Manu

cc @adfichter.bsky.social Nix Neues, einfach eine schöne Darstellung der unschönen Daten

MXmap — Email Providers of Swiss Municipalities Interactive map showing where Swiss municipalities host their official email. DNS analysis of all ~2,100 municipalities, color-coded by provider.

ok, that's a cool map :)

mxmap.ch

Vulnerabilities in Lenovo Vantage A write-up of CVE-2025-13154, CVE-2026-1715, CVE-2026-1716, and CVE-2026-1717

Lenovo released all patches for the #Lenovo #Vantage #vulnerabilities, which we've reported earlier this year.
Our blog now includes the full write‑ups for CVE-2025-13154, CVE-2026-1715, CVE-2026-1716, and CVE-2026-1717.
🔗 cyllective.com/blog/posts/l...

Thought I'd sahre the Swiss Cyber Security starter pack again.

Am I missing somebody?

go.bsky.app/4xD359p

John Ostrowski (Compass Security) and Manuel Kiesel (Cyllective AG) worked together on CVE-2025-13154, a Lenovo Vantage LPE. Even after Microsoft closed a known primitive, collaboration led to a working PoC.

blog.compass-security.com/2026/02/from...

#Windows #CVE #SecurityResearch #PrivEsc

There are probably more vulns to be found, especially in the parts that I did not look at. Passing the torch to all the other researcherz.

roll with advantage: hacking lenovo vantage | mkiesel.ch A technical deep dive into the lands of Lenovo Vantage and its add-ins, including tooling to help you hunt for vulnerabilities

First research in a while! Here's my brain dump on reverse-engineering and auditing Lenovo Vantage. In total, I found four (4) vulns. Check out the post and my custom tooling if you're interested.

mkiesel.ch/posts/lenovo...

How To Audit Plugin Ecosystems How we audit plugin ecosystems, using (Nextcloud|ownCloud) as an example

🚀 New blog post: How to Audit Plugin Ecosystems 🔧🔥
Our reusable 4‑step method helped us navigate 600+ Nextcloud/ownCloud plugins & find some vulns.

cyllective.com/blog/posts/h...

#CyberSecurity #AppSec #Nextcloud #ownCloud #infosec #pentest #SAST

uBlock Origin rules to slim down/minimalize Twitter/X, Bluesky, and Mastodon uBlock Origin rules to slim down/minimalize Twitter/X, Bluesky, and Mastodon - anti_social_media_ublock_rules.txt

Nobody asked for them, but here are my uBlock rules to slim down Twitter/X, Bluesky, and Mastodon. They disable fancy features and make it so that basically there are only the options to post and to view your "following" feed. No more distractions!

gist.github.com/rtfmkiesel/1...

We have a collision! Compass Security (@compasssecurity) earned $25,000 USD and 4 Master of Pwn points with the Charging Connector Protocol/Signal Manipulation add‑on against the Grizzl‑E Smart 40A, chaining an authentication bypass (CWE‑306) to remote code execution via CWE‑494. #Pwn2Own #P2OAuto

Confirmed! Cyrill Bannwart, Emanuele Barbeno, Yves Bieri, Lukasz D., and Urs Mueller of Compass Security (@compasssecurity) exploited one exposed dangerous method/function bug on the Alpine iLX-F511, winning Round 2 for $10,000 USD and 2 Master of Pwn points. #Pwn2Own #P2OAuto

co//aboration…ftw! Thanks for the kudos!

The final stage would not have been possible without John Ostrowski from @compass-security.com thanks for the Swiss infosec collaboration! 🫕🤝

Lenovo Vantage LPE/EoP (CVE-2025-13154) A write-up of CVE-2025-13154, a privilege escalation vulnerability in Lenovo Vantage.

🚨 New blog post!

Read about CVE-2025-13154, a privilege-escalation vulnerability in a Lenovo Vantage add-in called SmartPerformance.

cyllective.com/blog/posts/l...

#windows #cve #infosec #pentest

co//aboration… ftw. Thanks for the Kudos!

matelab.ch - The Swiss Mate Index Compare mate-based beverages

🇨🇭 With El Tony's new Mate Zero and Coop's New Prix Garantie Mate, matelab is now at 60 mate-based beverages 🧉

matelab.ch