How Threat Actors Abuse Remote Management Software for Initial Access
How Threat Actors Abuse Remote Management Software for Initial Access
14.03.2026 23:54
π 0
π 0
π¬ 0
π 0
Detection Pipeline Maturity Model
Detection Pipeline Maturity Model
13.03.2026 20:39
π 0
π 0
π¬ 0
π 0
Malformed ZIP archive that evades antivirus detection by declaring Method=0 (stored) while containing DEFLATE-compressed payload.
Malformed ZIP archive that evades antivirus detection by declaring Method=0 (stored) while containing DEFLATE-compressed payload.
13.03.2026 09:39
π 0
π 1
π¬ 0
π 0
LnkMeMaybe: A .NET 8 toolkit for creating and analysing Windows Shell Link (.lnk) files. Includes a command-line builder (LnkMeMaybe) and a graphical editor (LnkUi).
LnkMeMaybe: A .NET 8 toolkit for creating and analysing Windows Shell Link (.lnk) files. Includes a command-line builder (LnkMeMaybe) and a graphical editor (LnkUi).
12.03.2026 23:39
π 0
π 0
π¬ 0
π 0
Phantom - a project created to perform loading and executing .NET assemblies directly in memory within an IIS environment running in fullβtrust mode.
Phantom - a project created to perform loading and executing .NET assemblies directly in memory within an IIS environment running in fullβtrust mode.
11.03.2026 01:39
π 0
π 0
π¬ 0
π 0
Encrypt/Decrypt payload via Discrete Fourier Transform
Encrypt/Decrypt payload via Discrete Fourier Transform
10.03.2026 07:09
π 0
π 0
π¬ 0
π 0
Proactive Preparation and Hardening Against Destructive Attacks: 2026 Edition
Proactive Preparation and Hardening Against Destructive Attacks: 2026 Edition
09.03.2026 09:54
π 0
π 0
π¬ 0
π 0
The "P" in PAM is for Persistence: Linux Persistence Technique
The "P" in PAM is for Persistence: Linux Persistence Technique
08.03.2026 22:24
π 0
π 0
π¬ 0
π 0
Think before you Click(Fix): Analyzing the ClickFix social engineering technique
Think before you Click(Fix): Analyzing the ClickFix social engineering technique
06.03.2026 20:39
π 0
π 0
π¬ 0
π 0
An ASPX web shell enables execution of Beacon Object Files (BOFs) on a target server using a semi-interactive Python client
An ASPX web shell enables execution of Beacon Object Files (BOFs) on a target server using a semi-interactive Python client
06.03.2026 19:39
π 0
π 0
π¬ 0
π 0
Offensive DPAPI With Nemesis
Offensive DPAPI With Nemesis
04.03.2026 21:24
π 0
π 0
π¬ 0
π 0
Resource: A 6-Step Methodology for Integrating Tabletop Exercises (TTX) and Purple Teaming
Resource: A 6-Step Methodology for Integrating Tabletop Exercises (TTX) and Purple Teaming
03.03.2026 18:39
π 0
π 0
π¬ 0
π 0
What Windows Server 2025 Quietly Did to Your NTLM Relay
What Windows Server 2025 Quietly Did to Your NTLM Relay
02.03.2026 19:24
π 0
π 0
π¬ 0
π 0
Tracking CyberStrikeAI: AI-Native Offensive Tools & MSS Ties
Tracking CyberStrikeAI: AI-Native Offensive Tools & MSS Ties
02.03.2026 19:24
π 0
π 0
π¬ 0
π 0
SentinelOne Intelligence Brief: Iranian Cyber Activity Outlook
SentinelOne Intelligence Brief: Iranian Cyber Activity Outlook
02.03.2026 17:24
π 0
π 0
π¬ 0
π 0
Total Recall - Retracing your steps back to NT Authority System
Total Recall - Retracing your steps back to NT Authority System
27.02.2026 19:24
π 0
π 0
π¬ 0
π 0
A Beacon Object File (BOF) that talks directly to Windows authentication packages through the LSA untrusted/trusted client interface, without touching LSASS process memory
A Beacon Object File (BOF) that talks directly to Windows authentication packages through the LSA untrusted/trusted client interface, without touching LSASS process memory
26.02.2026 09:39
π 0
π 0
π¬ 0
π 0
Abusing Cortex XDR Live Terminal as a C2
Abusing Cortex XDR Live Terminal as a C2
25.02.2026 22:24
π 0
π 0
π¬ 0
π 0
Purple team lab: detecting pre-ransomware discovery activity in Elastic with Sigma using Adaptix C2
Purple team lab: detecting pre-ransomware discovery activity in Elastic with Sigma using Adaptix C2
24.02.2026 22:54
π 0
π 0
π¬ 0
π 0
Demonstrating Windows Defender Evasion via PPL Manipulation
Demonstrating Windows Defender Evasion via PPL Manipulation
24.02.2026 08:54
π 0
π 0
π¬ 0
π 0
Persistence: The Art of Staying In
Persistence: The Art of Staying In
22.02.2026 19:54
π 0
π 0
π¬ 0
π 0
Gaining Initial Access and Outsmarting SmartScreen
Gaining Initial Access and Outsmarting SmartScreen
22.02.2026 17:09
π 0
π 0
π¬ 0
π 0
The Visibility Gap: 5 Purple Team Tests Your EDR is Probably Missing
The Visibility Gap: 5 Purple Team Tests Your EDR is Probably Missing
19.02.2026 19:54
π 0
π 0
π¬ 0
π 0
Red Team Infrastructure The Full Picture: From Domain to Beacon
Red Team Infrastructure The Full Picture: From Domain to Beacon
19.02.2026 17:39
π 0
π 0
π¬ 0
π 0
Weaponize signed .NET ClickOnce applications for initial access by hijacking a dependency DLL via AppDomainManager injection and loading a C# port of ProxyBlob Agent
Weaponize signed .NET ClickOnce applications for initial access by hijacking a dependency DLL via AppDomainManager injection and loading a C# port of ProxyBlob Agent
18.02.2026 08:09
π 0
π 0
π¬ 0
π 0
Bypassing SolidCore by Running EXEs Directly from Memory
Bypassing SolidCore by Running EXEs Directly from Memory
17.02.2026 20:39
π 0
π 0
π¬ 0
π 0
Use 360 ββWFP driver to block EDR/XDR network connection
Use 360 ββWFP driver to block EDR/XDR network connection
16.02.2026 19:39
π 0
π 0
π¬ 0
π 0
Generate DLL proxy/sideload projects. Automatically parses PE export tables and generates ready-to-compile project for red team engagements.
Generate DLL proxy/sideload projects. Automatically parses PE export tables and generates ready-to-compile project for red team engagements.
15.02.2026 16:24
π 0
π 0
π¬ 0
π 0
CERT-EU - Cyber Threat Intelligence Framework
CERT-EU - Cyber Threat Intelligence Framework
14.02.2026 22:54
π 0
π 0
π¬ 0
π 0
Bypassing Administrator Protection by Abusing UI Access
Bypassing Administrator Protection by Abusing UI Access
13.02.2026 15:24
π 0
π 0
π¬ 0
π 0
