tickets
>Manages multiple SMB consoles
>Works on Win& Linux with .NET 8.0
>...
GitHub: github.com/decoder-it/K...
Hello Bluesky π
We are an IT security company. Our team consists of like-minded hackers located in Germany and Switzerland.
Our core areas of expertise are comprehensive technical security analyses, penetration tests and red teaming services.
Want to learn more about us?
Check: modzero.com/en/
During a #redteam at @modzero.bsky.social we discovered a limited but neat bypass for #printnightmare. I talked to @itm4n about it and he had an indepth look. Read about it here:
itm4n.github.io/printnightma...
#itsec
