Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://chaos.social/users/christopherkunz/statuses/116692326268359320">Dr. Christopher Kunz (christopherkunz@chaos.social)'s status on Thursday, 04-Jun-2026 23:54:07 JST</a><a href="https://chaos.social/@christopherkunz" title="christopherkunz@chaos.social"><img src="https://gnusocial.jp/avatar/230467-48-20240109064907.webp" width="48" height="48" alt="Dr. Christopher Kunz" style="position: absolute; left: 0; top: 0;">Dr. Christopher Kunz</a><div><a href="https://infosec.exchange/@wdormann/116692084819803958" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><p><a href="https://infosec.exchange/@wdormann">@wdormann</a> Of all the writeups, I think I like this one best, especially with it having a human name in the byline: <a href="https://adscanpro.com/blog/patch-diffing-cve-2026-41089-netlogon" rel="nofollow">https://adscanpro.com/blog/patch-diffing-cve-2026-41089-netlogon</a><br>"read advisories carefully before deciding how to allocate research time." made me chuckle.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/6446003#notice-12701390">In conversation</a><time datetime="2026-06-04T23:54:07+09:00" title="Thursday, 04-Jun-2026 23:54:07 JST">about 4 days ago</time> <span>from <span><a href="https://chaos.social/@christopherkunz/116692326268359320" rel="external" title="Sent from chaos.social via ActivityPub">chaos.social</a></span></span><a href="https://chaos.social/@christopherkunz/116692326268359320">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: adscanpro.com</div><h5><a href="https://adscanpro.com/blog/patch-diffing-cve-2026-41089-netlogon">Patch Diffing CVE-2026-41089: Locating the Netlogon Bug in 4 Hours Without a Public PoC</a></h5><div></div></header><div>Walkthrough of how to bindiff a Patch Tuesday Windows CVE end-to-end — from MSU acquisition to function-level bug identification. CVE-2026-41089 (Netlogon pre-auth RCE) as the running example. Methodology, tooling, and the honest limits of trigger development without weeks of exploit engineering.</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Dr. Christopher Kunz (christopherkunz@chaos.social)'s status on Thursday, 04-Jun-2026 23:54:07 JSTDr. Christopher Kunz
in reply to
- Will Dormann
@wdormann Of all the writeups, I think I like this one best, especially with it having a human name in the byline: https://adscanpro.com/blog/patch-diffing-cve-2026-41089-netlogon
"read advisories carefully before deciding how to allocate research time." made me chuckle.
In conversationabout 4 days ago from chaos.socialpermalink
Attachments
1. Domain not in remote thumbnail source whitelist: adscanpro.com
  Patch Diffing CVE-2026-41089: Locating the Netlogon Bug in 4 Hours Without a Public PoC
  Walkthrough of how to bindiff a Patch Tuesday Windows CVE end-to-end — from MSU acquisition to function-level bug identification. CVE-2026-41089 (Netlogon pre-auth RCE) as the running example. Methodology, tooling, and the honest limits of trigger development without weeks of exploit engineering.