This is a bug fix version. zipdump_v0_0_31.zip (http)MD5: 8EA7D6DBC2877C0E8F3635F06F6E5639SHA256: C063421D1A87E1DB08205948D481CD733F1F170398D990711F92F4F5921134A4  ( 11 min )

On a Windows host, strictly isolated Docker containers can be operated thanks to Hyper-V, which is capable of running an operating system different from Windows Server. Microsoft offers Server Core and Nano Server as operating systems suitable for this purpose. Windows services inside the containers can be managed locally using the CLI or remotely using established GUI tools. Source

A blog about how the SANS Cyber42 Leadership Simulation helps cybersecurity leaders make the tough decisions.  ( 13 min )

Many laptops come with just one M.2 slot, making storage upgrades challenging. Rather than adding an SSD, you have to replace the current one. This operation involves connecting the new SSD externally and booting the system via USB to transfer data. The free open-source tool Clonezilla provides a dedicated feature to simplify this process. Source

Security is a team sport. Whether you're a pentester, bug bounty hunter, student, or just love breaking (and fixing) things, our field thrives on shared knowledge, collaboration, and support. We want  ( 4 min )

You are likely aware of ASCII Smuggling via Unicode Tags. It is unique and fascinating because many LLMs inherently interpret these as instructions when delivered as hidden prompt injection, and LLMs can also emit them. Then, a few weeks ago, a post on Hacker News demonstrated how Variant Selectors can be used to smuggle text. This inspired me to take this further and build Sneaky Bits, where we can encode any Unicode character, not limited to ASCII, with the usage of only two invisible characters.  ( 4 min )

SANS Cybersecurity Blog pertaining to a summary of the SANS New2Cyber Summit 2025  ( 9 min )

No content preview

Lindy.ai is a no-code platform that enables users to build custom AI assistants to automate various business workflows without requiring coding skills. Users can create AI agents to handle tasks such as email management, meeting scheduling, customer support, or sales outreach. The platform integrates with various business tools, such as Google Workspace, HubSpot, Slack, and Zendesk. Source

Why now? Artificial intelligence is rapidly transforming industries, and security testing is no exception. At PortSwigger, we’ve always been driven by innovation, but we don’t chase trends for the sak  ( 4 min )

Kim Zetter interviews David Weston on topics such as the fallout from the CrowdStrike outage, Windows Recall and improving Microsoft security.  ( 22 min )

TL;DR Caching speeds up website content delivery What caching directives are and how to use them The No-cache directive does not prevent caching The No-store directive prevents caching Introduction The […] Take control of Cache-Control and local caching first appeared on Pen Test Partners.  ( 7 min )

We’ve reached the third Patch Tuesday of 2025, and, as expected, Microsoft and Adobe have released their latest security offerings. Take a break from your scheduled activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here: Adobe Patches for March 2025 For March, Adobe released seven bulletins addressing 37 CVEs in Adobe Acrobat Reader, Substance 3D Sampler, Illustrator, Substance 3D Painter, InDesign, Substance 3D Modeler, and Substance 3D Designer. Six of these bugs were reported through the ZDI program. The patch for Reader contains fixes for multiple Critical-rated code execution bugs. This should be the top priority for deployment. The fix for Illustrator also corre…

In 2025, Microsoft will discontinue a long list of products and services. In recent days, the announcement of Skype’s shutdown has drawn significant attention. Additionally, other well-known apps like Outlook for Mac and Viva Goals will also be affected. Source

A blog about the importance of continuous penetration testing  ( 24 min )

Learn how an attacker with access to a backup file could potentially recover certain encrypted passwords. The post CVE-2024-28989: Weak Encryption Key Management in Solar Winds Web Help Desk appeared first on NetSPI.  ( 12 min )

Winhance is a PowerShell utility for optimizing and customizing Windows 11. It enables users to remove unwanted software, prevent reinstallation, and enhance system privacy and performance settings. Source

This is a bugfix version. xmldump_V0_0_10.zip (http)MD5: 8A42C57B10E9D41CCD4D48C2C618431BSHA256: F0E37F1B61D065A92E2F2C3A678CDE101413BE6099A89AA81FB7C80F18965966  ( 11 min )

