9 articles
RoguePlanet is the latest public Nightmare Eclipse proof-of-concept targeting Microsoft Defender. The code points to a race condition that turns Defender cleanup behavior into SYSTEM execution.
CVE-2026-46333 (ssh-keysign-pwn) is a nine-year-old Linux kernel race condition that lets an unprivileged local user steal SSH host keys and dump /etc/shadow. Root command execution is also possible on specific configurations.
Two new Linux kernel vulnerabilities — Dirty Frag (CVE-2026-43284/43500) and Copy Fail (CVE-2026-31431) — enable local privilege escalation to root on nearly all major distros. What users and admins need to know.
Active Directory Certificate Services is installed in most enterprise networks — and almost always misconfigured. Here's how attackers exploit ESC1 through ESC8 with Certipy, and how to detect and stop them.
Run SharpHound, read attack graphs, abuse ACL misconfigurations and Kerberoastable accounts — step-by-step path to Domain Admin in Active Directory.
A complete guide to Linux privilege escalation — SUID abuse, sudo misconfig, cron hijacking, capabilities, and kernel exploits. Includes auditd rules, Sigma, Wazuh, and Sentinel KQL detections.
Shadow Credentials abuse msDS-KeyCredentialLink via DACL misconfiguration to add a rogue certificate, authenticate via PKINIT, and extract NT hashes — no password required.
Windows Defender and other high-privilege system processes are increasingly targeted by attackers. Learn how security tools become attack surfaces — and what you can do about it.
A structured guide to Active Directory attack techniques — from BloodHound enumeration through Kerberoasting, LSASS dumping, ADCS abuse, and Shadow Credentials to Entra ID pivot. Every technique with detection coverage.