Labs

Medium

Bypass

Privilege Escalation

Sysmon, Windows

RedSun: Turning Microsoft Defender into a Path to SYSTEM-Level Privilege Escalation

Developed by Nightmare-Eclipse, the same researcher of BlueHammer, RedSun is an unpatched local privilege escalation zero-day. It weaponizes Microsoft Defender’s […]

Learn more

Medium

Bypass

Privilege Escalation

EDR, Sysmon, Windows

BlueHammer windows Zero-Day

On April 3rd, 2026 a security researcher operating under the alias "Chaotic Eclipse" dropped a fully functional Windows local privilege […]

Learn more

Medium

Bypass

Defense Evasion

EDR, Sysmon, Windows

Weaponizing Windows Toast Notifications: Abuse of ToastNotify.exe for Phishing and Credential Coercion

In the evolving landscape of Windows credential harvesting, the ToastNotify impersonation attack stands out as a masterclass in abusing native […]

Learn more

Medium

APT, Campaign, Malware

Defense Evasion, Execution

EDR, Sysmon, Windows

SplitDrop: Inside the Iran-linked APT group Dust Specter campaign

SplitDrop exposes how alleged Iran-linked group Dust Specter abused DLL sideloading to advance execution and evade security controls mantaining persistence, […]

Learn more

Medium

Campaign, LOLBin

Defense Evasion

EDR, Sysmon, Windows

NTDS.dit Dumping via Print Spooler Abuse

In early 2026, threat actors exploited vulnerabilities in SolarWinds Web Help Desk, including CVE-2025-40551 and CVE-2025-40536, to gain initial access […]

Learn more

Medium

Campaign, CyberCrime, Malware

Persistence

EDR, Sysmon, Windows

Rhysida’s OysterLoader: Multi-Stage Fake Installer Campaign

The Rhysida ransomware group leverages search engine malvertising and code-signed fake installers to distribute OysterLoader, a multi-stage C++ backdoor. It […]

Learn more

Medium

Bypass, CVE

Defense Evasion

Linux, Sysmon

Telnet cve-2026-24061

Telnet is a legacy network protocol for remote command-line access over TCP/IP, but it's insecure due to unencrypted traffic. The […]

Learn more

Medium

Campaign, LOLBin, Malware

Defense Evasion

Network, Windows

PureLog Stealer distributed via trojanized TaskScheduler targets Italy

A sophisticated phishing campaign targets manufacturing/government sectors in Italy, Finland, and Saudi Arabia via trojanized TaskScheduler loader. It abuses RegAsm.exe […]

Learn more

Medium

Campaign, Malware

Defense Evasion

EDR, Sysmon, Windows

Matanbuchus 3.0: Advanced C++ Loader Evolving MaaS

Matanbuchus 3.0 is a C++-based Malware-as-a-Service loader that represents a major evolutionary step from earlier Matanbuchus branches. First observed as […]

Learn more

Medium

APT, Campaign, Malware

Persistence

EDR

Fancy Bear's NotDoor: Hijacking Outlook for NATO Espionage via OneDrive Side-Loading

The Russian-linked Fancy Bear (aka APT28) has unleashed NotDoor, a high-stakes espionage campaign targeting NATO member countries. By side-loading through […]

Learn more