Manu's Avatar

Manu

@rtfmkiesel.bsky.social

häcker; mkiesel.ch

88 Followers  |  66 Following  |  4 Posts  |  Joined: 06.12.2023  |  1.4698

Latest posts by rtfmkiesel.bsky.social on Bluesky


Post image

John Ostrowski (Compass Security) and Manuel Kiesel (Cyllective AG) worked together on CVE-2025-13154, a Lenovo Vantage LPE. Even after Microsoft closed a known primitive, collaboration led to a working PoC.

blog.compass-security.com/2026/02/from...

#Windows #CVE #SecurityResearch #PrivEsc

10.02.2026 08:33 — 👍 6    🔁 4    💬 0    📌 0

There are probably more vulns to be found, especially in the parts that I did not look at. Passing the torch to all the other researcherz.

09.02.2026 10:59 — 👍 0    🔁 0    💬 0    📌 0
Preview
roll with advantage: hacking lenovo vantage | mkiesel.ch A technical deep dive into the lands of Lenovo Vantage and its add-ins, including tooling to help you hunt for vulnerabilities

First research in a while! Here's my brain dump on reverse-engineering and auditing Lenovo Vantage. In total, I found four (4) vulns. Check out the post and my custom tooling if you're interested.

mkiesel.ch/posts/lenovo...

09.02.2026 10:59 — 👍 2    🔁 1    💬 1    📌 0
Preview
How To Audit Plugin Ecosystems How we audit plugin ecosystems, using (Nextcloud|ownCloud) as an example

🚀 New blog post: How to Audit Plugin Ecosystems 🔧🔥
Our reusable 4‑step method helped us navigate 600+ Nextcloud/ownCloud plugins & find some vulns.

cyllective.com/blog/posts/h...

#CyberSecurity #AppSec #Nextcloud #ownCloud #infosec #pentest #SAST

03.02.2026 13:12 — 👍 2    🔁 2    💬 0    📌 0
Preview
uBlock Origin rules to slim down/minimalize Twitter/X, Bluesky, and Mastodon uBlock Origin rules to slim down/minimalize Twitter/X, Bluesky, and Mastodon - anti_social_media_ublock_rules.txt

Nobody asked for them, but here are my uBlock rules to slim down Twitter/X, Bluesky, and Mastodon. They disable fancy features and make it so that basically there are only the options to post and to view your "following" feed. No more distractions!

gist.github.com/rtfmkiesel/1...

02.02.2026 15:37 — 👍 0    🔁 0    💬 0    📌 0
Post image Post image

We have a collision! Compass Security (@compasssecurity) earned $25,000 USD and 4 Master of Pwn points with the Charging Connector Protocol/Signal Manipulation add‑on against the Grizzl‑E Smart 40A, chaining an authentication bypass (CWE‑306) to remote code execution via CWE‑494. #Pwn2Own #P2OAuto

21.01.2026 06:12 — 👍 2    🔁 1    💬 0    📌 1
Post image Post image

Confirmed! Cyrill Bannwart, Emanuele Barbeno, Yves Bieri, Lukasz D., and Urs Mueller of Compass Security (@compasssecurity) exploited one exposed dangerous method/function bug on the Alpine iLX-F511, winning Round 2 for $10,000 USD and 2 Master of Pwn points. #Pwn2Own #P2OAuto

21.01.2026 04:16 — 👍 3    🔁 5    💬 0    📌 1

co//aboration…ftw! Thanks for the kudos!

17.01.2026 21:05 — 👍 1    🔁 1    💬 0    📌 0

The final stage would not have been possible without John Ostrowski from @compass-security.com thanks for the Swiss infosec collaboration! 🫕🤝

17.01.2026 13:36 — 👍 3    🔁 2    💬 1    📌 0
Preview
Lenovo Vantage LPE/EoP (CVE-2025-13154) A write-up of CVE-2025-13154, a privilege escalation vulnerability in Lenovo Vantage.

🚨 New blog post!

Read about CVE-2025-13154, a privilege-escalation vulnerability in a Lenovo Vantage add-in called SmartPerformance.

cyllective.com/blog/posts/l...

#windows #cve #infosec #pentest

17.01.2026 13:36 — 👍 1    🔁 2    💬 1    📌 1

co//aboration… ftw. Thanks for the Kudos!

16.01.2026 15:03 — 👍 2    🔁 1    💬 0    📌 0
Preview
matelab.ch - The Swiss Mate Index Compare mate-based beverages

🇨🇭 With El Tony's new Mate Zero and Coop's New Prix Garantie Mate, matelab is now at 60 mate-based beverages 🧉

matelab.ch

16.01.2026 08:44 — 👍 0    🔁 0    💬 0    📌 0

@rtfmkiesel is following 20 prominent accounts