SILENTCHAIN AI
AI vulnerability analysis for Burp Suite
github.com/silentchaina...

GitHub - six2dez/burp-ai-agent: Burp Suite extension that adds built-in MCP tooling, AI-assisted analysis, privacy controls, passive and active scanning and more Burp Suite extension that adds built-in MCP tooling, AI-assisted analysis, privacy controls, passive and active scanning and more - six2dez/burp-ai-agent

Burp Suite extension that adds built-in MCP tooling, AI-assisted analysis, privacy controls, passive and active scanning and more

github.com/six2dez/burp...

Swarmer Tool Evading EDR With a Stealthy Modification on Windows Registry for Persistence Praetorian Inc. has publicly released Swarmer, a tool enabling low-privilege attackers to achieve stealthy Windows registry persistence by sidestepping Endpoint Detection and Response (EDR) monitoring. Deployed operationally since February 2025, Swarmer exploits mandatory user profiles and the obscure Offline Registry API to modify the NTUSER hive without triggering standard registry hooks. Traditional registry persistence via HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run keys is easily detected. EDR tools hook APIs like RegSetValue, logging, and flagging modifications. Swarmer bypasses this by leveraging mandatory user profiles, a legacy Windows feature for enterprise profile enforcement. In mandatory profiles, NTUSER.MAN overrides the standard NTUSER.DAT hive in %USERPROFILE% at login. Low-privilege users can create NTUSER.MAN by copying and renaming NTUSER.DAT. However, editing the loaded hive requires standard APIs, alerting EDR. Swarmer solves this using Offreg.dll, Microsoft’s Offline Registry Library, designed for offline hive manipulation during setup or forensics. Microsoft warns against bypassing registry security with Offreg, but Swarmer ignores this. Functions like ORCreateHive, OROpenHive, ORCreateKey, ORSetValue, and ORSaveHive allow full hive construction without Reg* API calls, evading Process Monitor, ETW, and most EDR behavioral analytics, praetorian said . Swarmer Workflow and Implementation Swarmer’s workflow is efficient: Export HKCU via  reg export  or TrustedSec’s reg_query Beacon Object File (BOF) to avoid disk artifacts. Modify the export (e.g., add Run key entries). Run Swarmer:  swarmer.exe exported.reg NTUSER.MAN  or with startup flags:  swarmer.exe --startup-key "Updater" --startup-value "C:\Path\To\payload.exe" exported.reg NTUSER.MAN . Drop NTUSER.MAN into %USERPROFILE%. For C2 implants, parse BOF output directly:  swarmer.exe --bof --startup-key "Updater" --startup-value "C:\Path\To\payload.exe" bof_output.txt NTUSER.MAN . Built in C# for P/Invoke ease and offline use, Swarmer works as an EXE or PowerShell module: text Import-Module '.\swarmer.dll' Convert-RegToHive -InputPath '.\exported.reg' -OutputPath '.\NTUSER.MAN' A workaround fixes ORCreateHive’s invalid hive output: RegLoadAppKeyW creates a base hive (non-admin), then Offreg populates it. Feature Details Platforms Windows 10/11 Privileges Low (user-level) Evasion No Reg* APIs; optional no-disk BOF Payload Types Run keys, custom registry mods Limitations and Detection Opportunities Swarmer has caveats: Caveat Impact One-shot Can’t update without admin; profile becomes mandatory, resetting user changes. Login-required Activates only on logout/login; survives reboots. HKCU-only No HKLM access. Edge cases Possible login corruption; test first. Detection includes NTUSER.MAN creation outside enterprise tools, Offreg.dll loads in non-standard processes, or profile anomalies. Payload execution at login remains visible obfuscate it. Defenders should monitor user profile directories for NTUSER.MAN, baseline Offreg usage, and profile integrity at login. Swarmer highlights Windows’ legacy cruft predating modern EDR. This disclosure arms blue teams against obscure persistence, urging scrutiny of Windows’ dusty corners. Follow us on Google News , LinkedIn , and X for daily cybersecurity updates. Contact us to feature your stories. The post Swarmer Tool Evading EDR With a Stealthy Modification on Windows Registry for Persistence appeared first on Cyber Security News .

