Hare Sudhan

I wanted to follow-up and let @M_haggis @nas_bench @Kostastsale @cyb3rbuff @_josehelps know that the Sysmon config for the LOLRMM framework is "effectively" complete for the primary areas of focus. I have intentions to add more filtering to it but it is. dodgethissecurity.com/2025/11/30/sys…

🚀 Introducing LOAS: Living Off the Orchard - AppleScript Excited to open-source LOAS (Living Off the Orchard: AppleScript) - a comprehensive library of AppleScript and JXA tests mapped to the MITRE ATT&CK® framework for macOS security testing. Why LOAS? Attackers increasingly leverage built-in macOS tools like AppleScript and JXA to access credentials, capture screenshots, and establish persistence—all without custom malware/tools. LOAS helps security teams test if their defenses can detect these living-off-the-land techniques. Key Features: 🔴 Execute AppleScript and JXA tests 📦 Multiple Execution Methods: osascript, Swift, compiled binaries—each generating different endpoint logs 🔗 Atomic Red Team Integration: Pre-converted Atomic Red Team YAML format available in GitHub releases. If you already use Atomic Red Team, this would fit right into your workflow. 🤖 LLM-Ready: Compatible with Claude, ChatGPT, and Gemini for interactive exploration. Prompt your AI to "Read loas.dev/llms-full.txt. I would like to ask questions about it" Getting Started: Download pre-built tests from GitHub releases(github.com/cyberbuff/loas…) and start testing immediately. Full documentation and LLM-optimized guides available at loas.dev 🔗 GitHub: github.com/cyberbuff/loas 📖 Docs: loas.dev 📝 Blog: cyberbuff.substack.com/p/introducing-… Feedback and contributions welcome! #macOS #RedTeam #BlueTeam #AdversaryEmulation #applescript

Looking to up your nation state AI agent hacking? Check out @cyb3rbuff MCP for Atomic Red Team. For all we know, this is what Anthropic detected!

Thanks @_JohnHammond for spreading the word about Atomic Red Team MCP! Grateful to have advocates like you and @M_haggis amplifying this tool. For anyone curious about AI powered security testing, check out the project here: github.com/cyberbuff/atom… Associated Blogposts: open.substack.com/pub/cyberbuff/… open.substack.com/pub/cyberbuff/…

🚀 Part 2 is here! "Atomic Red Team MCP #2: Claude becomes C2" - Breaking Everything, Everywhere, All at Once Taking the next step from Part 1, Part 2 shows how to orchestrate atomic tests across multiple operating systems simultaneously. 🔧 What's new: - Deploy MCP servers on Windows, Linux, and macOS - Centralized AI control of distributed testing infrastructure - Cross-platform attack scenarios with unified reporting - Purple team workflows that combine attack + detection validation 💡 Real-world example: "Execute Cloudflare tunnel atomic on Windows, Linux, and macOS. Query Splunk MCP for any Cloudflare alerts and create Jira tickets for any detection gaps found." 🎯 Why this matters: Traditional BAS tools like Caldera and OpenAEV handle multi-platform execution, but require complex configuration and manual result correlation. AI-powered orchestration brings conversational intelligence to security testing - adapting scenarios based on results and reasoning through next steps. 🔗 Repository: github.com/cyberbuff/atom… 📖 Read the full article here: cyberbuff.substack.com/p/atomic-red-t… #AtomicRedTeam #MCP #AdversaryEmulation

🎃 Going live in 30 minutes! Atomics on a Friday: Night of the Living Indicators - join us for live emulations, haunted artifacts, and MCP mayhem. See you there… or on the recording. 👻⚛️ Twitch: twitch.tv/atomicsonafrid… X Linkedin YT: youtube.com/watch?v=nSuCkE…

🚀 Just released the Atomic Red Team MCP Server! Brings 1500+ atomic tests directly into AI assistants like Claude. Search, create & validate security tests with natural language. ✨ "Show me all mimikatz tests" ✨ "Create atomic test for Chrome credential extraction" ✨ "Generate tests from this threat intel report" Repo: github.com/cyberbuff/atom… 🔴 @M_haggis is demoing it on YouTube today at 1 PM EST! 📖 Read the full story to learn more about the MCP: "Claude becomes the APT" open.substack.com/pub/cyberbuff/… #atomicredteam #mcp #adversaryemulation Special thanks to @OrOneEqualsOne and @M_haggis for beta testing and invaluable feedback!