This newly update vulnerability management maturity model self-assessment tool (VMMM0SAT 2.0) helps assess an organization's maturity level across all 12 areas  ( 11 min )

Using AI can be a great tool for adversarial engineering. This was just a bit of fun to see if it was possible todo and to learn more about automation but also proving you cannot trust git commit history nor can you trust dates of commits!  ( 7 min )

This is a bugfix version. pdf-parser_V0_7_11.zip (http)MD5: 54425CBB5E3E88D931AE7A627105947ESHA256: 4B550F11DBEA5EE3CF10C842AC1C290407E6BD2A60ECFA2EE192E2D3663227B9  ( 11 min )

In the first part of this series we explored some basic search terms that can be used to find ‘unwanted’ software being installed on company endpoints. Today, I’d like to take this research a step further and look at other … Continue reading →  ( 4 min )

This is a bugfix version. pdfid_v0_2_10.zip (http)MD5: E2F369B34D7148BE4D5C4C02430E7983SHA256: A677336B1CF51386E35DBDED8FDB79F27368FD5D5ECC3FC5C8DA020A029CB6B6  ( 11 min )

OpenAI has greatly enhanced the Work with Apps functionality in the ChatGPT app. Users can now incorporate the outputs from these apps as context for their prompts in ChatGPT and implement code changes in Cursor, VS Code, and various other IDEs. This feature positions the ChatGPT app as a competitor to Cursor and GitHub Copilot in VS Code. Furthermore, outputs from well-known terminal applications such as Warp and iTerm2 can be used as context within ChatGPT. Source

This is an update with new stats. 1768_v0_0_23.zip (http)MD5: 04641D1CCDABDD16FB303B89235AAC53SHA256: 708D849F11D6614B55AAF0154445CEEC12AC7ADBE02260D8FF567FC4A02C193E  ( 11 min )

A blog explaining how to get your employer to reimburse you SANS course tuition costs  ( 14 min )

TL;DR: SCCM forest discovery accounts can be decrypted including accounts used for managing untrusted forests. If the site server is a…  ( 15 min )

Zach Lloyd, a former Principal Engineer at Google, introduces new features at warp speed to the best terminal app in the galaxy, with the latest Warp release introducing cutting-edge AI technologies from The Next Generation. The standout addition is the Dispatch mode, which I prefer to call reasoning mode, enabling administrators to plan complex automation tasks with AI assistance. Prompt Suggestions might better be described as big brother or creepy mode since the AI continually observes your actions and intervenes when it believes you need assistance. Additionally, AI memory functions similarly to the personalization feature in ChatGPT, allowing you to save preferences as Knowledge across sessions. Source

TL;DR   What is Cyber Essentials and why does it matter?  The role of Cyber Essentials (CE) and Cyber Essentials Plus (CE+) assessors in protecting UK businesses  The difference between a […] How I became a Cyber Essentials Plus assessor first appeared on Pen Test Partners.  ( 10 min )

This is a bug fix version. oledump_V0_0_79.zip (http)MD5: 5463B7660B15EA1AE4C9F2792CECB512SHA256: EA56C4A4C261C499ECE5C19EB0E53607E497253110953F6050177516C0728E02  ( 11 min )

This post concludes a four-month performance study of OpenSearch and Elasticsearch search engines across realistic scenarios using OpenSearch Benchmark (OSB). Our full report includes the detailed findings and comparison results of several versions of these two applications.  ( 8 min )

When we founded SpecterOps, one of our core principles was to build a company which brought unique insight into high-capability adversary…  ( 7 min )

Kristin Del Rosso & Madeleine Devost explore the growing trend of foreign ownership of farmland and its implications for national security.  ( 22 min )

Standard users can install Microsoft PowerToys without requiring administrative privileges, which may be undesirable in managed environments. However, certain tools from the PowerToys suite might be beneficial for specific users. Group Policy allows administrators to control which utilities are available. Source

zoneidentifier.exe, my tool to manage MoTW (ADS Zone.Identifier) data received a small update. A new option, -show, can be used to display the Zone.Identifier data. zoneidentifier_V0_0_2.zip (http)MD5: AD0A127384EA8C0D85CC2701B6CA7739SHA256: C1CFD764F4345ACE924F0449F89337E57A648B2D75226E467E0366A6EF22C96E  ( 11 min )

