🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Thrilled to share our latest deep dive into Windows Kernel Streaming! Just presented this research at offensivecon. Check it out: devco.re/blog/2025/05/1…

Decided to dive into the internals of Volume Shadow Copy (VSS). If you're curious about how the different VSS components work together, check this out: medium.com/@Debugger/insi…

Very proud to announce that the Windows Subsystem for Linux is now open source! blogs.windows.com/windowsdevelop…

😶‍🌫️

Hunting for malicious browser debugging? If the attacker uses the ‘headless’ argument to prevent spawning a new browser windows, it creates a folder \AppData\Local\Temp\HeadlessEdge* or HeadlessChrome*

Just look at my happy face :) So, my speech ended, thank you very much for coming and listening! I hope it was interesting 😇 You can watch my talk “Tricky obfuscation techniques for C2 communication? Just detect them all!” here ➡️ youtube.com/live/ORoYAH960…

Analyzing DOUBLELOADER malware & its use of Alcatraz, an open-source obfuscator! 🚨 Learn how Alcatraz employs control flow flattening, anti-disassembly tricks, and more to evade detection. Dive into our research on de-obfuscating these techniques: go.es.io/4je0AFO

A new Enterprise Security Content Update (ESCU) v5.6.0 is here, and includes: 📖 An analytic story on Fake CAPTCHA #ClickFix Campaigns 📈 A dashboard that correlates Snort intrusion IDs using data from Cisco Secure Firewall and #SplunkSecurity See more: splk.it/43iSlSY

🚀✨ Super pumped to drop ScriptHostTest — your 🔑 to assessing WDAC & AppLocker controls like a boss! 💪🛡️ 👉 Check it out here: github.com/MHaggis/notes/… Why you NEED this tool: • ⚡ Quickly verify if your script execution policies are 🔒 locked down • 🕵️‍♂️ Test multiple script

New Sigma release r2025-05-21 is available for download. 🌟15 New Rules 🛡️47 Rule updates 🔬13 Rule Fixes Explore the full release -> github.com/SigmaHQ/sigma/… This release focused mainly on updates and tunings of older rules, with newer detections covering NimScan, AdFind,

BadSuccessor is a new AD attack primitive that abuses dMSAs, allowing an attacker who can modify or create a dMSA to escalate privileges and take over the forest. Check out Jim Sykora's latest blog post to understand how you can mitigate risk. ghst.ly/4kXTLd9

For Those Who Come After. Clair Obscur: Expedition 33 is a masterpiece.

If you actually want to work in detection. Please make an effort to understand the data sources you are using. It's not EventID==X or CommandLine contains Y, just because you executed malware in your lab and checked the event log. 😭 Here a couple to think about - Understand

Time to bring back the old OST debate. 2020 is so back 😂

Finally got around playing some Metaphor: ReFantazio this weekend, and discovered this banger. HOLY youtube.com/watch?v=SjIJfw…

What a PHENOMENAL week on LinkedIn! Started with a 10-mile run (for the grindset), a round of golf (networking, obviously), and a SUPER FUN meeting with some guy whose job title is just “Evangelist.” We had a GREAT time hosting absolutely nobody, but we learned so much from the

"Real Time Detection & Response" - Something happens on the system a log gets generated. (fraction of milliseconds are lost) - An local engine matches on it and generate something to send (a couple more milliseconds / seconds are lost) - Time to send that thing to the other

Which Windows kernel subsystem has the largest size? Each of them consists of a set of functions whose names start with predefined prefixes. By writing the necessary scripts for Ghidra or IDA, we can calculate the size of each of them and find out. aibaranov.github.io/kernlsubsys/

You actually don't need 100% coverage of MITRE ATT&CK What you actually need is to maximize prevention, minimize response time and prioritize coverage of your known attack paths.

It's a misconception that FPs are always bad. They're actually super bad if you're building a detection that aims to alert on a match and immediate action has to be taken, but you'll have to learn that there are many types of detections and detection outcomes. A detection, AKA