Lol Tesla gave me a CVE. For some reason I never thought of them having CVEs. But I guess it makes sense.

Can we eliminate the C2 server entirely and create truly autonomous malware? On the Dreadnode blog, Principal Security Researcher Max Harley details how we developed an entirely local, C2-less malware that can autonomously discover and exploit one type of privilege escalation

Trust Issues – Attacking Trust in Active Directory TLDR; this blog covers attack chains abusing Trust account TDO in One-Way Outbound & Bidirectional Trusts. What the TDO can/can't do and Compromise shura.lab via shared CA trust in kapla.lab lorenzomeacci.com/trust-issues-a…

Credential Guard was supposed to end credential dumping. It didn't. Valdemar Carøe just dropped a new blog post detailing techniques for extracting credentials on fully patched Windows 11 & Server 2025 with modern protections enabled. Read for more ⤵️ ghst.ly/4qtl2rm

Even with patches provided with bug reports, AI makes too much human work in prioritizing & testing. Commercial closed source faces similar bottlenecks & diminishing security returns. Vuln handling can’t keep up even if using AI validation. Security is being DoSed by AI right now

I think that AI is cool, but it's supplemental still. Not a replacement yet. Watching these AI pentests run by non SME is a time and money suck. Only use AI on stuff you can validate people.

ShareHound: An OpenGraph Collector for Network Shares - Rémi GASCOU (Podalirius) specterops.io/blog/2025/10/3…

We know that Microsoft improved the overall printing security in 2025, now using DCE/RPC for callback, you can force NTLM local auth and reflect back machine auth even without CredMarshalTargetInfo() trick 😇

Matt Creel [Tool] github.com/zyn3rgy/RelayI… [Blog] specterops.io/blog/2025/11/2…