In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Simon Humbert and Guy Lederfein of the Trend Micro Research Team detail a recently patched code execution vulnerability in the Microsoft Windows Key Distribution Center (KDC) Proxy. This bug was originally discovered by k0shl and Wei in Kunlun Lab with Cyber KunLun. Successful exploitation could result in arbitrary code execution in the security context of the target service. The following is a portion of their write-up covering CVE-2024-43639, with a few minimal modifications. An integer overflow has been reported for Microsoft Windows KDC Proxy. The vulnerability is due to a missing check for Kerberos response length. A remote, unauthenticated attacker could direct KDC proxy to forward a Kerberos reques…

In this second post of a five-part series, I provide advice on how to best utilize the PEN-200 course material for a successful career in…  ( 22 min )

We have reviewed Warp's Mac and Linux versions multiple times, as it stands out as the top terminal application. The newly released Windows edition introduces AI-driven automation for PowerShell administrators. Even if you have no use for natural language automation because PowerShell is your primary language anyway, you should give Warp a try, as no terminal app can compete with it on Windows. Source

TL;DR: DNSSEC secures DNS but may unintentionally expose domain structures via NSEC/NSEC3 records, enabling zone walking to enumerate subdomains. NSEC openly lists domain names, making enumeration easy. NSEC3 hashes names, […] DNSSEC NSEC. The accidental treasure map to your subdomains first appeared on Pen Test Partners.  ( 11 min )

A blog about this month’s SANS Threat Analysis Rundown livestream, covering ransomware, the continued exploitation of old vulnerabilities, and the evolving role of AI.  ( 14 min )

ol { list-style-type: decimal } Introduction In case you are just tuning in, Doyensec has found themselves on a cruse ship touring the Mediterranean. Unwinding, hanging out with colleagues and having some fun. Part 1 covered our journey into IoT ARM exploitation, while our next blog post, coming in the next couple weeks, will cover a web target. For this episode, we attempt to exploit one of the most famous vulnerabilities ever. SSHNuke from back in 2001. Better known as the exploit used by Trinity in the movie The Matrix Reloaded. Some Quick History Back in 1998 Ariel Futoransky and Emiliano Kargieman realized SSH’s protocol was fundamentally flawed, as it was possible to inject cipher text. So a crc32 checksum was added in order to detect this attack. On February 8, 2001 Michal Zalew…  ( 10 min )

Historically, Microsoft Intune has been the primary tool for managing Windows devices in enterprises. However, it is also capable of managing Linux devices. Source

You and your team should incrementally update your threat model as your system changes, integrating threat modeling into each phase of your SDLC to create a Threat and Risk Analysis Informed Lifecycle (TRAIL). Here, we cover how to do that: how to further tailor the threat model we built, how to maintain it, when to update it as development continues, and how to make use of it.  ( 7 min )

Set up a Docker-based homelab with automation, monitoring & media tools like Plex, Sonarr & Portainer for easy management & scalability.  ( 9 min )

Content: Here is an overview of content I published in February: Blog posts: Update: strings.py Version 0.0.11 Quickpost: Electrical Power & Mining Update: Python Templates Version 0.0.12 Update: cs-decrypt-metadata.py Version?0.0.5 SANS ISC Diary entries: Crypto Wallet Scam: Not For Free Reminder: 7-Zip & MoW Wireshark 4.4.4 Released  ( 11 min )

It is a sad IT fact, but employees install pirated/dodgy software on regular basis and download&execute whatever they want. There is no way to stop them… other than implementing a very strict software installation/program execution policy. Which obviously always ricochets … Continue reading →  ( 5 min )

In this post, I introduce an AI-powered Azure Function that connects to the Azure OpenAI API. This Function allows you to execute queries in natural language to fetch Azure resource information without requiring a deep knowledge of the Azure Resource Graph Query Language (KQL). Source

