7 articles
GreatXML is a public BitLocker-bypass PoC claim involving WinRE, Defender Offline Scan state, and unattend.xml. The defensive lesson is bigger than one repository: recovery environments are security boundaries.
RoguePlanet is the latest public Nightmare Eclipse proof-of-concept targeting Microsoft Defender. The code points to a race condition that turns Defender cleanup behavior into SYSTEM execution.
A researcher discovered a zero-day that bypasses BitLocker encryption on Windows 11 using a USB stick and the recovery environment — and suspects the component may be intentional. CVE-2026-45585, CVSS 6.8. Microsoft released an official mitigation on May 21, 2026.
AutoHotkey isn't just for productivity scripts — attackers use it as a stealthy malware loader. Learn how AHK-based campaigns work and how to detect them.
BYOVD (Bring Your Own Vulnerable Driver) lets attackers reach the Windows kernel using signed, legitimate drivers — and then silently kill your EDR before ransomware drops.
A practical workflow for the first 10 minutes after a suspected breach — commands with explanations for Linux and Windows triage, red flags, and when to escalate.
A practical guide to Windows Event Log analysis for blue teams — key Event IDs, PowerShell automation, cross-version differences, and structured exports for SIEM tools.