Operation RoundPress targeting high-value webmail servers
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
Improving AFD Socket Visibility for Windows Forensics & Troubleshooting
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
Expression Payloads Meet Mayhem - Ivanti EPMM Unauth RCE Chain (CVE-2025-4427 and CVE-2025-4428)
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
AUTHENTIC ANTICS: Highly targeted credential and OAuth 2.0 token stealing malware targeting Outlook.
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
SP 800-81 Rev. 3, Secure Domain Name System (DNS) Deployment Guide - NIST SP 800-81 Rev. 3 (Initial Public Draft) - Comments Due: May 26, 2025
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
Redefining IABs: Impacts of compartmentalization on threat tracking and modeling
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
Exposing DPRK's Cyber Syndicate and Hidden IT Workforce
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
From the World of “Hacker X Files” to the Whitewashed Business Sphere
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
Open-source toolset of an Ivanti CSA attacker
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
Earth Ammit Disrupts Drone Supply Chains Through Coordinated Multi-Wave Attacks in Taiwan
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
The myth of the genius hacker
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
Manticore: A cross platform library to write offensive and defensive security tools in Go
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
Bypassing BitLocker Encryption: Bitpixie PoC and WinPE Edition
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
CVE-2025-2082: 0-click RCE on Tesla Model 3 through TPMS Sensors
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
VMSA-2025-0007: VMware Tools update addresses an insecure file handling vulnerability (CVE-2025-22247) - "A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM"
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
IntuneRBAC: A comprehensive PowerShell-based tool for managing and auditing Role-Based Access Control (RBAC) in Microsoft Intune. This tool provides detailed insights into your Intune RBAC configuration, including role assignments, scope tags, and permissions.
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
PowerDodder: a post-exploitation persistence utility designed to stealthily embed execution commands into existing script files on the host. By leveraging files that are frequently accessed but rarely modified, it targets high-likelihood execution vectors with minimal detection risk.
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
View and manage cases across multiple tenants in the Microsoft Defender multitenant portal - Microsoft's unified security operations platform
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
Analysis of APT37 Attack Case Disguised as a Think Tank for National Security Strategy in South Korea (Operation. ToyBox Story)
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
Swan Vector APT: Targeting Taiwan & Japan with DLL Implants
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
Unpacking PyInstaller Malware on macOS
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
Marbled Dust leverages zero-day in Output Messenger for regional espionage - "Marbled Dust targets entities in Europe and the Middle East, particularly government institutions and organizations that likely represent counter interests to the Turkish government, as well as targets in the teleco sector
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
Chrome App-Bound Encryption (ABE) - Technical Deep Dive & Research Notes
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
One-Click RCE in ASUS’s Preinstalled Driver Software
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
DIVD-2025-00005 - Exposed Automated Tank Gauge Systems - "We’ve observed real-world incidents of attackers changing tank information, performing reconnaissance, and even launching DoS attacks against these systems. "
We focus on technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates and have awareness of the world.
