Panos Gkatziroulis 🦄

Abusing Windows toast notifications for fun and user manipulation github.com/brmkit/toastno…

Abusing Windows toast notifications for fun and user manipulation brmk.me/2026/03/18/toa…

🖊️ I decided to write an article and share all my notes about Credential Guard Control Validation! ✅ 4x Procedures ✅ SIGMA & Sysmon Rules ✅ Covers all possible methods and detection strategies ipurple.team/2026/03/17/cre… #purpleteam #ipurple

🔥🤖Excited to share a new blog I co-authored with @h4wkst3r and @kulinacs - Automating the Operator: Integrating LLMs into Offensive Security armadin.com/blog-posts/aut… We show how LLMs make offensive work more operationally useful, introduce 2 new MCP servers, and an NTLM relaying Gemini extension POC

🗣️Want ready‑to‑use detection content - from playbooks to hunting queries and SIGMA rules, focused on modern adversary techniques? Join the iPurple community and get access to it. ⏰Link Expires in 24H discord.gg/ZdfyJyTw

A quick diagram of how DumpGuard by @bytewreck works. Relevant to the recent @SpecterOps research on abusing Credential Guard to recover NTLMv1 hashes. ipurple.team/2026/03/17/cre… Detection Strategy in the article below ⤵️ #purpleteam #redteam #ipurple

FrontHunter - a tool for testing large lists of domains to identify candidates for domain fronting github.com/st3rven/fronth…

KslDump - Extraction of credentials from PPL-protected LSASS using only Microsoft-signed components github.com/andreisss/KslD…

@retBandit All the best to your next chapter!

After 13 incredible years at IBM, I’m stepping away to start building something new. IBM has been a defining part of my life. I’m especially proud to have founded and grown the Adversary Simulation team and to have served as a Distinguished Engineer focused on AI and offensive security. What began as a small idea became one of the greatest red teams, pushing the boundaries of what real-world adversary simulation can look like - made possible by an exceptional group of people I learned from every day. I’m deeply grateful to the X-Force leadership and to the teammates, mentors, researchers, and operators who made the journey what it was. The team is in great hands and will continue to do important, impactful work. Looking ahead, I’m excited to focus on building what’s next - continuing to raise the bar for offensive cyber and exploring how AI can enable high sophistication offensive cyber operations and capabilities at a speed, scale, and intensity never before seen. It’s still early, but I’m looking forward to sharing more soon. I truly appreciate everyone who’s been part of the journey.

🛠️ Fritter - a heavily modified fork of Donut shellcode generator ✅ It generates position-independent shellcode for in-memory execution of VBScript, JScript, EXE, DLL, and .NET assemblies, but with a heavy focus on evasion and signature resistance github.com/0xROOTPLS/Frit…

meet VMkatz, github.com/nikaiw/VMkatz

Ghost in the PPL - LSASS Memory Dump core-jmp.org/2026/03/ghost-… #redteam

Discovered a Mark-of-the-Web (MOTW) bypass using native Windows extraction tools. CAB - TAR - TAR - XLSM chain causes the final file to lose MOTW, allowing macros in Microsoft Excel to run without the security warning. Reported to MSRC and classified as moderate. Enjoy

Last week, we got the amazing opportunity to take a tour round the BrightSolid data center! It was an interesting peek into how companies store their data on a large scale and the effort that goes into protecting it. Huge thank you to everyone who put this morning together <3

@curi0usJack @TrustedSec Congrats to your team! This looks like a great course.

Incredibly proud of the team in putting together our latest @TrustedSec BlackHat class. It's going to be an absolute blast and development is underway. Hope to see you there! #supply-chain-to-runtime-attacking--defending-the-modern-devops-stack-50985" target="_blank" rel="nofollow noopener">blackhat.com/us-26/training…

Decrypting and Abusing Predefined BIOCs in Palo Alto Cortex XDR labs.infoguard.ch/posts/decrypti…

RedVect0r: Attack surface mapping tool for penetration testers github.com/5arth4k-X/RedV…

📘 Looks like a great resource for blue teamers 🌐 Windows Event Catalog detection.wiki