- My Forums
- Tiger Rant
- LSU Recruiting
- SEC Rant
- Saints Talk
- Pelicans Talk
- More Sports Board
- Fantasy Sports
- Golf Board
- Soccer Board
- O-T Lounge
- Tech Board
- Home/Garden Board
- Outdoor Board
- Health/Fitness Board
- Movie/TV Board
- Book Board
- Music Board
- Political Talk
- Money Talk
- Fark Board
- Gaming Board
- Travel Board
- Food/Drink Board
- Ticket Exchange
- TD Help Board
Customize My Forums- View All Forums
- Show Left Links
- Topic Sort Options
- Trending Topics
- Recent Topics
- Active Topics
Started By
Message
Microsoft vs Nightmare Eclipse
Posted on 5/29/26 at 10:01 pm
Posted on 5/29/26 at 10:01 pm
July 14th could be fun. Couldn't happen to a better company.
https://www.theregister.com/security/2026/05/28/microsoft-0-day-feud-escalates-as-researcher-threatens-another-windows-exploit-dump/5248085
The person's blog
https://deadeclipse666.blogspot.com/
quote:
Disgruntled 0-day hunter 'humiliated' by Microsoft pledges 'bone shattering drop' as Redmond calls cops
The ongoing saga of Microsoft versus Nightmare Eclipse (aka Chaotic Eclipse), the disgruntled bug hunter with a deep understanding of Windows and an even deeper grudge against Microsoft, reached a fever pitch, with the researcher, who has thus far released six Windows zero-days, promising a “bone shattering” drop on July 14.
Microsoft, for its part, finally responded to the security researcher and their weaponized Windows flaws with a blog post on (un)coordinated vulnerability disclosure about the now-public bugs: RedSun, UnDefend, BlueHammer, YellowKey, GreenPlasma, and MiniPlasma. Redmond says that none of these were reported via its official channels prior to being made public.
Attackers began hammering three of the six - BlueHammer, RedSun, and UnDefend - soon after Nightmare published working proof-of-concept exploit code for each on now-banned GitHub (owned by Microsoft) and GitLab accounts.
https://www.theregister.com/security/2026/05/28/microsoft-0-day-feud-escalates-as-researcher-threatens-another-windows-exploit-dump/5248085
The person's blog
https://deadeclipse666.blogspot.com/
2
Posted on 5/30/26 at 10:53 am to wheelr
I heard about this, as I work for the competition. I know several people who work at Microsoft, where this is not only a major security breach, the researcher has publicly leaked six unpatched Windows zero-day vulnerabilities, complete with weaponized exploit code, which could ultimately bring Windows down.
Forensically, the only realistic "hail Mary" Microsoft has to catch the researcher is to audit if they ever tried to cash out a bug bounty from Microsoft in the past, or used cryptocurrency to buy domain names, hosting, or VPN services for their leaks. Ultimately, Microsoft could follow the blockchain. Microsoft would have to utilize highly sophisticated obfuscation methods, crypto exchanges which require know-your-Customer/ID verification.
More than likely Chaotic Eclipse is operating from a country that does not extradite to the US or cooperate with Western law enforcement such as Russia, China, or Iran, they may never be physically arrested, even if the FBI figures out exactly who they are. Guaranteed, Chaotic Eclipse is way ahead of ever being caught.
Forensically, the only realistic "hail Mary" Microsoft has to catch the researcher is to audit if they ever tried to cash out a bug bounty from Microsoft in the past, or used cryptocurrency to buy domain names, hosting, or VPN services for their leaks. Ultimately, Microsoft could follow the blockchain. Microsoft would have to utilize highly sophisticated obfuscation methods, crypto exchanges which require know-your-Customer/ID verification.
More than likely Chaotic Eclipse is operating from a country that does not extradite to the US or cooperate with Western law enforcement such as Russia, China, or Iran, they may never be physically arrested, even if the FBI figures out exactly who they are. Guaranteed, Chaotic Eclipse is way ahead of ever being caught.
Posted on 5/30/26 at 1:03 pm to Breauxsif
Yeah MS better hope for that hail mary As far as I know freely and publicly pointing out a bug in someone's software is not a crime.
Posted on 5/30/26 at 6:28 pm to wheelr
If Microsoft would stop being such shite bags about their bug bounty program. I personally know a few people that have submitted valid bugs. Instead of getting their money, Microsoft tried to get away with sending them socks and t-shirts. They had to threaten legal action before Microsoft finally paid.
This post was edited on 5/30/26 at 8:18 pm
Posted on 5/30/26 at 8:08 pm to Breauxsif
Microsoft has bigger issues than chasing the guy.
Looking at that blue hammer link, all they did was flag the POC signature, they're not checking for what it does, and all those pieces by themselves are working by design in windows.
Looking at that blue hammer link, all they did was flag the POC signature, they're not checking for what it does, and all those pieces by themselves are working by design in windows.
Posted on 6/3/26 at 12:10 am to GetMeOutOfHere
After bans and threatening legal action they backed down. They were catching a lot of shite on popular tech forums where they already have a terrible reputation.
eta full thread
https://nitter.net/msftsecresponse/status/2061293718942908925#m
Loading Twitter/X Embed...
If tweet fails to load, click here. eta full thread
https://nitter.net/msftsecresponse/status/2061293718942908925#m
This post was edited on 6/3/26 at 12:14 am
Posted on 6/3/26 at 10:32 am to wheelr
You can view the Nightmare Eclipse source code via underground channels, after the account was banned by Github and Gitlab. The source code is not highly complex, foundational malware from scratch, instead they wrote exploit scripts and automation tools primarily using the PowerShell CLI and C++ designed to abuse native Windows administrative features and misconfigurations.
They utilized the NT AUTHORITY\SYSTEM script. The script targeted known but unpatched logic flaws in the Windows kernel and subsystem communication. Moreover, the code would trick the operating system into executing a command or spawning a new command prompt under the context of a privileged system service rather than the limited user account.
Nightmare Eclipse utilized additional scripts in C++ to Windows Defender’s own CLI interface to effectively blind the antivirus, allowing any subsequent malware to run completely undetected.
The Powershell and C++ code is not overly complex from a logic standpoint, instead the reliability and automation of the scripts were well written from an execution standpoint. The code was written so cleanly that threat actors didn't need to tweak it; you could simply download the scripts from the public repositories and immediately embed them into automated ransomware deployment chains.
They utilized the NT AUTHORITY\SYSTEM script. The script targeted known but unpatched logic flaws in the Windows kernel and subsystem communication. Moreover, the code would trick the operating system into executing a command or spawning a new command prompt under the context of a privileged system service rather than the limited user account.
Nightmare Eclipse utilized additional scripts in C++ to Windows Defender’s own CLI interface to effectively blind the antivirus, allowing any subsequent malware to run completely undetected.
The Powershell and C++ code is not overly complex from a logic standpoint, instead the reliability and automation of the scripts were well written from an execution standpoint. The code was written so cleanly that threat actors didn't need to tweak it; you could simply download the scripts from the public repositories and immediately embed them into automated ransomware deployment chains.
Page 1 of 1
Popular
Back to top
Follow TigerDroppings for LSU Football News