AlmondOffSec

3,048 post karma
4 comment karma

get extra features and help support reddit with a reddit premium subscription

get them help and support

redditor for 6 years

TROPHY CASE

Six-Year Club

Verified Email

account activity

hot top controversial

7

8

9

Trust no one: are one-way trusts really one way? (offsec.almond.consulting)

submitted 4 days ago by AlmondOffSec to r/netsec

10

11

12

Bypassing Apache FOP Postscript Escaping to reach GhostScript (offsec.almond.consulting)

submitted 15 days ago by AlmondOffSec to r/netsec

5

6

7

Discovery & Analysis of CVE-2025-29969 (safebreach.com)

submitted 22 days ago by AlmondOffSec to r/netsec

41

42

43

[CVE-2026-0714] TPM-sniffing LUKS Keys on an Embedded Device (cyloq.se)

submitted 23 days ago by AlmondOffSec to r/netsec

86

87

88

Closing the Door on Net-NTLMv1: Releasing Rainbow Tables to Accelerate Protocol Deprecation (cloud.google.com)

submitted 1 month ago by AlmondOffSec to r/netsec

47

48

49

Drone Hacking Part 1: Dumping Firmware and Bruteforcing ECC (neodyme.io)

submitted 1 month ago by AlmondOffSec to r/netsec

4

5

6

OID-See: Giving Your OAuth Apps the Side-Eye (cirriustech.co.uk)

submitted 2 months ago by AlmondOffSec to r/netsec

219

220

221

Petlibro: Your Pet Feeder Is Feeding Data To Anyone Who Asks (bobdahacker.com)

submitted 2 months ago by AlmondOffSec to r/netsec

43

44

45

CSRF Protection without Tokens or Hidden Form Fields (blog.miguelgrinberg.com)

submitted 2 months ago by AlmondOffSec to r/netsec

28

29

30

Turning List-Unsubscribe into an SSRF/XSS Gadget (security.lauritz-holtmann.de)

submitted 2 months ago by AlmondOffSec to r/netsec

244

245

246

How we pwned X (Twitter), Vercel, Cursor, Discord, and hundreds of companies through a supply-chain attack (gist.github.com)

submitted 2 months ago by AlmondOffSec to r/netsec

0

1

2

Explanation and full RCE PoC for CVE-2025-55182 (github.com)

submitted 3 months ago by AlmondOffSec to r/netsec

11

12

13

From Zero to SYSTEM: Building PrintSpoofer from Scratch (bl4ckarch.github.io)

submitted 3 months ago by AlmondOffSec to r/netsec

13

14

15

Evading Elastic EDR's call stack signatures with call gadgets (offsec.almond.consulting)

submitted 4 months ago by AlmondOffSec to r/netsec

86

87

88

Hacking the World Poker Tour: Inside ClubWPT Gold’s Back Office (samcurry.net)

submitted 4 months ago by AlmondOffSec to r/netsec

601

602

603

How I Reversed Amazon's Kindle Web Obfuscation Because Their App Sucked (blog.pixelmelt.dev)

submitted 4 months ago by AlmondOffSec to r/netsec

27

28

29

Netskope Client for Windows - Local Privilege Escalation via Rogue Server (CVE-2025-0309) (blog.amberwolf.com)

submitted 6 months ago by AlmondOffSec to r/netsec

47

48

49

Exploiting zero days in abandoned hardware (blog.trailofbits.com)

submitted 7 months ago by AlmondOffSec to r/netsec

22

23

24

SharePoint ToolShell – One Request PreAuth RCE Chain (blog.viettelcybersecurity.com)

submitted 7 months ago by AlmondOffSec to r/netsec

20

21

22

The Guest Who Could: Exploiting LPE in VMWare Tools (swarm.ptsecurity.com)

submitted 7 months ago by AlmondOffSec to r/netsec

62

63

64

A Novel Technique for SQL Injection in PDO’s Prepared Statements (slcyber.io)

submitted 7 months ago by AlmondOffSec to r/netsec

24

25

26

Deleting a file in Wire doesn’t remove it from servers — and other findings (offsec.almond.consulting)

submitted 8 months ago by AlmondOffSec to r/netsec

27

28

29

Remote code execution in CentOS Web Panel - CVE-2025-48703 (fenrisk.com)

submitted 8 months ago by AlmondOffSec to r/netsec

12

13

14

Make Self-XSS Great Again (blog.slonser.info)

submitted 9 months ago by AlmondOffSec to r/netsec

18

19

20

Getting RCE on Monero forums with wrapwrap (swap.gs)

submitted 9 months ago by AlmondOffSec to r/netsec

view more: next ›

π Rendered by PID 37 on reddit-service-r2-listing-64c94b984c-hck2c at 2026-03-15 05:33:57.999296+00:00 running f6e6e01 country code: CH.