anti-patterns and patterns for achieving secure generation of code via AI
https://ghuntley.com/secure-codegen/
@IRCyberGuardians
https://ghuntley.com/secure-codegen/
@IRCyberGuardians
Geoffrey Huntley
anti-patterns and patterns for achieving secure generation of code via AI
I just finished up a phone call with a "stealth startup" that was pitching an idea that agents could generate code securely via an MCP server. Needless to say, the phone call did not go well. What follows is a recap of the conversation where I just shot down…
Leveraging Raw Disk Reads to Bypass EDR https://medium.com/workday-engineering/leveraging-raw-disk-reads-to-bypass-edr-f145838b0e6d
@IRCyberGuardians
@IRCyberGuardians
Medium
Leveraging Raw Disk Reads to Bypass EDR
Drivers are a common part of every Windows environment, and many of them provide low-level functionality. This blog details how to connect…
Stealthy Persistence With Non-Existent Executable File https://www.zerosalarium.com/2025/09/Stealthy-Persistence-With-Non-Existent-Executable-File.html
@IRCyberGuardians
@IRCyberGuardians
Zerosalarium
Stealthy Persistence With Non-Existent Executable File
Exploiting the mechanism that automatically searches for additional executable files when Windows detects that the requested file does not exist
iOS/macOS Critical DNG Image Processing Memory Corruption Exploitation https://pwn.guide/free/hardware/cve202543300
@IRCyberGuardians
@IRCyberGuardians
Beacon Object File (BOF) to kill a process by specifying its PID https://tierzerosecurity.co.nz/2025/09/08/killerPID-BOF.html
@IRCyberGuardians
@IRCyberGuardians
Tier Zero Security
Information Security Services. Offensive Security, Penetration Testing, Mobile and Application, Purple Team, Red Team
Break The Protective Shell Of Windows Defender With The Folder Redirect Technique https://www.zerosalarium.com/2025/09/Break-Protective-Shell-Windows-Defender-Folder-Redirect-Technique-Symlink.html
@IRCyberGuardians
@IRCyberGuardians
Zerosalarium
Break The Protective Shell Of Windows Defender With The Folder Redirect Technique
Exploiting vulnerability in the update mechanism of Windows Defender by using a symbolic link folder. Destroying or injecting code into Defender
You Already Have Our Personal Data, Take Our Phone Calls Too (FreePBX CVE-2025-57819) https://labs.watchtowr.com/you-already-have-our-personal-data-take-our-phone-calls-too-freepbx-cve-2025-57819/
@IRCyberGuardians
@IRCyberGuardians
watchTowr Labs
You Already Have Our Personal Data, Take Our Phone Calls Too (FreePBX CVE-2025-57819)
We’re back - it’s a day, in a month, in a year - and once again, something has happened.
In this week’s episode of “the Internet is made of string and there is literally no evidence to suggest otherwise”, we present even further evidence that as a
In this week’s episode of “the Internet is made of string and there is literally no evidence to suggest otherwise”, we present even further evidence that as a
Blind Enumeration of gRPC Services https://www.adversis.io/blogs/blind-enumeration-of-grpc-services
@IRCyberGuardians
@IRCyberGuardians
www.adversis.io
Blind Enumeration of gRPC Services
When you're handed an SDK with no documentation and told "the backend is secure because it's proprietary," grpc-scan helps prove otherwise
Do Smart People Ever Say They’re Smart? (SmarterTools SmarterMail Pre-Auth RCE CVE-2025-52691)
https://labs.watchtowr.com/do-smart-people-ever-say-theyre-smart-smartertools-smartermail-pre-auth-rce-cve-2025-52691/
@IRCyberGuardians
https://labs.watchtowr.com/do-smart-people-ever-say-theyre-smart-smartertools-smartermail-pre-auth-rce-cve-2025-52691/
@IRCyberGuardians
watchTowr Labs
Do Smart People Ever Say They’re Smart? (SmarterTools SmarterMail Pre-Auth RCE CVE-2025-52691)
Welcome to 2026!
While we are all waiting for the scheduled SSLVPN ITW exploitation programming that occurs every January, we’re back from Christmas and idle hands, idle minds, yada yada.
In December, we were alerted to a vulnerability in SmarterTools’…
While we are all waiting for the scheduled SSLVPN ITW exploitation programming that occurs every January, we’re back from Christmas and idle hands, idle minds, yada yada.
