From Simulation to Hunting - Using LLMs to Hunt BrowserCore-Based PRT cookies Theft

I began with the hypothesis that BrowserCore.exe could be abused to steal a PRT/session cookie without being detected. I first simulated the flow using the standard toolset and techniques that the ...

Sep 27, 2025 Threat Hunting, Microsoft Defender XDR, BrowserCore.exe Abuse, PRT cookies Theft, KQL, LLM Assisted Hunting

The 401 That Fooled Me - N-Day Review of CVE-2025-49706 in SharePoint

On May 16, 2025, Khoa Dinh (@_l0gg) of Viettel Cyber Security demonstrated a single-request chain from authentication bypass to remote code execution (RCE) in Microsoft SharePoint at Pwn2Own Berlin...

Aug 19, 2025 SharePoint, Exploit Development, Application Security, Patch Diffing, Vulnerability Research, CVE-2025-49706, CVE-2025-49704

When Replicas Go Rogue - A Deep Dive into Cloudflared Replicas Exploitation Scenarios

I’ve been using Cloudflare tunnels for various applications for quite some time. Recently, I noticed a warning box that might have been there all along, but I had never paid attention to it before....

Dec 7, 2024 Cloudflare Security, Cloudflared, AiTM

Deploying CAPEv2 on AWS - A Comprehensive Guide

Introduction CAPEv2, an open-source automated malware analysis system, stands at the forefront of innovative solutions for dissecting and comprehensively understanding malware behavior. Developed...

Feb 25, 2024 Malware Analysis, CAPEv2, Cuckoo

Unauthenticated reconnaissance of AWS account IDs

Why Before diving deep into the methods of AWS account ID enumeration, it’s crucial to understand the importance of this seemingly innocuous piece of information. AWS itself states, “While account...

Oct 6, 2023 AWS Security, Reconnaissance