Sleeping Through EDR: Havoc C2 Sleep Obfuscation and Why Your Beacon is Screaming
If your C2 implant isn’t doing something clever during sleep cycles, you’re already caught.
HOME-LAB Proxmox-VE
This is where I show, how is my server configured to run Proxmox-Environment
Game of Active Directory
This is the archive where you can see all the posts related to Game of Active Direcory.
Recent posts
Your Havoc Demon Is Sleeping Wrong: EDR Teams Already Know
Sleep obfuscation changed the game — but only if you stop using the defaults.
88% Bypass Rate: The Real State of EDR Evasion via Syscall Abuse in 2026
EDR hooks are dead weight. Here’s why indirect syscalls and HookChain are eating endpoint security alive — and what I learned the hard way on a real engageme...
54 EDR Killers and Counting: BYOVD Is Not a Technique, It’s an Industry
Ransomware gangs are shipping BYOVD drivers in their payloads now. Your EDR is one signed .sys file away from being a paperweight.
HomeLab Part-03 [PVE2 Networking — The NIC That Wasn’t There]
How a broken DKMS package silently killed a Realtek NIC, forced a USB adapter onto the cluster bridge, and nearly took down quorum — and what we did to fix i...
BYOVD Is Back and Meaner Than Ever: How Ransomware Gangs Are Nuking Your EDR at the Kernel Level
Bring Your Own Vulnerable Driver isn’t a novel trick — but in 2026, ransomware crews are weaponizing it at industrial scale and your EDR is the casualty.
AI Is Now Writing Your Malware: 7 LLM Attack Techniques Blue Teams Are Completely Unprepared For
Ransomware gangs are shipping AI-generated malware. LLM jailbreaks are automating exploit development. Here’s what’s actually happening — and why most defend...
The C2 Frameworks of 2026 Are Breaking Every Rule You Thought You Knew
VoidLink compiles rootkits server-side. Moonrise had zero VirusTotal detections. Karsto disguises C2 traffic as legitimate cloud calls. The new wave of comma...