The creator of Cobalt Strike left the industry in 2021, came back, and is now publishing everything he knows about evasion tradecraft openly and for free.
Tradecraft Garden separates evasion tradecraft from capability. Crystal Palace is the linker that makes it work: position-independent code, binary transformation, code and register randomization, link-time hooking, YARA rule generation from invariant instructions, and a PICO convention for reusable tradecraft modules.
The community built an entire ecosystem on top of it. Crystal Kit for Cobalt Strike, Sliver, Mythic, and Adaptix. Reflective loaders, call stack spoofing, sleep masking, module overloading. Offense and defense both benefit because every technique is published as a testable ground truth.
If you work in red teaming, detection engineering, or EDR evaluation, this is required reading.
TTPs: https://t.co/A4O6Tuh58M
Blog: https://t.co/4jb7cRpcA9
His original Red Team Ops with Cobalt Strike series is also still on YouTube. 9 parts covering the full red team operations workflow. Free. From the person who built the tool. Red Team Ops with Cobalt Strike - Operations (1 of 9): https://t.co/Jd28yWuaYs
Author: Raphael Mudge
#BlueTeam #InfoSec #RedTeam
A 27B Uncensored model that built for specifically for offensive security tooling (need 12 GB)
- Fine-tuned on real bug bounty reports & CVEs
- Generates complete, ready-to-run Nuclei templates, Full CVE PoC script, Webshell upload bypass, and exploits, code reviews
- Zero refusals. Full artifacts every time.
trained with 2,541 of real bug bounty & offensive security reports.
Q6_K quant (21GB) for maximum quality on server-grade GPUs.
heavener: This is what happens when you can't afford EDR licenses by otter.
TLDR; A modular engine that runs real vendor detection logic from reverse-engineered EDR components against live or replayed Windows telemetry.
Blog:- https://t.co/onZFaO23AR
#edr#detection
Most people learn security research by reading finished writeups. This one shows the actual process.
The messy, organic, step-by-step reality of reversing an unknown Windows mitigation from scratch. WinDbg. IDA. Hex Rays. Guard page violations. Trap flags. Zero prior knowledge of the target.
If you want to learn how to actually approach unknown Windows internals, start here.
https://t.co/Xq8xbSnG75
Author: @yarden_shafir
#ReverseEngineering #WindowsInternals #InfoSec
usbsnoop — sniff and decode USB device traffic system-wide with eBPF, for reversing proprietary protocols (control/SCSI/HID, no bus analyzer) https://t.co/gGDPHlR6gE
Making progress with an autonomous local Pentest LLM pipeline - using Qwen3 27b it's finding and verifying real vulnerabilities and creating a full report including Management-Summary already for us. 🧐 Better than many web vulnerability scanners as it even found e.G. IDOR.
My personal #defcon33 highlights:
Better tools for GPO exploitation: https://t.co/ZR1DT7LWOo
Critical vulns in Zscaler and Netskope: https://t.co/FaHFNdyPLL
Phishing on official Microsoft login: https://t.co/P0kwW8GFkD
SSH vulnerabilities: https://t.co/g3YOZfNKuo