New and improved TaskHound https://github.com/1r0BIT/TaskHound/releases/tag/v1.1.0

Merry Christmas to everybody, except that dude who works for Elastic, who decided to drop an unauthenticated exploit for MongoDB on Christmas Day, that leaks memory and automates harvesting secrets (e.g. database passwords)

CVE-2025-14847 aka MongoBleed

Exp: https://github.com/joe-desimone/mongobleed/blob/main/mongobleed.py

This one is incredibly widely internet facing and will very likely see mass exploitation and impactful incidents

Impacts every MongoDB version going back a decade.

Shodan dork: product:"MongoDB"

NetExec 1.5.0 released https://github.com/Pennyw0rth/NetExec/releases/tag/v1.5.0

Python and BOF utilites to the determine EPA enforcement levels of popular NTLM relay targets from the offensive perspective https://github.com/zyn3rgy/RelayInformer

GhostLocker: AppLocker-Based EDR Neutralization https://github.com/zero2504/EDR-GhostLocker

TP-Link Tapo C200: Hardcoded Keys, Buffer Overflows and Privacy in the Era of AI Assisted Reverse Engineering https://www.evilsocket.net/2025/12/18/TP-Link-Tapo-C200-Hardcoded-Keys-Buffer-Overflows-and-Privacy-in-the-Era-of-AI-Assisted-Reverse-Engineering/

Apple was very smart to send Ivan Krstić, who's been fighting spyware and exploit makers for years now, to Hexacon, a conference attended by a lot of spyware and exploit makers.

https://www.youtube.com/watch?v=Du8BbJg2Pj4

Windows Session Hijacking via COM https://github.com/3lp4tr0n/SessionHop/

if you want ongoing automatic dumps of in the wild CobaltStrike configs

https://beaconbeagle.com/data/

Today, we’re releasing watchTowr Labs’ @chudypb’s BlackHat .NET research, owning Barracuda, Ivanti and more solutions.

Enjoy the read as Piotr explains a new .NET Framework primitive, used to achieve pre- and post-auth RCE on numerous enterprise appliances.

https://labs.watchtowr.com/soapwn-pwning-net-framework-applications-through-http-client-proxies-and-wsdl/

Maldev Academy Review

https://www.winterknight.net/maldev-academy-review/

Holy Shuck! Weaponizing NTLM Hashes as a Wordlist https://trustedsec.com/blog/holy-shuck-weaponizing-ntlm-hashes-as-a-wordlist

Decrypt Veeam database passwords https://github.com/S3cur3Th1sSh1t/SharpVeeamDecryptor

Post-exploitation tool for compromised Service Principals https://gist.github.com/Non3e/32124476ebe59e1ade006e658bc93205

@winterknight1337 thanks! I'll probably end up buying that one or Malware Analysis and Development training.

@winterknight1337 do you have any recommendations for courses or books to complement it with? I bought Windows Security Internals and Evading EDR books, but still think it won't be enough, because I suck at C.

High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478) https://slcyber.io/research-center/high-fidelity-detection-mechanism-for-rsc-next-js-rce-cve-2025-55182-cve-2025-66478/

EFF 🤝 @nostarch. Support the fight for privacy and free speech online when you grab this @Humble book bundle today! https://www.humblebundle.com/books/hacking-no-starch-books

Conditional Access bypasses https://cloudbrothers.info/en/conditional-access-bypasses/

I wasn't imagining things, Administrator Protection has indeed been pulled for now. https://learn.microsoft.com/en-us/windows/security/application-security/application-control/administrator-protection/?tabs=intune#system-requirements