In today’s rapidly evolving industrial landscape, securing Operational Technology (OT) is more critical than ever due to increased connectivity and sophisticated cyber threats. Throughout this blog post series, we will dive into the world of Operational Technology Security. This edition of the series focuses on how Red Team assessments can assist companies in identifying and … Continue reading Attack and Defense in OT: Enhancing Cyber Resilience in Industrial Systems with Red Team Operations →  ( 17 min )

In this blog, we’ll talk about our threat modeling process, TRAIL, which stands for Threat and Risk Analysis Informed Lifecycle. TRAIL enables us to trace and document the impact of flawed trust assumptions and insecure design decisions throughout each client’s system architecture and SDLC. Over time, multiple application security experts have refined TRAIL to provide maximal value for our clients and to minimize the effort required to update the threat model as the system changes.  ( 8 min )

Windows Server 2025 offers multiple options for running Docker containers, supporting both Linux and Windows. Users can choose between two isolation modes for Windows containers, while Linux containers can optionally run on WSL 2. Additionally, Server 2025 improves backward compatibility. Source

ol { list-style-type: decimal } Introduction In case you are just tuning in, Doyensec has found themselves on a cruse ship touring the Mediterranean. Unwinding, hanging out with colleagues and having some fun. Part 1 covered our journey into IoT ARM exploitation, while our next blog post, coming in the next couple weeks, will cover a web target. For this episode, we attempt to exploit one of the most famous vulnerabilities ever. SSHNuke from back in 2001. Better known as the exploit used by Trinity in the movie The Matrix Reloaded. Some Quick History Back in 1998 Ariel Futoransky and Emiliano Kargieman realized SSH’s protocol was fundamentally flawed, as it was possible to inject cipher text. So a crc32 checksum was added in order to detect this attack. On February 8, 2001 Michal Zalew…  ( 10 min )

When I first watched Anthropic's demo of Claude Code, I was thrilled because I believed this tool could be a valuable asset as an AI-driven CLI assistant akin to Warp's AI agent. After all, who even codes in a terminal anymore? Source

TL;DR Rockchip has a structured sequence of bootloaders. Using various plugs can allow access to the MCU’s RAM and storage. There are many utilities to allow reading of information from […] A dive into the Rockchip Bootloader first appeared on Pen Test Partners.  ( 10 min )

A blog providing tips on how to get your presentation seleccted for the 2025 SANS Security Awareness Summit.  ( 12 min )

No content preview  ( 7 min )

In today’s rapidly evolving digital landscape, securing web applications at scale is a challenge, even for the most well-resourced organizations. Large enterprises operate thousands of applications an  ( 4 min )

Pulseway, a Remote Monitoring and Management (RMM) solution, has recently released new updates, including Single Sign-On (SSO), upgraded features for security, remote control, automation, and mobile device management (MDM). Source

No content preview  ( 7 min )

Latest Ghostwriter campaign brings Belarusian opposition into its sights for the first time as it continues weaponizing XLS docs to drop malware.  ( 30 min )

In this blog, we’ll talk about one of our most popular, but rarely published report types and how adding threat modeling to your organization can save you from becoming the next billion-dollar headline.  ( 6 min )

Today I got an updated version of DeXRAY from TheMythologist. He was kind enough to add code to support Fortinet quarantine files (using the maldump guys’ research as a base). Thanks to TheMythologist and maldump researchers! Download the latest version … Continue reading →  ( 2 min )

If you just want to read the contest rules, click here. Willkommen, meine Damen und Herren, zu unserem ersten Wettbewerb in Berlin! That’s correct (if Google translate didn’t steer me wrong). While the Pwn2Own competition started in Vancouver in 2007, we always want to ensure we are reaching the right people with our choice of venue. Over the last few years, the OffensiveCon conference in Berlin has emerged as one of the best offensive-focused events of the year. And while CanSecWest has been a great host over the years, it became apparent that perhaps it was time to relocate our spring event to a new home. With that, we are happy to announce that the enterprise-focused Pwn2Own event will take place on May 15-17, 2025, at the OffensiveCon conference in Berlin, Germany. While this event is …

Authentication policies in Active Directory support access rules that allow restricting user logins to specific computers. Rather than statically assigning individual computers to a policy, you can define custom claim types that include or exclude computers based on specific characteristics. Source

