The document examines the ransomware’s modular architecture, its ability to reboot systems into Safe Mode, terminate critical enterprise services, and perform multi‑threaded file encryption for maximum impact. It also highlights how Agenda targets healthcare and education organizations across Asia and Africa, leveraging spear‑phishing and compromised credentials to gain initial access.

Serverless AITM Simulation Framework for Entra ID and M365

New 0 day vulnerability allowing to leak NTLM hashes from browsers with one click

leakage of the victim’s NTLMv2-SSP hash to an attacker-controlled server. This issue enables credential exposure and potential relay attacks in enterprise environments, requiring only minimal user interaction (Opening the App). Microsoft didn't recognize the vulnerability and no CVE was issued.

BrutDroid - Android Studio Pentest Automator: Streamline mobile pentesting with automated emulator rooting, Frida, and Burp Suite integration.

First CVE was registered for the new Binder kernel driver written in Rust. The vulnerability is a race condition caused by a list operation in an unsafe code block.

Prompts for performing tests on your Kali Linux using Gemini-cli, ChatGPT, DeepSeek, CursorAI, Claude Code, and Copilot.

NeuroSploitv2 is an advanced, AI-powered penetration testing framework designed to automate and augment various aspects of offensive security operations. Leveraging the capabilities of large language models (LLMs).

If you’re a penetration tester, you know that lateral movement is becoming increasingly difficult, especially in well-defended environments. One common technique for remote command execution has been the use of DCOM objects

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly bridge LLMs with real-world offensive security capabilities.
www.hexstrike.com/

The article discusses sophisticated call stack obfuscation techniques - using callbacks, tail calls, and proxy frames - to evade detection in exploitation and malware scenarios

A Web-based 3D Presentation Tool - Create stunning 3D presentations with animated transitions between slides.

We provide a structured systematization of obfuscation techniques and evaluate them under a unified framework. Specifically, we categorize existing obfuscation methods into three major classes (layout, data flow, and control flow) covering 11 subcategories and 19 techniques. We implement these techniques across four programming languages (Solidity, C, C++, Python) using a consistent LLM-driven approach, and evaluate their effects on 15 LLMs spanning four model families (DeepSeek, OpenAI, Qwen, LLaMA), as well as on two coding agents (GitHub Copilot and Codex). Our findings reveal both positive and negative impacts of code obfuscation on LLM-based vulnerability detection, highlighting conditions under which obfuscation leads to performance improvements or degradations

— 0.211.0 to 1.120.3
— 1.121.0

FOFA: app="n8n"
HUNTER : product.name="N8n"
ZoomEye: app="n8n"

Shellcode and In-PowerShell solution for patching AMSI via Page Guard Exceptions

AI-assisted penetration testing agent that enhances offensive security workflows by providing structured attack guidance, contextual analysis, and multi-backend AI integration.