Netcrook
Research, Exploits & Offensive Security
The Quiet Failure That Turns Software Into an Attack Surface
When testing stops at “does it work,” hidden flaws, risky dependencies, and weak controls can survive into production and raise the odds of breach, downtime, and expensive emergency fixes.
When Leaked Code Meets AI Agents, the Attack Surface Starts Thinking Back
A security roundup this week points to a sharper problem than ordinary malware noise: offensive code leaks, agent-targeted phishing, and workflow automation that can be pushed toward the wrong action.
A Recovery Path, Not a Broken Cipher: The GreatXML BitLocker Bypass That Targets Windows Trust
A reported proof-of-concept turns Microsoft’s recovery machinery into the security story, showing how a trusted maintenance path may matter as much as the encryption it protects.
npm’s Next Lockdown: GitHub Pushes Install-Time Trust Behind an Approval Gate
A coming npm release is set to tighten package-install behavior, turning a long-standing code-execution shortcut into a reviewed security decision.
Public PoC Turns an ARM64 Kernel Boundary Bug Into a Cloud-Grade Alarm
A newly public proof-of-concept around CVE-2026-46316 puts a sharp spotlight on Linux virtualization code that sits between a guest VM and the host kernel.
When Repeated Pentests Start Looking Too Polished
A webinar tied to Picus Security spotlights a familiar trap in defensive testing: when automated pentest runs keep looking stable, teams may mistake fewer findings for lower risk.
When the Guard Dog Trips: A Reported Defender PoC and the SYSTEM Boundary
A proof-of-concept tied to Microsoft Defender is said to hinge on a race condition, a reminder that security software itself can become the most valuable target on a Windows machine.
When the Guard Dog Trips: A Defender Bug Raises the Cost of Trust
A publicly released proof-of-concept tied to Windows Defender shows why a flaw inside a security product can matter as much as the malware it is meant to stop.
When the Shield Becomes the Ladder: A Defender Flaw That Could Climb to SYSTEM
A newly disclosed Microsoft Defender zero-day underscores a familiar Windows danger: a security component running with high trust can become the shortest path from user space to full machine control.
A Worm With a Local Brain Changes the Malware Playbook
A University of Toronto proof-of-concept shows how a self-replicating worm can use a locally hosted open-weight model to choose its next move without human intervention.
When a Web Page Learns From SSD Timing
A browser tab can infer which sites are visited and which apps are opened by watching subtle storage delays, without native code, extensions, or a permission prompt.
Machine-Speed Bug Hunting Is Stress-Testing the Economics of Disclosure
A discussion around Anthropic's Mythos points to a harder future for bug bounty programs: not just more findings, but a disclosure pipeline that has to keep pace with them.
The Contest That Makes Readability the Hardest Problem
The 2025 Obfuscated C Code Contest turns deliberate confusion into a programming sport, and that is exactly why security teams should care.
When Ordinary Findings Become a Dangerous Chain
A discussion of “Mythos” points to a familiar but escalating problem in security: many low-level findings can become far more serious when they are linked together.
When a Cable Becomes a Trust Test
WireBadger turns a mundane connector into a reminder that USB convenience can also be a security blind spot for testers and defenders alike.
Old IE Plumbing Still Has Teeth Inside Windows Desktop Apps
Legacy WebBrowser and Trident components can still turn a routine click into remote code execution when old rendering paths remain embedded in Windows software.
Windows QoS Turns Into an EDR Blind Spot
A newly disclosed red-team tool shows how a built-in policy feature can be repurposed to interfere with endpoint security visibility, without touching the usual tampering points.
When Network Policy Turns Into a Blindfold for EDR
A reported red-team tool shows how Windows QoS controls can be bent into a quiet denial tactic that may starve cloud-connected EDR of the traffic it needs to stay in sync.
AI Found 21 FFmpeg Bugs as Chrome Pushed an Unusually Heavy Security Release
The week’s headline numbers point to the same pressure point: software that ingests untrusted data is getting harder to secure, and automation is only making the review queue longer.
AI Worms Are Moving Into the Gray Zone Between Automation and Abuse
Proof-of-concept AI-powered worms suggest how LLMs may be used to automate parts of malware reasoning while targeting Linux, Windows, and IoT devices and misusing compute resources.