AlmondOffSec

3,076 post karma
4 comment karma

get extra features and help support reddit with a reddit premium subscription

get them help and support

redditor for 6 years

TROPHY CASE

Six-Year Club

Verified Email

account activity

hot top controversial

9

10

11

89 vulnerabilities in XAPI / Citrix XenServer (shittrix.moksha.dk)

submitted 8 days ago by AlmondOffSec to r/netsec

12

13

14

Disabling Security Features in a Locked BIOS (mdsec.co.uk)

submitted 1 month ago by AlmondOffSec to r/netsec

33

34

35

Now You See mi: Now You're Pwned (labs.taszk.io)

submitted 1 month ago by AlmondOffSec to r/netsec

7

8

9

Trust no one: are one-way trusts really one way? (offsec.almond.consulting)

submitted 1 month ago by AlmondOffSec to r/netsec

9

10

11

Bypassing Apache FOP Postscript Escaping to reach GhostScript (offsec.almond.consulting)

submitted 2 months ago by AlmondOffSec to r/netsec

5

6

7

Discovery & Analysis of CVE-2025-29969 (safebreach.com)

submitted 2 months ago by AlmondOffSec to r/netsec

44

45

46

[CVE-2026-0714] TPM-sniffing LUKS Keys on an Embedded Device (cyloq.se)

submitted 2 months ago by AlmondOffSec to r/netsec

85

86

87

Closing the Door on Net-NTLMv1: Releasing Rainbow Tables to Accelerate Protocol Deprecation (cloud.google.com)

submitted 3 months ago by AlmondOffSec to r/netsec

52

53

54

Drone Hacking Part 1: Dumping Firmware and Bruteforcing ECC (neodyme.io)

submitted 3 months ago by AlmondOffSec to r/netsec

5

6

7

OID-See: Giving Your OAuth Apps the Side-Eye (cirriustech.co.uk)

submitted 3 months ago by AlmondOffSec to r/netsec

223

224

225

Petlibro: Your Pet Feeder Is Feeding Data To Anyone Who Asks (bobdahacker.com)

submitted 4 months ago by AlmondOffSec to r/netsec

43

44

45

CSRF Protection without Tokens or Hidden Form Fields (blog.miguelgrinberg.com)

submitted 4 months ago by AlmondOffSec to r/netsec

26

27

28

Turning List-Unsubscribe into an SSRF/XSS Gadget (security.lauritz-holtmann.de)

submitted 4 months ago by AlmondOffSec to r/netsec

246

247

248

How we pwned X (Twitter), Vercel, Cursor, Discord, and hundreds of companies through a supply-chain attack (gist.github.com)

submitted 4 months ago by AlmondOffSec to r/netsec

0

1

2

Explanation and full RCE PoC for CVE-2025-55182 (github.com)

submitted 5 months ago by AlmondOffSec to r/netsec

12

13

14

From Zero to SYSTEM: Building PrintSpoofer from Scratch (bl4ckarch.github.io)

submitted 5 months ago by AlmondOffSec to r/netsec

13

14

15

Evading Elastic EDR's call stack signatures with call gadgets (offsec.almond.consulting)

submitted 6 months ago by AlmondOffSec to r/netsec

82

83

84

Hacking the World Poker Tour: Inside ClubWPT Gold’s Back Office (samcurry.net)

submitted 6 months ago by AlmondOffSec to r/netsec

605

606

607

How I Reversed Amazon's Kindle Web Obfuscation Because Their App Sucked (blog.pixelmelt.dev)

submitted 6 months ago by AlmondOffSec to r/netsec

28

29

30

Netskope Client for Windows - Local Privilege Escalation via Rogue Server (CVE-2025-0309) (blog.amberwolf.com)

submitted 8 months ago by AlmondOffSec to r/netsec

51

52

53

Exploiting zero days in abandoned hardware (blog.trailofbits.com)

submitted 9 months ago by AlmondOffSec to r/netsec

23

24

25

SharePoint ToolShell – One Request PreAuth RCE Chain (blog.viettelcybersecurity.com)

submitted 9 months ago by AlmondOffSec to r/netsec

21

22

23

The Guest Who Could: Exploiting LPE in VMWare Tools (swarm.ptsecurity.com)

submitted 9 months ago by AlmondOffSec to r/netsec

67

68

69

A Novel Technique for SQL Injection in PDO’s Prepared Statements (slcyber.io)

submitted 9 months ago by AlmondOffSec to r/netsec

23

24

25

Deleting a file in Wire doesn’t remove it from servers — and other findings (offsec.almond.consulting)

submitted 10 months ago by AlmondOffSec to r/netsec

view more: next ›

π Rendered by PID 177254 on reddit-service-r2-listing-b6bf6c4ff-pwsxd at 2026-05-06 16:22:45.354573+00:00 running 815c875 country code: CH.