A Survey of Agentic AI and Cybersecurity: Challenges, Opportunities and Use-Case Prototypes

Agentic AI marks an important transition from single-step generative models to systems capable of reasoning, planning, acting, and adapting over long-lasting tasks. By integrating memory, tool use, and iterative decision cycles, these systems enable continuous, autonomous workflows in real-world...

MITRE ATT&CK 2024 Results for Enterprise Security

Enterprise 2024 will incorporate multiple, smaller emulations for a more nuanced and targeted evaluation of defensive capabilities. We’re excited to offer two distinct adversary focus areas: Ransomware targeting Windows and Linux, and the Democratic People's Republic of Korea's targeting macOS...

Design/Logic Flaw

An issue was discovered in WatchGuard EPDR 8.0.21.0002. It is possible to bypass the defensive capabilities by adding a registry key as SYSTEM...

CVE-2023-26238

An issue was discovered in WatchGuard EPDR 8.0.21.0002. It is possible to enable or disable defensive capabilities by sending a crafted message to a named pipe...

PT-2023-20555 · Watchguard · Watchguard Epdr

Name of the Vulnerable Software and Affected Versions: WatchGuard EPDR version 8.0.21.0002 Description: An issue was discovered that allows enabling or disabling defensive capabilities by sending a crafted message to a named pipe. Recommendations: For WatchGuard EPDR version 8.0.21.0002, as a...

CVE-2023-26237

An issue was discovered in WatchGuard EPDR 8.0.21.0002. It is possible to bypass the defensive capabilities by adding a registry key as SYSTEM...

Atomic-Operator - A Python Package Is Used To Execute Atomic Red Team Tests (Atomics) Across Multiple Operating System Environments

This python package is used to execute Atomic Red Team tests Atomics across multiple operating system environments. What's new? Why? atomic-operator enables security professionals to test their detection and defensive capabilities against prescribed techniques defined within atomic-red-team. By...

RogueAssemblyHunter - Rogue Assembly Hunter Is A Utility For Discovering 'Interesting' .NET CLR Modules In Running Processes

Rogue Assembly Hunter is a utility for discovering 'interesting' .NET CLR modules in running processes. Author: @bohops License: MIT Project: https://github.com/bohops/RogueAssemblyHunter Background .NET is a very powerful and capable development platform and runtime framework for building and...

SilkETW: Because Free Telemetry is … Free!

Over time people have had an on-again, off-again interest in Event Tracing for Windows ETW. ETW, first introduced in Windows 2000, is a lightweight Kernel level tracing facility that was originally intended for debugging, diagnostics and performance. Gradually, however, defenders realized that ET...

Clarke: Public Dialogue Needed on Cyberwar

Richard Clarke, a former top adviser on information security and terrorism in the Bush White House, is calling for Barack Obama to initiate an open public dialogue on the use of offensive and defensive information warfare capabilities and what the consequences of a cyberwar could be for the...