Henrik Falk July 31, 2025
Baseband fuzzing on budget pt.1
This series of posts is attempting to be a bit more than just a tool, cool exploit or a new attack. It is a basic introduction to baseband LTE/5G as technology and how to get started fuzzing the baseband chips for vulnerabilities.
something.fromnothing.blog/posts/baseband-fuzzing-on-budget-pt1
Modern (Kernel) Low Fragmentation Heap Exploitation
In today’s blog post, we’re going one step further than in the previous post Windows Kernel Pool Internals (which I recommend reading to understand some of the concepts discussed here), and we’re going to achieve arbitrary read/write by leveraging our knowledge of the pool internals.
r0keb.github.io/posts/Modern-(Kernel)-Low-Fragmentation-Heap-Exploitation
Escaping the Confines of Port 445
TL;DR NTLM relay attacks on SMB restrict lateral movement to port 445/TCP capabilities. To extend beyond, leverage the Service Control Manager (SCM) remotely to initiate the Webclient service. This approach allows integration with computer account takeover methods such as shadow credentials or resource-based constrained delegation (RBCD), enhancing attack flexibility through the LDAP service targeting domain controllers (DCs).
specterops.io/blog/2025/07/24/escaping-the-confines-of-port-445-ntlm-relay
