nodauf

Reversing Windows Defender Vulnerable Driver: KslD.sys Welcome to a new Medium post! In this one, I’ll walk you through my reverse engineering process for the vulnerable KslD.sys driver @s12deff/reversing-windows-defender-vulnerable-driver-ksld-sys-d64a485ee8e8" target="_blank" rel="nofollow noopener">medium.com/@s12deff/rever… Inspired by: github.com/andreisss/KslD…

"0 Click RCE exploit for CVE-2026-34159 Lama.cpp RPC server version b8487" github.com/casp3r0x0/CVE-…

How well do you really understand what's happening inside a #Kerberos exchange? In our latest blog, @codewhisperer84 breaks down the full authentication flow and demonstrates how to interact with every stage using the #Titanis toolset. Read it now! hubs.la/Q04dcFgv0

LLMs have gotten good enough at reverse engineering to recover source code from obfuscated binaries with real accuracy. So we asked the obvious next question: how fast and cheap is it to use one to build obfuscation specifically designed to beat it? We benchmarked Claude Opus 4.6 against the Tigress obfuscator across 20 targets first, to map its strengths and failure modes. 40% solve rate. Phase 3 multi-layer combos hit 0%, with cost explosions that killed the runs. Then we ran a dev/test/refine loop to build 3 purpose-built obfuscation variants targeting the same crackme, iterating directly against the model's known weaknesses. The finding: LLM-targeted obfuscation is fast and cheap to develop. Context windows, budget caps, and shortcut biases are all exploitable attack surfaces. The arms race just shifted.

Full research, benchmark methodology, scoring breakdown, and the obfuscation techniques that worked: go.es.io/3QSJGnI

TENCENT ACABA DE DROPEAR LA BOMBA para todos los que hacen AI Agents: Un sandbox que: - Arranca en menos de 60 ms (hasta 50x más rápido) - Usa solo 5 MB de RAM por instancia - Puedes correr +2.000 sandboxes en un solo servidor - Seguridad de verdad (microVMs con KVM + RustVMM) - y 100% compatible con E2B SDK. Self-hosted, open-source y GRATIS. REPOOO👇

New blog post! From a routine red team exercise to an unexpected challenge: what happens when modern defenses block every traditional C2 channel? Explore the evolving attack surface of collaboration tools in our blog: ow.ly/x4Oq50YNvFt #RedTeaming #Pentesting

Run zizmor on all your workflows with the auditor flag do yourself a favor and fix all the issues to protect your CI/CD. It’s not a solution for every scenario, but it’s better than not doing it 🤷‍♂️ github.com/zizmorcore/ziz…

🧠 To bypass detection methods like YARA rules that look for certain bytes and memory scanners, Beatrice patches machine code in binaries with alternative x64 assembly opcodes of the same size. ✅Additionally, the tool is designed to modify machine code within executables and other complex binaries containing strings or embedded data. ✅It uses strict, byte‑level matching to ensure the binary remains intact.

gopacket is live! Check it out, it is intended to be a full reimplementation of Impacket in Go (it is in beta please send me bug reports) github.com/mandiant/gopac…

🚨 New Research Alert: Inside the RedSun Windows 0day A closer look at why this vulnerability exists and how Defender’s own logic enables the system compromise. Read more: cloudsek.com/blog/redsun-wi… h/t @WeirdQuadratic 🐐 #Windows #RedSun #0Day

@HackingLZ github.com/n00py/Outpacket Maybe useful

Windows defender has been compromised. right now there is a public unpatched exploit that gives any app on your windows PC full system admin access. no password. no popup. nothing your antivirus doesnt stop it. your antivirus IS the exploit. windows defender is the attack vector ransomware gangs can use this to encrypt your entire machine and steal every saved password, browser session, and discord token you have. fully patched windows 11. real time protection on thread

Another zero day exploit released by some nerd (can't remember name right now) because they're annoyed with Microsoft. It's been confirmed by other nerds. It is yet another legit zero day. Whew. github.com/Nightmare-Ecli…

In response to CVE-2026-33825 (BlueHammer patch), The RedSun, a new unpatched windows defender EoP vulnerability has been publicly disclosed and can be found here - deadeclipse666.blogspot.com/2026/04/public…

It is interesting how fast Microsoft killed the repository hosting the PoC. The article below ⬇️ Signed to Kill - Reverse Engineering a 0-Day Used to Disable CrowdStrike EDR core-jmp.org/2026/04/signed…

ToastFix - Chaining a ClickFix Attack With Toast Notifications 0xh4lpy.medium.com/toastfix-chain… #redteam

🚀 NEW GEMMA 4 31B TURBO DROPPED Runs on a SINGLE RTX 5090: ⚡️18.5 GB VRAM only (68% smaller) 🧠51 tok/s single decode 💻1,244 tok/s batched 🤖15,359 tok/s prefill ← yes, fifteen thousand 🚨2.5× faster than base model with basically zero quality loss. It hits Sonnet-4.5 level on hard classification tasks… at 1/600th the cost. Local models are shipping faster than we can test 👇🏻 🔥 HF: huggingface.co/LilaRest/gemma…

Windows Internals Part57: Handling IRP_MN_QUERY_STOP_DEVICE youtu.be/vwaCEoxBw4k #infosec #windows #linux #cybersecurity

Interesting approaches! 🤔 Fixing Mimikatz sekurlsa::logonpasswords on Windows 11 24H2/25H2 @tanrikuluatahan/fixing-mimikatz-sekurlsa-logonpasswords-on-windows-11-24h2-25h2-253e82866197" target="_blank" rel="nofollow noopener">medium.com/@tanrikuluatah…