Dev Tunnels aren’t “just port forwarding”. They consist of layers of embedded protocols with RPC messages being exchanged. Once you peel the layers, you quickly see how Dev Tunnels are a C2 framework with extra steps.
Read More »
A deep dive into discovering CVE-2025-64755, a vulnerability in Claude Code v2.0.25. This post walks through the process of reversing the obfuscated Claude Code JavaScript, and exploiting weak regex expressions to achieve code execution unprompted.
Read More »
Microsoft will be introducing Administrator Protection into Windows 11, so I wanted to have an understanding of how this technology works and how it interacts with existing offensive tooling. While this technology is just a thin wrapper around a separate account, there are a few nuances such as who is permitted to access these accounts, as well as existing UAC bypasses which are still effective against the new "backdoorless" Administrator Protection. This post explores these nuances in detail.
Read More »
In this post we look at the new Prompt Guard 2 model from Meta, and introduce a concept I've been calling "Tokenization Confusion" which aims to confuse Unigram tokenization into generating tokens which will result in the misclassification of malicious prompts. We'll also look at why building up our ML knowledge will lead to better findings when assessing LLM API’s, as I discovered during a flight across the Atlantic.
Read More »
One of the things that I love about my role at SpecterOps is getting to dig into various technologies and seeing the resulting research being used in real-time. This post will explore one such story of how I was able to go from a simple request of recovering credentials from a database backup, to reverse engineering how SQL Server encryption works, finding some new methods of brute-forcing database encryption keys.. and finally identifying a mistake in ManageEngine’s ADSelfService product which allows encrypted database backups to reveal privileged credentials.
Read More »