Want to learn AI / LLM Security Assessment? Don't have the money for a training?
Here are 🎯SEVENTY ONE🎯 FREE LLM security labs that we have curated for you!
Like and share! (Link Below)
<3 from @arcanuminfosec
Entropia — a programming language for creating Windows Shellcode and Beacon Object Files (BOF)
"Entropia" is a compiled language designed to generate position-independent x86-64 artifacts: Windows Shellcode and BOF modules for Cobalt Strike. The tool unifies the entire workflow—from compilation and linking to OPSEC modifications—into a single chain, removing the need for third-party utilities like "Donut" or "sRDI".
Runs on Linux and macOS, producing ready-to-use Windows artifacts as output.
Features:
• Compile ".etpy" directly into Shellcode (".bin") or BOF (".x64.o") without post‑processing.
• Built‑in OPSEC options: "poly", "nop_sled", "stack_strings", "direct_syscalls", "hashed_imports" and more.
• Inline assembly and Win32 API support via "use_c".
• Local BOF runner, debugger integrated with VS Code, and Win32 type generator.
• Automatic generation of Aggressor Scripts for BOF.
Unlike "Donut" and "sRDI", which handle isolated tasks like packaging and shellcode generation, "Entropia" delivers a full-fledged programming language with a built‑in compiler and OPSEC mechanisms. The project is currently in the pre‑1.0 stage but already looks like an appealing alternative to existing tools.
Tool: https://t.co/86GXW230WY
Creator: @EntropyKit
#dbugs_tools
I built software that I needed for years: an up-to-date, feature-rich, and maintained solution for thick client testing that allows hooking and intercepting network traffic before it gets encrypted. Search and replace, process watch, and more are built-in.
https://t.co/q5EbWINvoi
#EDR Killer #2026 — Project "Silent Horizon"
Overview
Silent Horizon is a sophisticated, BYOVD (Bring Your Own Vulnerable Driver) based EDR (Endpoint Detection and Response) disabler for #Windows 11. It operates at the kernel level by loading a legitimately signed but vulnerable driver, gaining arbitrary kernel memory read/write capabilities, and surgically disabling EDR components from within kernel space — where EDR sensors cannot monitor.
Key Features
- BYOVD Kernel Access: Supports four vulnerable driver primitives for maximum compatibility
- Multi-EDR Targeting: Detects and disables 10+ major EDR products
- Comprehensive Disabling: Removes process, thread, and image load callbacks; patches ObRegisterCallbacks; unregisters ETW Threat Intelligence; patches IRP dispatch and DriverObject major functions
- Stealth Mode: Minimal output option for operational use
- Clean Cleanup: Unloads vulnerable driver and removes registry traces
- Pattern Scanning: Dynamic kernel structure discovery via code patterns
#security #hacking #0days #malware #drivers
Someone released what is basically an offline VirusTotal without burning your payload: a security researcher reverse-engineered four major EDRs (SentinelOne, Cortex XDR, CrowdStrike, and Sophos) and extracted their detection logic from on-disk agent binaries, ML models, YARA rules, and behavioral scripts.
The project rebuilds the kernel telemetry stack those products run on, including Windows process, thread, registry, and handle callbacks plus a file-system minifilter. It even reconstructs access to the ETW Threat Intelligence provider that Windows normally reserves for protected anti-malware processes. Thus, both the detection rules and the sensor layer can be replicated outside the vendor’s agent.
Hello guys،
Do you want to Bypass all production EDR ?
Read my new research to enjoy in kicking EDRs defenses.
https://t.co/Y0QMWXM9GZ
The proof-of-concept implementation is available at https://t.co/CAUeRcumK5
#Maldev
Google ha acabado con la mafia de las GPU 💀
VS Code ahora se conecta directamente a Google Colab.
→ Obtienes una GPU T4 gratuita dentro de tu editor.
→ Tus archivos locales. Su potencia de cómputo.
We often talk about EDR evasion, but what about honeypot detection. Nothing new here, but a good reminder that detecting honeypots makes a difference during red team exercises.
https://t.co/C3aKVSHg0V
I included code to get the data without a direct LDAP query.
#redteam
When WDAC blocks your implants, Electron apps become the way in.
The post walks through using Loki C2 to backdoor signed applications like Mailspring and communicate over Azure Blob Storage via HTTPS. ⬇️
https://t.co/7dWMTHrN8w
Your EDR is running. Detecting everything. Alerting on nothing.
EDRSilencer blocks all EDR outbound traffic using Windows Filtering Platform. The agent keeps running. Detections keep firing. Nothing reaches the cloud. No alerts. No telemetry. Blind.
Works against Defender, SentinelOne, CrowdStrike, Cortex XDR, Carbon Black, Elastic, Trellix, FortiEDR, ESET, TrendMicro, and more.
Additional techniques covered: WFP filters, hosts file manipulation, NRPT rules, null sinkholing, firewall rules.
If your SOC relies on cloud-based alerting and you are not monitoring for WFP filter creation, you have a problem.
https://t.co/9y586rIknx
https://t.co/egLu98X3bC
Authors: @ipurple
#DefenseEvasion #ThreatIntel #InfoSec
After “The Art of Evasion” @x33fcon I’m publishing NimSyscallPacker to the public. This is the most advanced public Packer/Loader I’m aware of:
https://t.co/ftd24bHryj
Weaponizing Windows Drivers: A Hacker's Guide for Beginners - mechanics of Bring Your Own Vulnerable Driver (BYOVD) attacks.
A post by @SecurityJoes
Source: https://t.co/v1dvBImJ6X
#maldev#malwaredevelopment#redteam#blueteam