Top 10 Blogs of 2025
#trustedsec
Everyone has a year-end list, and this is ours. See what our top-performing cybersecurity blogs were in 2025, there could be some you might have missed!
via TrustedSec Blog
#trustedsec
Everyone has a year-end list, and this is ours. See what our top-performing cybersecurity blogs were in 2025, there could be some you might have missed!
via TrustedSec Blog
MITRE AADAPT Framework as a Red Team Roadmap
#bishopfox
MITRE’s AADAPT framework exposes how attackers target digital-asset systems but the real value comes from testing those threats. Learn how red teaming turns AADAPT into evidence-driven detection, stronger controls, and measurable protection against economic loss.
via BishopFox Blog
#bishopfox
MITRE’s AADAPT framework exposes how attackers target digital-asset systems but the real value comes from testing those threats. Learn how red teaming turns AADAPT into evidence-driven detection, stronger controls, and measurable protection against economic loss.
via BishopFox Blog
Limiting Domain Controller Attack Surface: Why Less Services, Less Software, Less Agents = Less Exposure
#trustedsec
<p>Before we dive in, let’s get all the TrustedSec Certified Absolutes out of the way:All software presents some level of inherent risk.Only required software that cannot live on other systems should be installed on Domain…</p>
via TrustedSec Blog (author: Scott Blake)
#trustedsec
<p>Before we dive in, let’s get all the TrustedSec Certified Absolutes out of the way:All software presents some level of inherent risk.Only required software that cannot live on other systems should be installed on Domain…</p>
via TrustedSec Blog (author: Scott Blake)
Me, Myself and AI: Internal Experiments with the CS REST API
#cobaltstrike
This blog is all about experimenting and having fun with the new CS REST API and the generative AI ecosystem. We’ll demonstrate how we used Claude Desktop and its Model Context Protocol (MCP) integration to automate and orchestrate attacks through the CS REST API. We will also share the following internal (vibe-coded) experiments, intended to [...]
via Cobalt Strike Blog (author: Pablo A. Zurro)
#cobaltstrike
This blog is all about experimenting and having fun with the new CS REST API and the generative AI ecosystem. We’ll demonstrate how we used Claude Desktop and its Model Context Protocol (MCP) integration to automate and orchestrate attacks through the CS REST API. We will also share the following internal (vibe-coded) experiments, intended to [...]
via Cobalt Strike Blog (author: Pablo A. Zurro)
Livewire : exécution de commandes à distance via unmarshaling
#synacktiv
via Synacktiv Blog (author: Rémi Matasse)
#synacktiv
via Synacktiv Blog (author: Rémi Matasse)
Mapping Deception with BloodHound OpenGraph
#specterops
TL;DR As defensive postures continue to mature, deception technologies provide organizations the opportunity to harden defenses and take a more proactive approach in securing their environment. In large enterprises, it can be difficult to determine where and how to deploy effective deception techniques which are discoverable and believable for attackers. By utilizing OpenGraph, we can […]
via SpecterOps BH Blog (author: Ben Schroeder)
#specterops
TL;DR As defensive postures continue to mature, deception technologies provide organizations the opportunity to harden defenses and take a more proactive approach in securing their environment. In large enterprises, it can be difficult to determine where and how to deploy effective deception techniques which are discoverable and believable for attackers. By utilizing OpenGraph, we can […]
via SpecterOps BH Blog (author: Ben Schroeder)
Bishop Fox Wrapped: Research Worth Replaying
#bishopfox
This is Bishop Fox Wrapped. A snapshot of the research, blogs, virtual sessions, and tools that security teams kept coming back to, and what that tells us about what they needed this year.
via BishopFox Blog
#bishopfox
This is Bishop Fox Wrapped. A snapshot of the research, blogs, virtual sessions, and tools that security teams kept coming back to, and what that tells us about what they needed this year.
via BishopFox Blog
GenAI DevOps: More Code, More Problems
#bishopfox
GenAI has made it possible for anyone to ship production code, but security hasn’t caught up. The real risk isn’t bad AI code, it’s how quickly unsafe behavior reaches production. Here’s how to build guardrails so speed doesn’t become liability.
via BishopFox Blog
#bishopfox
GenAI has made it possible for anyone to ship production code, but security hasn’t caught up. The real risk isn’t bad AI code, it’s how quickly unsafe behavior reaches production. Here’s how to build guardrails so speed doesn’t become liability.
via BishopFox Blog
BOF Cocktails
#rastamouse
Crystal Palace is a PIC framework that can be used to write, among other things, prepended DLL loaders. The philosophy of the project is to apply evasion tradecraft (also written as PIC), to a capability at link-time. For a DLL, it does this by hooking the IAT and redirecting the
via Rasta Mouse Blog
#rastamouse
Crystal Palace is a PIC framework that can be used to write, among other things, prepended DLL loaders. The philosophy of the project is to apply evasion tradecraft (also written as PIC), to a capability at link-time. For a DLL, it does this by hooking the IAT and redirecting the
via Rasta Mouse Blog
The Mac Malware of 2025
#objectivesee
It's here! Our annual report on all the Mac malware of the year (2025 edition). Besides providing samples for download, we cover infection vectors, persistence mechanisms, payloads and more!
via Objective-See Blog
#objectivesee
It's here! Our annual report on all the Mac malware of the year (2025 edition). Besides providing samples for download, we cover infection vectors, persistence mechanisms, payloads and more!
via Objective-See Blog
Top 10 web hacking techniques of 2025: call for nominations
#portswigger
Over the last year, security researchers have shared a huge amount of work with the community through blog posts, presentations, and whitepapers. This is great, but it also means genuinely reusable te
via PortSwigger Research
#portswigger
Over the last year, security researchers have shared a huge amount of work with the community through blog posts, presentations, and whitepapers. This is great, but it also means genuinely reusable te
via PortSwigger Research
PatchGuard Peekaboo: Hiding Processes on Systems with PatchGuard in 2026
#outflank
Introduction
I spent a few weeks (and could have spent even more) trying to find a reliable trick to intercept kernel activity while HVCI was breathing down my neck. Almost every approach I tried ended the same way: either a blunt “access denied” or an instant black screen that replaced everyone’s favorite blue one.
Windows is not playing games anymore; the era of clever inline hooks and creative PatchGuard dodges is largely over. Microsoft pushed the enforcement layer up into places a normal kernel driver simply can’t touch. We’re talking hardware-enforced, hypervisor-backed protections: “you don’t even have permission to ask for permission.”
This research centers on a specific objective: hiding processes from user-mode enumeration by manipulating kernel structures – specifically, the process linked lists that Windows uses to track active processes.
via Outflank Blog (author: Ksawery Czapczyński)
#outflank
Introduction
I spent a few weeks (and could have spent even more) trying to find a reliable trick to intercept kernel activity while HVCI was breathing down my neck. Almost every approach I tried ended the same way: either a blunt “access denied” or an instant black screen that replaced everyone’s favorite blue one.
Windows is not playing games anymore; the era of clever inline hooks and creative PatchGuard dodges is largely over. Microsoft pushed the enforcement layer up into places a normal kernel driver simply can’t touch. We’re talking hardware-enforced, hypervisor-backed protections: “you don’t even have permission to ask for permission.”
This research centers on a specific objective: hiding processes from user-mode enumeration by manipulating kernel structures – specifically, the process linked lists that Windows uses to track active processes.
via Outflank Blog (author: Ksawery Czapczyński)