I've been diving a little bit more into defense evasion and one thing I'm learning right now is ETW and one tool that provides insight on all the providers used by it, is ETWExplorer by Pavel Yosifovich aka @zodiacon . I know, I'm late...very late... github.com/zodiacon/EtwExplo…

Just shipped GraphSpy v1.7.0 ✨ Mostly under-the-hood work this time with major refactoring to speed up future development ⚙️ Huge shoutout to n3rada for leading the effort! More exciting features coming soon 🚀 github.com/RedByte1337/Graph…

This is bad. Putty level bad. notepad-plus-plus.org/news/h…

Let me blow your mind real quick: When you use Remote Desktop (RDP), Windows secretly takes screenshots of what you are doing. It’s called the RDP Bitmap Cache. To make the connection faster, Windows saves small tiles (images) of the remote screen to your hard drive in a bin file. Even if the session is over and the remote server is destroyed... your laptop still holds the cache files. Forensics teams use tools like BMCViewer to stitch those tiles back together. They won't just see logs but the literal email, document, or picture you were looking at. 💀

Did You Know? Uninstalling an app doesn't delete the proof that you ran it. Windows keeps a Ghost File for every program you execute to speed up loading times. It’s called Prefetch. Located in C:\Windows\Prefetch, these .pf files log: The exact Date & Time you ran it. The file path it ran from. The Run Count (How many times you executed it). Forensics teams use this to prove you ran "CCleaner" or "Malware.exe" even after you scrubbed the drive. 💀

EvilMist: EvilMist is a collection of scripts and utilities designed to support cloud penetration testing & red teaming. The toolkit helps identify misconfigurations, assess privilege-escalation paths, and simulate attack techniques. reddit.com/r/blueteamsec/com…

EDR-Freeze: A Tool That Puts EDRs And Antivirus Into A Coma State zerosalarium.com/2025/09/EDR…

Here you go github.com/projectdiscovery/…

When you're trying to use frida after 1 month and you forgot that you've updated the client version, but not the server and you wonder for hours, why it does not work...🤣

oh shiiittttttt

I don't know, who needs this (might be the only one...) but here you go. There's even a burpsuite version for the mainframe called birp big shoutout to @mainframed767 for his incredible talks and resources, everything you need is on his repo github.com/mainframed