This article demonstrates how attackers bypass AppLocker and Windows Defender Application Control (WDAC) by abusing trusted binaries, living-off-the-land techniques, in-memory payloads, and tunneling tools such as Ligolo-NG. It outlines preparing Ligolo and a reflective loader, converting payloads to shellcode with Donut, hosting artifacts, and executing them via trusted binaries (InstallUtil, MSBuild) or PowerShell memory injection to establish a Ligolo reverse TLS tunnel and bypass Constrained Language Mode. #AppLocker #WDAC #LigoloNG #MSBuild
Category: Interesting Stuff
This article walks through a CloudGoat ec2_ssrf lab that demonstrates how an attacker can exploit a Server-Side Request Forgery (SSRF) in an EC2-hosted web application to access the AWS Instance Metadata Service and steal IAM credentials. The step-by-step walkthrough covers lab setup, enumeration of Lambda, EC2, and S3, credential pivoting to escalate privileges, and recommendations such as enforcing IMDSv2 and least-privilege IAM to mitigate the risk. #CloudGoat #SSRF
Most organizations believe backups and DR plans make them resilient, but ransomware actors routinely target and compromise backup systems so recovery often fails when it matters most. True resilience requires immutable, isolated backups, integrated security and recovery automation, and routine testing to ensure fast, reliable restoration under attack conditions. #Acronis #ActiveDirectory
Anthropic released Claude Opus 4.7 with Mythos-derived cyber guardrails, including deliberate training suppression of cyber capabilities and an inference-time classifier that auto-blocks high-risk prompts, creating a new alignment layer and fresh attack surface. The write-up maps five jailbreak families, the mature tooling bounty hunters use (PyRIT, Garak, Promptfoo), and the red team mindset needed to convert classifier close-calls into reproducible bounties. #Anthropic #ClaudeOpus4.7
Continuous Threat Exposure Management (CTEM) only delivers real risk reduction when structured threat intelligence is used to prioritize exposures by asset criticality, exploitability, and adversary relevance. Integrating OpenCTI and OpenAEV within Filigran’s XTM enables intelligence-driven prioritization, continuous adversary-aligned validation, and evidence-based remediation to close the gap between knowing about threats and proving you can stop them. #Filigran #OpenCTI
This briefing condenses April 2026 policy and risk developments across the EU, UK, and US, including the EDPB’s common DPIA template and Europrivacy certification, the EU age‑verification app, CNIL guidance on email tracking pixels, Latvia’s PNR retention rules, HHS/OCR HIPAA Security guidance, and PCLOB’s Section 702 report. It also underscores growing AI risks flagged by Stanford HAI and the UK government—highlighting foundation model privacy gaps and rapidly advancing offensive capabilities exemplified by Anthropic’s Mythos model—while pointing to practical compliance steps for controllers, processors, and covered entities. #EDPB #Europrivacy #AnthropicMythos #CNIL
AI models are rapidly surpassing most humans at technical tasks, enabling attackers and defenders to leverage machine-scale skill and speed in cybersecurity. Anthropic’s Claude Mythos discovered thousands of previously unknown vulnerabilities across major operating systems and browsers, underscoring an urgent need for radical adaptation (source: Stanford AI Index 2026). #ClaudeMythos #StanfordUniversity
Breaking into cybersecurity is difficult because most “entry-level” roles actually expect prior IT experience, systems and network knowledge, and some real-world exposure. The solution is a focused strategy: pick a specific role and build practical evidence of capability instead of endlessly collecting certifications. #JuniorSOCAnalyst #EntryLevelSecurityEngineer
This article provides a step-by-step walkthrough to build a lab Active Directory environment in VMware Workstation Pro 17, from creating a Windows Server 2019 VM to promoting it as a Domain Controller for the ignite.local domain and joining a Windows 10 client. It also configures AD CS, creates domain users with intentional privilege assignments, and disables Defender/firewall for an isolated penetration-testing lab environment (do not apply these settings in production). #ignite_local #WindowsServer2019
This article walks through multiple real-world techniques to remotely enable RDP on a Windows Server 2019 Domain Controller (DC.ignite.local) and demonstrates connecting to it from Kali Linux using rdesktop, xfreerdp3, and Remmina. It covers seven exploitation methods — NetExec, Pass-the-Hash wmiexec, Impacket utilities, Evil-WinRM, Samba net rpc, and a Metasploit post module — and provides targeted mitigation and detection guidance. #DCignite_local #NetExec
I had a discussion on the Full Metal Packet podcast with Yegor Sak and Alex Paguis about cybersecurity risks from global AI adoption outlined in the 2026 Cybersecurity Predictions. Attackers are rapidly leveraging AI while defenders and cybersecurity leaders struggle to keep pace, making 2026 a challenging year that requires better understanding and new defensive approaches. #FullMetalPacket #2026CybersecurityPredictions
Local open-weight models like Gemma 4, Llama 4, and Qwen 3 preserve data privacy but introduce significant supply-chain risks when weights and serialization artifacts are downloaded from public hubs. Pickle-based formats enable remote code execution, model weights can contain sleeper-agent backdoors, and operators must require safetensors, hash verification, uploader vetting, and isolated testing to mitigate those threats. #Gemma4 #HuggingFace #Safetensors #Picklescan #Anthropic #CrowdStrike
The Cybersecurity Pulse issue examines AI-driven shifts in offense and defense, spotlighting Anthropic’s Claude Mythos preview, OpenAI’s GPT-5.4-Cyber, major vendor moves, and emergent research that change vulnerability discovery dynamics. It urges organizations to adopt “Mythos-ready” practices—strong segmentation, egress filtering, phishing-resistant MFA, and RemediationOps—while tracking tooling advances from Mallory to Cloudflare; #Anthropic #ClaudeMythos
This article provides a practical, lab-oriented walkthrough of SSH tunnelling techniques—Local (-L), Dynamic (-D), Remote (-R), and GatewayPorts-enabled forwarding—to reach services bound to loopback interfaces and pivot RDP sessions. It includes step-by-step commands, configuration changes, and verification methods using Apache2, proxychains, netstat, and rdesktop so practitioners can reproduce the scenarios in authorized environments. #SSH #RDP
Biometric authentication verifies identity using unique physiological or behavioral traits but is probabilistic rather than absolute, creating trade-offs between false rejections and false acceptances. The Crossover Error Rate (CER) provides a single metric to compare systems while threshold settings determine whether False Rejection Rate (FRR) or False Acceptance Rate (FAR) is prioritized. #Biometrics #CrossoverErrorRate