Ioannis Stais

someone built an OPENSOURCE MILITARY RADAR that tracks multiple targets up to 20km away its called AERIS-10, full github repo schematics, PCB layouts, FPGA code, python GUI, everything under MIT license commercial phased array radar starts at $250,000. military surplus is $10,000-50,000 but its decades old analog junk with no electronic beam steering this does electronic beam steering at 10.5GHz, pulse compression, doppler processing, multi-target tracking on a real time map two versions: 3km range with patch antenna array, 20km range with 32x16 slotted waveguide array and GaN AMPLIFIERS custom frequency synthesizer, 16 front-end chips, FPGA doing all signal processing, GPS and IMU for ACCURATE target coordinates when the platform moves all gerber files included so you can order the PCBs and build it yourself one person built what defense contractors charge a quarter MILLION for and open sourced it

Can LNK files ever be trusted? ⚡ My latest blog post demonstrates several new LNK abuse methods, allowing you to fully spoof the target shown in Explorer. It also introduces tools to create your own LNKs, and detected spoofed ones yourself. 🐬 wietzebeukema.nl/blog/trust-me-…

That's a helpful blog post about the React / Next.js vulnerabilities slcyber.io/research-cente… Contains a react-scanner github.com/assetnote/reac… by @SLCyberSec

Ukrainian EW expert Serhii “Flash” says that this many cables are now required to connect jamming modules to antennas for one effective FPV jammer. Russian control frequencies cover such a broad range now, and stretching the module frequency range decreases protection. 1/

Good news: EDR-Redir "bind" mode now can work with Windows 10 🤓 github.com/TwoSevenOneT/E…

Google research created a dataset with rainbow tables for NetNTLMv1 with the 1122334455667788 challenge. research.google/resources/data… Dataset is available for download at: ▪️console.cloud.google.com/storage/browse… [Login required] ▪️gs://net-ntlmv1-tables

The Russians claim to have developed a system of a fiber optic FPV connected to a radio repeater drone. The two fly together to the maximum range of the repeater, and the fiber FPV then continues on allowing particularly deep strikes.

Review the membership of groups for accounts and groups from another Active Directory forest. These are called "Foreign Security Principals" (FSPs) like the ones highlighted in the image. These FSPs are accounts that exist in another forest but have rights in the AD forest. Any FSPs should be scrutinized and removed if not required. It's important to review and strictly control these since they may be highly privileged. In this example, compromise of another AD forest (TRDNET) would result in compromise of the current AD forest (trd.com). PowerShell script to scan privileged groups for FSPs: github.com/PyroTek3/Misc/… #ActiveDirectorySecurityTip

Every day Zoom.exe is re-started from the %AppDir% through a scheduled task it seems, making this an excellent persistence mechanism for side-loading.

