There's a real thought that's been sitting in the back of my head for a while now, and I keep coming back to it. Jason Lang shared his Real Human Concerns In The Age of AI on X recently that crystallised it - the worry that…
Earlier this year, I was playing around with a personal project consisting of an LLM-based framework for malware development when I hit a critical roadblock: how do you programmatically deploy and test the malware without manual GUI interaction? Anyone that has written malware knows how much of an iterative process…
You've probably seen all the tweets, heard the wild DEFCON tales, and finally decided you’re going. Cool, but let’s get real for a second. Vegas isn't exactly the sleek Hollywood glam you see in movies.…
In the field, you need tools that do exactly what they say without the fluff. Safe Harbor is one of those tools - a BOF to help operators quickly identify processes that are convenient for covert operations. It serves two purposes: one, to locate "safe" processes during post-exploitation,…
After Akamai’s publication of BadSuccessor, I set out to research and reproduce the exploit. In this post I cover: an overview of the vulnerability as disclosed by Akamai researcher Yuval Gordon; how I stood up a Windows Server 2025 DC in my existing GOAD domain lab ; my .NET-based proof-of-concept…