Bypassing Microsoft KB5014754 and KDC_ERR_PADATA_TYPE_NOSUPP in Certipy About two weeks ago I completed an internal pentest structured as a purple team exercise. I conducted the attacks while the client’s SOC monitored for visibility gaps in real time. The environment was...

Join @vict0ni.bsky.social as he exploits ADCS, using Certipy to bypass KB5014754

0x00sec.org/bypassing-mi...

#hacker #infosec #redteam #offsec #cyber

Self-mutating macOS implant: Part 1 Good to be back on the forum, Today’s post we’re just raw-dogging it from a degenerate malware dev perspective. We’re gonna cook up a self-contained metamorphic engine a piece carrying its own ARM64 ...

"Cooking up a macOS self-contained metamorphic engine a piece carrying its own ARM64 disassembler, liveness analyzer, code generator, and multiple mutation algorithms, with reflective loading, collection & exfiltration capabilities."

Part 1 of 4 😱

forum.0x00sec.org/t/self-mutat...

Abusing HTTP HEAD for Java Deserialization RCE (CVE-2025-12059) CVE-2025-12059 CWE-502, 538 Unauthenticated Java Deserialization RCE via HTTP HEAD Request Date: 2025-10-04 Severity: Critical (CVSS v3.1 = 9.8) (Full system compromise risk) AV:N/AC:L/PR:N/UI:N...

Abusing HTTP HEAD for Java Deserialization RCE (CVE-2025-12059)

forum.0x00sec.org/t/abusing-ht...

#cve #cybersecurity #cyber #security #hacking #exploit

as is tradition every international women’s day, i will be ignoring every single man whose presence i encounter, both online & IRL

Heap Exploitation For Dummies (Part 1) Original by Magnus on the forum. Most beginners get lost when it comes to exploiting the heap. That’s because there are a lot of techniques that differ depending on the glibc version and other variab...

Heap Exploitation for Dummies (Part 1) by Magnus

0x00sec.org/heap-exploit...

Crypto/Reverse Challenge Hi everyone, Following the old tradition of 0x00sec, here it comes a crypto/reverse challenge for you to have some fun (hopefully). The challenge can be solved figuring out the really simple encrypt ...

Try your hand at a Crypto / Reverse Challenge from 0x00pico!

forum.0x00sec.org/t/crypto-rev...

#re #crypto #cyber #security

CIOs told: Prove your AI pays off – or pay the price Boards demand measurable ROI as budgets, bonuses, and jobs hang in the balance The clock is ticking for AI projects to either prove their worth or face the chopping block.…

CIOs told: Prove your AI pays off – or pay the price

Exploiting CVE-2023-52271 and evading AV/EDR by terminating their PPL processes via BYOVD. One of the few times I've dealt with #ReverseEngineering a PE and I must admit it was fun.

#infosec #hacking #securityresearch #offsec

BYOVD: Silencing AV/EDR with CVE-2023-52271 Bring Your Own Vulnerable Device (BYOVD) is a technique used in red teaming that allows users to perform kernel-level actions by exploiting a vulnerable, legitimately signed kernel device driver. Dri...

BYOVD: Silencing AV/EDR with CVE-2023-52271 by @vict0ni.bsky.social

0x00sec.org/byovd-silenc...

#edr #cyber #cve #byovd #security #exploitation

BYOVD: Silencing AV/EDR with CVE-2023-52271

0x00sec.org/byovd-silenc...

Container Escape to Full Kubernetes Takeover 2.3. Container Escape to Full Kubernetes Takeover by: Antonius (w1sdom) In this example, I am writing documentation for when one of my clients asked me to perform penetration testing on their Kube...

Container Escape to Full Kubernetes Takeover

forum.0x00sec.org/t/container-...

#pentest #cyber #security #hacking #kubernetes

Hacking For Beginners Intro Since there are many beginners here, I think it would be fair to give some advice in one big post, rather than answering hundreds of questions individually. You can find a lot of resources to u...

Let's go back to the beginning... A handy guide for people starting out in the world of offensive security!

#hacking #security #offsec #beginners

forum.0x00sec.org/t/hacking-fo...

Sim Card Swapping & Sim Card Recycling Attack by: Wisdom (Antonius) https://bluedragonsec.com https://github.com/bluedragonsecurity Example Hacking Scenario by Exploiting the Victim’s Phone Number This technique is very dangerous because the ...

SIM swap and SIM recycling attacks remain a practical account-takeover vector. Read how number recycling, carrier processes, and downstream account recovery flows combine into real-world risk that’s still widely underestimated.

forum.0x00sec.org/t/sim-card-s...

#hacking #cyber #simswap #offsec

FBI Couldn’t Get into WaPo Reporter’s iPhone Because It Had Lockdown Mode Enabled Lockdown Mode is a sometimes overlooked feature of Apple devices that broadly make them harder to hack. A court record indicates the feature might be effective at stopping third parties unlocking…

“Because the iPhone was in Lockdown mode, CART could not extract that device,” the court record reads, referring to the FBI’s Computer Analysis Response Team.

Full disclosure helps more than it hurts I’m going to just say it: full disclosure is the right move, and not just for hackers. It’s better for everyone. Yes, it pisses off vendors, causes drama, but it’s one of the only things you can do ...

forum.0x00sec.org/t/full-discl... #security #fulldisclosure #cyber #vulnerability

FBI Couldn’t Get into WaPo Reporter’s iPhone Because It Had Lockdown Mode Enabled Lockdown Mode is a sometimes overlooked feature of Apple devices that broadly make them harder to hack. A court record indicates the feature might be effective at stopping third parties unlocking some...

NEW: The FBI has been unable to access a Washington Post reporter’s seized iPhone because it was in Lockdown Mode, a sometimes overlooked feature that makes iPhones broadly more secure, according to recently filed court records.

why businesses don't care about cyber security at its core, a business exists to make money. everything else: controls, processes, compliance, risk management, is secondary. the goal is to sell something for more than it cost to produce. cyber sec...

forum.0x00sec.org/t/why-busine...

#cyber #security #business #hacking

How to Rob a Bank ( Lessons by Phineas Phisher ) dmcxblue writes in the forum: Hi everyone!! I’m excited to be back in this fantastic community and forum where my journey of publishing articles on Red Team techniques and Offensive Security first b...

How to Rob a Bank ( Lessons by Phineas Phisher )

0x00sec.org/how-to-rob-a...

How to Rob a Bank ( Lessons by Phineas Phisher ) dmcxblue writes in the forum: Hi everyone!! I’m excited to be back in this fantastic community and forum where my journey of publishing articles on Red Team techniques and Offensive Security first b...

How to Rob a Bank ( Lessons by Phineas Phisher )

0x00sec.org/how-to-rob-a...

Welcome back, hackers! After a long break, we’re relaunching 0x00sec and opening the doors to what it was always meant to be: a place for hackers, researchers, students, and curious minds to share real work, learn from each...

Welcome back, hackers.

0x00sec is live again with new security research, active forums, and community-driven offensive security content.

0x00sec.org/welcome-back...

#infosec #hacking #offsec #securityresearch #ctf #0x00sec

Hey #hackers! What's up?