Bishop Fox researchers successfully reverse-engineered the encryption protecting SonicWall SonicOSX firmware, gaining access to the underlying file system.  ( 15 min )

SANS Cybersecurity Blog pertaining to a summary of the SANS OSINT Summit 2025  ( 9 min )

I like to demo this little windows executable to everyone who thinks they are doing the reverse engineering bit right, by using available automated static and dynamic analysis tools, and trusting them blindly. The sample is a PE32 that is … Continue reading →  ( 3 min )

Collecting ‘good’ samples helps to discover a lot interesting patterns. In my old post I focused on the PDB paths extracted from the DriverPack driver collection, yesterday I touched on the list of ‘file names associated with good known kernel … Continue reading →  ( 3 min )

Every once in a while we all contemplate solving interesting yet kinda abstract threat hunting problems. This post describes one of these… The problem: Given a relatively long number of strings, how do you write a regular expression that covers … Continue reading →  ( 3 min )

The ‘follow the Sun’ model is dead. No more IOC sharing. Gone are the days where we openly pass valuable information to our peers, partners, friends and sometimes even frenemies. Oh, and did I mention our global coworkers? We don’t … Continue reading →  ( 2 min )

Canonical has launched a tar-based Ubuntu distribution, coinciding with a WSL update that supports such distributionsfrom version 2.4.4 onward. This new format streamlines deployment by permitting direct installations from tar files, provides enterprise-grade control via self-hosted image management, and allows advanced customization with native cloud-init support. However, to ensure optimal performance, the new Ubuntu version requires Windows Subsystem for Linux (WSL) 2.4.8 or later. Source

Data leak reveals how a top tier cybersecurity vendor helps the PRC enforce content monitoring and manipulation of public opinion in China.  ( 32 min )

The aviation industry realised some time ago that taking a standard approach to the cyber security of its products was needed and that this was a specialist discipline. A family […] Pen testing avionics under ED-203a first appeared on Pen Test Partners.  ( 7 min )

We developed a simple CodeQL query to find denial-of-service (DoS) vulnerabilities in several high-profile Java projects.  ( 4 min )

The $1.5B Bybit Hack demonstrates how the Era of Operational Security Failures has arrived, and most cryptocurrency companies are not prepared for its implications.  ( 5 min )

A blog about the 20th anniversary of the SANS Industrial Control Systems (ICS) Summit  ( 17 min )

Each Windows edition comes with pre-installed third-party apps, such as Spotify and Netflix. Regrettably, this roster continues to grow with each update. Moreover, the many default configurations for privacy, telemetry, and other Microsoft services, such as Copilot, are not advantageous for Windows users. WinScript is an open-source utility that is available in installable and portable formats for optimizing Windows. It provides privacy, telemetry, and performance settings and allows you to debloat Windows 11. Source

During red team operations, stealth is a critical component. We spend a great deal of time ensuring our payloads will evade any endpoint…  ( 24 min )

Have you ever wondered how many vulnerabilities you've missed by a hair's breadth, due to a single flawed choice? We've just released Shadow Repeater, which enhances your manual testing with AI-powere  ( 5 min )

A few weeks back, I reviewed the new AI features of Warp, the best terminal app out there. Now, Warp has taken the next step, transforming the terminal into a fully autonomous AI agent. Source

SANS has a massive list of Cheat Sheets available for quick reference to aid you in your cybersecurity training.  ( 11 min )

By default, Active Directory imposes limited restrictions on the protocols or devices a user or service can use to log in. You can implement authentication policies and enforce specific limitations and restrictions to enhance login security. Active Directory offers several methods to disable outdated protocols, such as NTLMv1, or to restrict user logins to particular workstations. This can be achieved through various Group Policy settings, and the Protected Users group automatically enforces a set of security restrictions. Source

TL;DR Poorly protected authentication requests from privileged automated tasks (e.g. vulnerability scanners, health checks) could be intercepted by rogue authentication servers planted in the internal network. Weak authentication methods, overly […] Watch where you point that cred! Part 1 first appeared on Pen Test Partners.  ( 11 min )

A blog about the updated SANS SEC488: Cloud Security Essentials course  ( 11 min )