In December, we were alerted to a vulnerability in SmarterTools’…
Starlink Terminal GPS Spoofing/Jamming Detection in 2026
https://github.com/narimangharib/starlink-iran-gps-spoofing/blob/main/starlink-iran.md
@IRCyberGuardians
https://github.com/narimangharib/starlink-iran-gps-spoofing/blob/main/starlink-iran.md
@IRCyberGuardians
GitHub
starlink-iran-gps-spoofing/starlink-iran.md at main · narimangharib/starlink-iran-gps-spoofing
Technical analysis of Starlink terminal telemetry showing GPS spoofing detection during Iran's January 2026 internet shutdown - narimangharib/starlink-iran-gps-spoofing
OWASP Cheat Sheet Series:
AI Agent Security Cheat Sheet
Secure AI/ML Model Ops Cheat Sheet
LLM Prompt Injection Prevention Cheat Sheet
See also:
All [100+] OWASP Security Cheat Sheets
@IRCyberGuardians
AI Agent Security Cheat Sheet
Secure AI/ML Model Ops Cheat Sheet
LLM Prompt Injection Prevention Cheat Sheet
See also:
All [100+] OWASP Security Cheat Sheets
@IRCyberGuardians
GitHub
CheatSheetSeries/cheatsheets/AI_Agent_Security_Cheat_Sheet.md at master · OWASP/CheatSheetSeries
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics. - OWASP/CheatSheetSeries
Hardening_App_Depl_Kubernetes.pdf
1013.6 KB
"Hardening Application Deployment in Kubernetes", 2025.
See also:
Kubernetes RCE Via Nodes/Proxy GET Permission
@IRCyberGuardians
See also:
Kubernetes RCE Via Nodes/Proxy GET Permission
@IRCyberGuardians
This media is not supported in your browser
VIEW IN TELEGRAM
Eden
UDRL loader for Cobalt Strike built with Crystal Palace that combines Raphael Mudge's page streaming technique with a modular call gate (currently a PIC version of the Sleepmask-VS Draugr callgate BOF).
Blog: https://www.cobaltstrike.com/blog/playing-in-the-tradecraft-garden-of-beacon
@IRCyberGuardians
UDRL loader for Cobalt Strike built with Crystal Palace that combines Raphael Mudge's page streaming technique with a modular call gate (currently a PIC version of the Sleepmask-VS Draugr callgate BOF).
Blog: https://www.cobaltstrike.com/blog/playing-in-the-tradecraft-garden-of-beacon
@IRCyberGuardians
This media is not supported in your browser
VIEW IN TELEGRAM
Lnk-it-up
Project for generating and identifying deceptive LNK files.
Blog post: Trust Me, I'm A Shortcut.
Windows’ primary mechanism for shortcuts, LNK files, is frequently abused by threat actors for payload delivery and persistence. This blog post introduces several new LNK file flaws that, amongst other things, allow attackers to fully spoof an LNK’s target and hide any command-line arguments provided.
@IRCyberGuardians
Project for generating and identifying deceptive LNK files.
Blog post: Trust Me, I'm A Shortcut.
Windows’ primary mechanism for shortcuts, LNK files, is frequently abused by threat actors for payload delivery and persistence. This blog post introduces several new LNK file flaws that, amongst other things, allow attackers to fully spoof an LNK’s target and hide any command-line arguments provided.
@IRCyberGuardians
STProcessMonitorBYOVD
One more BYOVD. STProcessMonitor driver is not in Windows vulnerable driver blocklist and allows to terminate AV / EDR processes.
Blog: https://bbs.kafan.cn/thread-2288675-1-1.html
@IRCyberGuardians
One more BYOVD. STProcessMonitor driver is not in Windows vulnerable driver blocklist and allows to terminate AV / EDR processes.
Blog: https://bbs.kafan.cn/thread-2288675-1-1.html
@IRCyberGuardians
Rustbof
This project enables the development of BOFs using Rust with full no_stdsupport. It leverages Rust's safety features and modern tooling while producing small, efficient COFF objects.
The framework provides everything needed for BOF development. The build process compiles your code to a static library, which boflink then links into a COFF object with proper relocations and imports for Beacon's dynamic function resolution.
@IRCyberGuardians
This project enables the development of BOFs using Rust with full no_stdsupport. It leverages Rust's safety features and modern tooling while producing small, efficient COFF objects.
The framework provides everything needed for BOF development. The build process compiles your code to a static library, which boflink then links into a COFF object with proper relocations and imports for Beacon's dynamic function resolution.
@IRCyberGuardians
360WFP_Exploit
BYOVD: Use 360 Security WFP driver (360netmon_x64_wfp.sys) to block EDR/XDR network connection.
@IRCyberGuardians
BYOVD: Use 360 Security WFP driver (360netmon_x64_wfp.sys) to block EDR/XDR network connection.
@IRCyberGuardians