🧪 Deep in the lab, something modular is stirring... This Friday, on Atomics on a Friday, we’re unleashing @cyb3rbuff Atomic Red Team MCP 💥 Think of it as the Frankenstein’s lab of atomic testing - built for automation, precision, and chaos. youtube.com/watch?v=nSuCkE…

Grateful that a community project like LOLRMM went from this weekend hackathon to full blown project now mentioned by CISA: cisa.gov/news-events/cy…

Thanks to @cyb3rbuff you can now leverage ArgFuscator.net's contents via Invoke-ArgFuscator. Simply install the latest version from the PowerShell Gallery and use '-Command' to specify any of the supported commands (buff.ly/4hKMjRq). 🤘 buff.ly/4b7uwBo

Two openings for AI Security Distinguished Engineers at Walmart. I have worked for Walmart for 7 years and I love it. I have also worked for the hiring manger and he is awesome. walmart.wd5.myworkdayjobs.com/es/WalmartExte…

🚨 The RMM threat landscape is evolving! 🚨 Recent attacks, like those highlighted by @HuntressLabs 🛡️ & CERT-UA 🇺🇦, show how adversaries 🎭 weaponize RMM tools 🛠️ for persistence 🔒 & lateral movement ↔️. 🔍 Enter LOLRMM: your 🧙‍♂️ ally in detecting 👀 & preventing 🚫 RMM abuse. From identifying unauthorized tools 🚨 to building robust defenses 🛡️, LOLRMM equips your SOC with the insights 📈 needed to stay ahead of attackers. 🛡️ Stay vigilant. Stay protected. CERT-UA: buff.ly/3C2cdAx Huntress: buff.ly/3C04tPu 🌐 Learn more: lolrmm.io #RMM #ThreatDetection #LOLRMM #Cybersecurity It Ends with Us. 💪🔥

@M_haggis I love the grouping option github.blog/changelog/2023… where you can just mention a pattern(can be wildcard too) and it groups all the dependency updates in a single PR.

Y’all... I just met Dependabot, and it’s like the superhero 🦸‍♂️ of Git projects. I added it to my repo, and BAM 💥—it opened a bunch of PRs faster than I could sip my coffee. ☕ WHO IS THIS DEPENDABOT 🤔 telling me to fix stuff?! Turns out, it’s actually amazing—keeping dependencies up-to-date and squashing vulnerabilities like a boss. 👾⚒️ 🌟 Learn more here 👉 Dependabot Docs: docs.github.com/en/code-securi… Anyway, that’s my first Tuesday share. How are YOU doing? 🤷‍♂️💬

⚛️ atomicredteam.io got a facelift! Our new #AtomicRedTeam testing interface features improved search and filtering, easier test execution, and more! 📽️ Here's a guided tour: youtu.be/u8WuveN1OY0

🛠️ Announcing LOLRMM Living Off The Land Remote Monitoring and Management A centralized platform for tracking and managing RMM software that often get abused by threat actors By @M_haggis, @_josehelps, @cyb3rbuff, @Kostastsale, @nas_bench medium.com/magicswordio/a…

📚 tl;dr sec 254 ☁️ GCP CTF workshop ☁️ Sentinel for Purple Teaming @securitypuck 🤖 One Year of Using LLMs for AppSec @cktricky 🤖 Integrating LLMs and AI Agents into AppSec @anshuman_bh 🔍 Awesome Threat Detection @0x4d31 🔬 LOL Remote Monitoring and Management @M_haggis, @_josehelps, @cyb3rbuff, @Kostastsale, @nas_bench and more! tldrsec.com/p/tldr-sec-254

🔍 Struggling to track RMMs? Meet LOLRMM — your one-stop solution for detecting & managing RMMs! 🚨💻 ⚔️ lolrmm.io 🔥 ✨ Benefits of LOLRMM: • 🗂️ Single source for ALL RMMs • ⚡ Optimized for speed across SIEMs (KQL, Splunk, etc.) • 🚫 No more duplicates — clear, concise results • 🔄 Streamlined artifact grouping for easy detection! 👨‍💻 Say goodbye to noisy queries and fragmented hunts! 🚀 @Antonlovesdnb and @BertJanCyber tuned up some KQL here 🔗 x.com/BertJanCyber/s… ⚔️ It ends with us!

⏳ TOMORROW. It’s happening. 🔥 We will feature a deep dive into #LOLRMM—a tool that will reshape your threat-hunting game forever. 💥🕵️‍♂️ Tune in for a discussion with our expert guests on how we can END RMM abuse. ✋💀 Get ready… 🎙️ youtube.com/watch?v=QinHbf…