user avatar
kmkz
@kmkz_security
Bourbon Offensive Security Services | BOSS
Troisvierges, Luxembourg
boffsec-services.com
Joined October 2012
1,741
Following
19.5K
Followers
Posts
  • Pinned
    user avatar
    kmkz
    @kmkz_security
    Apr 22
    Update: dropped CVE-2026-22191:SSTI-> sandbox escape-> JS exec (No user interaction) CVE-2026-22192+22199: Voltronic UPS preauth root RCE chain Exposed: direct pivot into infra!🔥 Write-up boffsec-services.com/posts/sicurowe… POC github.com/kmkz/Exploits/… 🫡to @catc0n & @VulnCheckAI support!
    user avatar
    kmkz
    @kmkz_security
    Apr 20
    Q1 2026 mood: if your “red team” is bloodhound > impacket > DA, congrats, you just speedran the tutorial👏 meanwhile we’re on pre-auth > full chain > root, no shortcuts, no recycled paths: real vulns, real impact, real pwnage🔥 (more dropping soon)
    14K
  • user avatar
    kmkz
    @kmkz_security
    Jan 24, 2020
    Post-exploitation #Friday tip: Do you know how to trivially & remotely hijack an #RDP session without prompt nor warning on user's side using #Microsoft signed binary (no patch/multi-session) ? qwinsta+mstsc shadowing is the answer ;) Details: github.com/kmkz/Pentestin… #Pentesting
  • user avatar
    kmkz
    @kmkz_security
    Aug 22, 2021
    Writing an iOS Kernel Exploit from Scratch secfault-security.com/blog/chain3.ht…
  • user avatar
    kmkz
    @kmkz_security
    May 25, 2020
    Some people think that AV bypasses are 1337 in 2020..good news: reality is very different and some assembly code can evade 100% of VT AV engines in only few minutes.👍 Reused the technique shared last year & still working like a charm, of course! No magic github.com/kmkz/exploit/b…
  • user avatar
    kmkz
    @kmkz_security
    Jun 23, 2019
    How Red Teams Bypass AMSI and WLDP for .NET Dynamic Code movaxbx.ru/2019/06/04/how…
  • user avatar
    kmkz
    @kmkz_security
    Sep 3, 2022
    Learning Linux kernel exploitation - Part 1 - Laying the groundwork
    Learning Linux kernel exploitation - Part 1 - Laying the groundwork
    From 0x434b.dev
  • user avatar
    kmkz
    @kmkz_security
    Oct 8, 2019
    Modern Red Team Infrastructure silentbreaksecurity.com/modern-red-tea… #redteam #Pentest #Pentesting
  • user avatar
    kmkz
    @kmkz_security
    May 8, 2019
    Active Directory Kill Chain Attack and Modern Post Exploitation  github.com/infosecn1nja/A… #Pentesting #redteam #pentest #TTP
  • user avatar
    kmkz
    @kmkz_security
    Dec 25, 2022
    Linux kernel exploit development series
    Linux kernel exploit development | Breaking Bits
    From breaking-bits.gitbook.io
    54K
  • user avatar
    kmkz
    @kmkz_security
    May 18, 2019
    MS Excel Weaponization Techniques
    From t3l3m3try.medium.com
  • user avatar
    kmkz
    @kmkz_security
    Feb 18, 2021
    WINDOWS KERNEL ZERO-DAY EXPLOIT (CVE-2021-1732) IS USED BY BITTER APT IN TARGETED ATTACK ti.dbappsecurity.com.cn/blog/index.php…
  • user avatar
    kmkz
    @kmkz_security
    Feb 26, 2020
    Want to start to fuzz like a boss? --> Materials of the "#Fuzzing with #AFL" workshop - An excellent intro ! by @michael_macnair Material: github.com/mykter/afl-tra… Slides: drive.google.com/file/d/1g78Ggm…
  • user avatar
    kmkz
    @kmkz_security
    Jun 5, 2023
    Adobe Acrobat Reader - CVE-2023-21608 - Remote Code Execution Exploit - by @HackSysTeam
    GitHub - hacksysteam/CVE-2023-21608: Adobe Acrobat Reader - CVE-2023-21608 - Remote Code Execution...
    From github.com
    66K
  • user avatar
    kmkz
    @kmkz_security
    Apr 23, 2019
    #Windows NamedPipes 101 + Privilege Escalation ired.team/offensive-secu… #Pentesting #privesc