🔒 Secure Bits 💡 Did you know 𝘆𝗼𝘂 𝗰𝗮𝗻 𝗵𝗶𝗱𝗲 𝗗𝗼𝗺𝗮𝗶𝗻 𝗔𝗱𝗺𝗶𝗻𝘀 from standard discovery—even from other admins? Active Directory is a “𝗿𝗲𝗮𝗱-𝗺𝗮𝗻𝘆” 𝗱𝗶𝗿𝗲𝗰𝘁𝗼𝗿𝘆 by design. But 𝗟𝗶𝘀𝘁 𝗢𝗯𝗷𝗲𝗰𝘁 𝗠𝗼𝗱𝗲 (𝗟𝗢𝗠) can change that. 🕵️‍♂️ Martin Handl shows how to leverage LOM to make Tier-0 accounts completely invisible to lower-tier admins. 🔧 𝗛𝗼𝘄 𝗶𝘁 𝘄𝗼𝗿𝗸𝘀: 1️⃣ 𝗘𝗻𝗮𝗯𝗹𝗲 𝗟𝗶𝘀𝘁 𝗢𝗯𝗷𝗲𝗰𝘁 𝗠𝗼𝗱𝗲 (𝗟𝗢𝗠) Set dSHeuristics=001 in AD’s Configuration partition. No restart needed—takes effect instantly across the forest. 2️⃣ 𝗨𝘀𝗲 𝘀𝗽𝗲𝗰𝗶𝗮𝗹 𝗔𝗖𝗟 𝗰𝗼𝗺𝗯𝗶𝗻𝗮𝘁𝗶𝗼𝗻𝘀: On the parent OU: Deny List contents On the Tier-0 object itself: Deny List object Together, this hides the object—even if a user has read access on the directory. 3️⃣ 𝗟𝗲𝘁 𝗔𝗱𝗺𝗶𝗻𝗦𝗗𝗛𝗼𝗹𝗱𝗲𝗿 𝗽𝗿𝗼𝗰𝗲𝘀𝘀 𝗱𝗼 𝘁𝗵𝗲 𝘄𝗼𝗿𝗸: Apply custom ACLs to the AdminSDHolder container—those propagate automatically to all protected Tier-0 accounts every hour. Bonus: Martin provides a PowerShell script to apply/revert this across any OU. 👁️ 𝗪𝗵𝗮𝘁’𝘀 𝘁𝗵𝗲 𝗲𝗳𝗳𝗲𝗰𝘁? From the viewpoint of Tier-1 or Tier-2 users (like helpdesk or server admins), the hidden accounts don’t exist. No group listing, no LDAP enumeration, no PowerShell output. 📌 𝗨𝘀𝗲 𝗿𝗲𝘀𝗽𝗼𝗻𝘀𝗶𝗯𝗹𝘆: Hiding is not a replacement for proper security controls (Tiering, Security Baselines, LAPS, Role Separation, ..., ). But it adds another layer—obscurity that frustrates attackers and tools alike. 📄 𝗙𝘂𝗹𝗹 𝗽𝗼𝘀𝘁 + 𝗣𝗼𝘄𝗲𝗿𝗦𝗵𝗲𝗹𝗹 𝘀𝗰𝗿𝗶𝗽𝘁 by Martin Handl: iqunit.com/become-an-invi… (use auto-translation from German, it is definitely worth it!). 𝗛𝗶𝗱𝗶𝗻𝗴 𝗰𝗮𝗻 𝗯𝗲 𝗮𝗹𝘀𝗼 𝘂𝘀𝗲𝗱 𝗯𝘆 𝗮𝗻 𝗮𝘁𝘁𝗮𝗰𝗸𝗲𝗿, are you sure nothing hides in your Active Directory? How do you search for something like that? ✅ PS: I got you covered, 𝗔𝗗𝗣𝗿𝗼𝗯𝗲 can discover hidden accounts... #ActiveDirectory #CyberSecurity #WindowsSecurity #RedTeam #LOM #ListObjectMode #T0 IQunit IT GmbH Martin Handl @BlueTeamDave

🔥 Microsoft patched a perfect 10.0 CVE in Entra ID (ex-Azure AD) that let attackers impersonate any user, even Global Admins—across every tenant worldwide. 🔑 MFA? Conditional Access? Logging? All bypassed. Total tenant takeover—SharePoint, Exchange, Azure resources. Details here → thehackernews.com/2025/09/micros…

POC is published on github.com/ANYLNK/NSecSof…

Multiple Russian Telegram channels are reporting that containers equipped with surveillance cameras are being placed by Ukrainian heavy drones where they can monitor Russian positions. A Starlink antenna provides communications.

Every lens leaves a blur signature—a hidden fingerprint in every photo. In our new #TPAMI paper, we show how to learn it fast (5 mins of capture!) with Lens Blur Fields ✨ With it, we can tell apart ‘identical’ phones by their optics, deblur images, and render realistic blurs.

AWS Pentest Checklist📝

How Windows access tokens work #ThreatHunting #DFIR

Russian 16 Ceramic Satellite Antenna Satellite Guidance Anti-jamming Module

Disassembly of the Latest Ukrainian Starlink Drone

#ESETResearch has discovered the first known AI-powered ransomware, which we named #PromptLock. The PromptLock malware uses the gpt-oss:20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts on the fly, which it then executes 1/6