Hello community, I will be posting write ups on my new website sabotagesec.com/ . You can read all my old posts there. Thank you for all the support and love! #cybersecurity #malware #Windows #threatintell

Fresh research from the team (@vkamluk / @juanandres_gs) - this one goes back quite awhile! fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet sentinelone.com/labs/fast16-…

I decided to commit another part to the Applied Reverse Engineering series with an article diving into rolling your own primitive tracer for discrete purposes; coupled with an analysis on outrunning integrity checks. revers.engineering/applied-r…

Our latest post on the blog details a Windows EoP courtesy of @filip_dragovic... "Total Recall – Retracing Your Steps Back to NT AUTHORITY\SYSTEM" - mdsec.co.uk/2026/02/total-re…

My thoughts are yes, red teaming has got significantly harder over the last few years. The knock on effect is: 1) engagements need more time, 2) teams who don't invest heavily in R&D (either in-house or outsourced) will be left behind, 3) there's less things shared publicly as a consequence, 4) lots of teams have tried to compensate by assuming breach, which as a result has led to less innovation in the IA space However, I disagree that IA is anywhere near dead even targeting the top 1%. The vast majority of our engagements have a large IA component and we're still successful in >75% of cases. Yes the points mentioned are a pita - AWL is a great control, but there's equally a plethora of file formats that support scripting; get creative - Yes MOTW restricts some things - but there's a variety of ways around it if you're creative (and I'm not talking about ISOs 🙄)

Don't do this. Don't make this mistake. Do something cooler. Listen to your peers when they recommend reviewing other peoples research. malwaresourcecode.com/home/m…

One of the new features we built for #Nighthawk customers is HawkEye. This is an AI bot built on Opus 4.5 that uses RAG to ingest all the #Nighthawk documentation, sample profiles, APIs, and sample source code. It's able to help explain features, build profiles, write source code for modules and much much more...

Want to consume Microsoft-Windows-Threat-Intelligence but Antimalware-PPL getting you down? No problem! I will post a blog & POC soon - but this allows you to consume Threat-Intelligence without PPL _and_ w/o any kernel patching/driver loading gymnastics! Only need admin!

Whether you're learning x86 instruction encoding or writing YARA rules, ZydisInfo is an amazing (yet slightly underrated) tool for the job.

Today, we’re releasing watchTowr Labs’ @chudyPB’s BlackHat .NET research, owning Barracuda, Ivanti and more solutions. Enjoy the read as Piotr explains a new .NET Framework primitive, used to achieve pre- and post-auth RCE on numerous enterprise appliances. labs.watchtowr.com/soapwn-pw…

New blog by Outflank’s @KyleAvery: Linux process injection leveraging seccomp to inject shared libraries into Linux processes without LD_PRELOAD, ptrace nor elevated privileges. Parent-to-child injection at any ptrace_scope level 💪😎 Tech details here: ow.ly/KwBh50XGvrC

Thank you all for helping me choose the cover for the Go Concurrency book. I didn't expect so much participation, and I really appreciate it! Here's the final version, along with the table of contents.

Low-Level Software Security for Compiler Developers If you ever wanted a textbook-style guide to memory safety bugs, undefined behavior, exploit mitigations, side channels, etc. All in one spot, this free book is it: llsoftsec.github.io/llsoftse…

New Amazon Threat Intelligence findings: Nation-state actors bridging cyber and kinetic warfare aws.amazon.com/blogs/securit…

New research from @jdu2600: a clean loader-lock escape using the PEB's PostProcessInitRoutine. Read the analysis and PoC code 📃 preludesecurity.com/blog/esc…

❗️Blog Alert 💥Crafting maskable functions using LLVM. 🔎In depth coverage of LLVM backend internals. 🔎Tinker with x64 function code stubs and manipulate control flow This time, I am posting it on @MDSecLabs blog😋 #RedTeaming #MalwareDev mdsec.co.uk/2025/10/function…

The @MDSecLabs red team is hiring! If you're an experienced red team operator interested in conducting multi-month operations within a small and technically gifted team reach out to us! ✊

We're really bringing the 🔥 with our next Nighthawk release - Janus - nighthawkc2.io/janus/

In our latest blog post, we detail how you can leverage the Nighthawk API to streamline your Red Team Ops.... Automating Operations with Nighthawk - nighthawkc2.io/automating-op…

Exciting times. I'm publishing Dittobytes today after presenting it at @OrangeCon_nl ! Dittobytes is a true metamorphic cross-compiler aimed at evasion. Use Dittobytes to compile your malware. Each compilation produces unique, functional shellcode. github.com/tijme/dittobytes

We just pushed a post on a recent Nighthawk release which included a few goodies plus some revamps in our licensing model