Analyzing the unsafe chroot behavior of sudo CVE-2025-32463 | Sky Blueteam
A story of a bee, a sandwich and a crab
π New blog post at skyblue.team/posts/unsafe...
At Airbus CERT, we worked on the sudo CVE-2025-32463 to create detection and hunting rules.
Based on the underlying vulnerability, we developed an eBPF based tool to monitor unsafe chroot behavior regarding NSS reloading.
github.com/airbus-cert/...
04.11.2025 15:30
π 1
π 1
π¬ 0
π 0
GitHub - airbus-cert/minusone: Powershell Linter
Powershell Linter. Contribute to airbus-cert/minusone development by creating an account on GitHub.
New release of minusone (v0.4.0) with a lot of new deobfuscation pattern : github.com/airbus-cert/...
π¨Online version : minusone.skyblue.team π¨
#powershell #deobfuscation
30.07.2025 07:12
π 2
π 1
π¬ 0
π 0
Ever dreamt of parsing the $I3O INDX files from a 80GB drive in under 10 seconds? β±οΈ
Dream no more β¨ Courtesy of @eeriedusk.bsky.social and #RustLang π¦π¦π¦
#DFIR #Forensics
25.06.2025 12:09
π 2
π 0
π¬ 0
π 0
