Exploitation
Exploiting Stuff
CVE-2026-34910
A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection. https://github.com/gadievron/raptor
Synology DSM 7.3.2
Chaining three issues to gain root from a low privileged user.
CVE-2025-37186 HP
The HP Aruba VIA VPN client for Linux contains a local privilege escalation vulnerability that allows any unprivileged local user to gain root access. - CVE-2025-37186 - Another Scalp for Raptor
Ghosted.
Ghosted Domains coming to haunt you, one more check for your scanners, vendor assurance, OSINT, Supply chain, Appsec and all the rest of that good stuff.
Files, Folders & Fun (revisited)
Playing with folder resolution to build a better pretext
Identity Inheritance via expired domains
I wonder if any of these leaked email address domains are expired, and I wonder if I can buy them and inherit the identities associated with them via password resets
'ExpLoading'
If you have ever dismissed a search order binary plant attack because the folder from where it takes place doesn’t allow for writes without elevation?
Active Directory Network Agents and not-good deployments
That’s a Nice Palo-Alto Firewall Forescout Active Directory Integrated Network Appliance you have ther