Swarmer Tool Evading EDR With a Stealthy Modification on Windows Registry for Persistence

Solo 1 semana para #HoneyCON25. Celebramos 10 años del congreso de #ciberseguridad más familiar
Reserva tu plaza 👉 eventbrite.es/e/entradas-hon…

Programa y ponencias �� honeysec.ininfo

Gracias a @CSA y @Elastic por su patrocinio

#CyberSecurity #Hacking #HoneySec

Hacking Open Docker Registries: Pulling, Extracting, and Exploiting Images. Discovering secrets in exposed container images and leveraging misconfigurations for deeper access

Hacking Open Docker Registries: Pulling, Extracting, and Exploiting Images.

Quien nos iba a decir cuando comenzamos con #HoneySEC y #HoneyCON que llegaríamos a las 10 ediciones, pero sí. ESE MOMENTO HA LLEGADO.

#HoneyCON25 está aquí y queremos que sea muestra edición más especial, con la celebración de nuestro décimo aniversario.

📆 30, 31 oct y 1 nov.

Bypass WAF Cloudflare RXSS | Hackerone Title:Bypass WAF Cloudflare RXSS in Hackerone

infosecwriteups.com/bypass-waf-c...

CVE-2025-27110: ModSecurity Vulnerability Leaves Web Applications Exposed Understand the implications of CVE-2025-27110 on web application security and how it may allow attacks to bypass defenses.

CVE-2025-27110: ModSecurity Vulnerability Leaves Web Applications Exposed

My First Bug: How I Was Able to Bypass the WAF and Uncover a Reflected XSS Hello everyone, I’m Fares. Today, I’ll share the story of how I successfully identified a reflected XSS vulnerability within a public bug…

My First Bug: How I Was Able to Bypass the WAF and Uncover a Reflected XSS

my.weezevent.com/xi-jornadas-...

Hiding Linux Processes with Bind Mounts Lately I’ve been thinking about Stephan Berger’s recent blog post on hiding Linux processes with bind mounts. Bottom line here is that if you have an evil process you want to hide, use …

Hiding Linux Processes with Bind Mounts

GitHub - NoorQureshi/kali-linux-cheatsheet: Kali Linux Cheat Sheet for Penetration Testers Kali Linux Cheat Sheet for Penetration Testers. Contribute to NoorQureshi/kali-linux-cheatsheet development by creating an account on GitHub.

github.com/NoorQureshi/...

Si no veo ninguna imagen

He encontrado algo para ubuntu habra que tunearlo algo

Pues lo de la GPU si tienes algo de info te lo agradezco

Yo por ahora no le he dado mucha caña pero le tendre que apretar al executive

Ya nos contaras que tal

Investigadores canadienses afirman que un ajuste del kernel de Linux podría reducir el consumo de energía de los centros de datos en un 30% > potencial enorme El ajuste propuesto consta de solo 30 líneas de código y reorganiza operaciones dentro de la pila de redes de Linux, mejorando la eficiencia energética y el rendimiento.

Con solo 30 líneas de código....

Investigadores canadienses afirman que un ajuste del kernel de #Linux podría reducir el consumo de energía de los centros de datos en un 30% - www.meneame.net/go?id=4022923

Bypassing character blocklists with unicode overflows Unicode codepoint truncation - also called a Unicode overflow attack - happens when a server tries to store a Unicode character in a single byte. Because the maximum value of a byte is 255, an overflo

portswigger.net/research/byp...

/etc/init.d/bluesky start > /dev/world 2>&1 & echo "Twitter > /dev/null"

🪳Complete Bug Bounty Recon Fundamentals

🔗imshewale.medium.com/complete-bug-bounty-reco...

🔖#infosec #cybersecurity #hacking #pentesting

👤beacons.ai/cyberkid1987
👤t.me/VasileiadisAnastasis
👥t.me/infosec101

🔗en.iguru.gr/infosec
🔗en.hacks.gr/hacking-tutorials