ChatGPT Operator is a research preview agent from OpenAI that lets ChatGPT use a web browser. It uses vision and reasoning abilities to complete tasks like researching topics, booking travel, ordering groceries, or as this post will show, steal your data! Currently, it’s only available for ChatGPT Pro users. I decided to invest $200 for one month to try it out. Risks and Threats OpenAI highlights three risk categories in their Operator System Card:  ( 8 min )

In my previous post, I detailed the process of importing open-source models, such as DeepSeek R1 from Hugging Face, into Amazon Bedrock, a fully managed service offered by AWS that gives users access to foundational models from top AI firms and Amazon. This post will explain how to access the AI models through the Bedrock API from third-party apps like VS Code or Cursor. Specifically, when using AI models like Claude Sonnet 3.5 for coding, accessing it through Amazon Bedrock offers enhanced security compared to Anthropic or model hub APIs such as OpenRouter. Source

A blog about strategies in the SANS Maturity Model eBook to strengthen leadership support  ( 13 min )

In this blog, we are excited to announce our white paper on Return on Mitigation (RoM), a framework we designed to quantify the financial impact of security programs in a way that speaks to business leaders.  ( 6 min )

At Snap, security is more than a priority—it’s a core mission. Over the past decade, Snap has partnered with HackerOne to build and sustain a robust bug bounty program. This collaboration has led to major milestones, including paying security researchers over $1M in bounties. To celebrate this achievement and their 10-year partnership, we spoke with Jim Higgins, Snap's Chief Information Security Officer, Vinay Prabhushankar, Snap’s Security Engineering Manager, and Ilana Arbisser, Snap’s Privacy Engineer.

No content preview  ( 4 min )

What if your security program could self-optimize: analyze trends, identify weak points, and proactively propose actionable steps to strengthen defenses? With HackerOne Recommendations, it can.  ( 5 min )

What are Hackbots and how are they impacting vulnerability discovery and the researcher community?  ( 6 min )

The new DORA regulation: everything your organization needs to know about its impact and how to comply.  ( 5 min )

We’re excited to announce that all of NCC Group’s latest research findings and articles are now hosted on our website at the following link: NCC Group Research Blog. (https://www.nccgroup.com/us/research-blog/) To stay up-to-date with our latest research, you can also subscribe to our RSS feed here: NCC Group Research Blog RSS Feed. (https://www.nccgroup.com/us/research-blog/feed/) Be sure to […]  ( 63 min )

The term “special relationship,” coined by Winston Churchill, describes the close, longstanding alliance between the United States and the United Kingdom. It has been applied to cooperation during war, to trade and commerce, and even to intelligence sharing. That special relationship has clearly influenced the two nations’ recent policy papers on national cybersecurity. The U.K. […] The post Protecting Critical Infrastructure: A Tale of Two National Cybersecurity Strategies appeared first on Synack.  ( 7 min )

Scoping Adventures is a series of blogs about some of the more interesting penetration tests that the Synack Customer Success teams have worked on over the last few months. Each blog outlines how we engage with the client to achieve the best results from a pentest. Pentesters love colors—red, blue, purple, black, white and grey […] The post Scoping Adventures: How to Get the Most Out of Your Synack Pentesting appeared first on Synack.  ( 11 min )

The Synack Platform & Five Pillars of Strategic Pentesting Why You Need to Think Strategically It’s no great revelation that tactics, techniques, and procedures utilized by nefarious hackers hacking activities are evolving on a daily basis. In 2022, 18,828 common vulnerabilities and exposures (CVEs) were published. At the same time, organization attack surfaces are expanding. […] The post Applying Strategic Thinking in Your Pentesting Program appeared first on Synack.  ( 7 min )

One week ago, the Biden administration unveiled its long-awaited U.S. National Cybersecurity Strategy, with an eye toward centralizing government cyber resources and holding IT vendors more accountable for their digital defenses. Now that the ink is dry on the 35-page document, top officials like Acting National Cyber Director Kemba Walden are busy putting it into […] The post The U.S. has a new cybersecurity strategy. What’s next for CISOs? appeared first on Synack.  ( 7 min )