For those that use Defender for Identity, a really great quality of life feature just dropped into preview. The agent now has the capability to inspect the current configuration and remediate any issues with logging to ensure the sensor is collecting everything it needs. You

Wrote github.com/leftp/WimReader when I needed to check a few WIM images over smb (sccm 😉😉😉) without transferring the whole thing over the wire...

We fine-tuned an 8B model to pop a GOAD domain…using only synthetic training data. No real networks. No frontier model distillation. Just a world model that simulates AD environments and generates realistic pentesting trajectories. See how shane and Max Harley did it:

Can LNK files ever be trusted? ⚡ My latest blog post demonstrates several new LNK abuse methods, allowing you to fully spoof the target shown in Explorer. It also introduces tools to create your own LNKs, and detected spoofed ones yourself. 🐬 wietzebeukema.nl/blog/trust-me-…

Try the tool for yourself: github.com/wietze/lnk-it-… 🔗

This is really cool. I like this code, proof-of-concept, and paper A LOT. Basically he is modifying the raw bytes of .LNK files (Windows shortcuts) to make them perform malicious actions while also operating correctly as a .LNK file. When examined from the user they will appear

I had a few people test this when it was behind auth but pulled the auth back. If you're interested in Defender signatures and ASR rules. defender.hackpwn.net

You should checkout the Mimikatz Missing Manual that Darkoperator | 🇺🇦 has made. So much awesome documentation in there. github.com/darkoperator/m…

I always was interested how Microsoft Active Protection Service (MAPS) worked and why nobody ever published anything around it. It's the cloud based portion of Defender. github.com/HackingLZ/maps…

Think your guest Wi-Fi is isolated from your main network? Think again. AirSnitch (NDSS'26) breaks client isolation on every router tested: from home APs to enterprise WPA2/3-Enterprise. Full MitM in seconds, sometimes leaking WPA2 traffic in plaintext. Technique breakdown & tool

LLMs have changed the way offensive security practitioners reason about problems and build offensive capabilities. Evan Pena and I wrote how our Armadin red team approaches this in the new age of LLMs ⬇️ armadin.com/blog-posts/thi…

New TrustedSec tool drop from freefirex there is still gold to be fund in LNK files. github.com/trustedsec/Lnk…

🔥 macOS cmd-obfuscation with ArgFuscator New: over 60 os-native macOS binaries' command lines can now be obfuscated using #ArgFuscator, bypassing command-line based detections, such as this EDR trying to prevent credential dumping. 👉 Check it out: argfuscator.net

meet VMkatz, github.com/nikaiw/VMkatz

Introducing Ligolo-IWA! If you love Ligolo-ng but struggle with proxies, EDRs, or AppLocker policies, this is for you. Ligolo-IWA runs directly from Chromium-based browsers (Edge/Chrome) to bypass standard host restrictions and corporate filters. iwa.ligolo.ng

We released a new public tool, 3LayersPersistence, that demonstrates 3 different persistence layers implemented in one executable. github.com/Maldev-Academy… The implementation uses WMI event subscriptions, DLL sideloading, and COM hijacking in a single workflow, with the

Released WinDbg MCP — attach Claude (or any LLM) to a live Windows process and let it poke around. set breakpoints, read memory, walk the stack, load crash dumps. 55 tools over MCP. github.com/gengstah/windb…

Stop clicking through 15 menus just to find one Azure blade 🛑55,000+ Microsoft pros use cmd.ms to skip the portal fatigue. I just launched a massive V2 rewrite: ⚡️ 100% keyboard-driven 🎯 Jump to any blade instantly 🔍 New Purview + Security commands

WinML are my favorite APIs github.com/0xTriboulet/ai… (Shameless self-plug)