ITSEC Newsletter
Posts
ITSEC Newsletter 2025-07-24

ITSEC Newsletter 2025-07-24

Henrik Falk
July 24, 2025

AdaptixC2 - Possibly My New Favorite Open-Source C2 Platform

As an offensive security consultant, I've had my fair share of experience with command and control frameworks. Everything from commercial products such as Cobalt Strike to open-source frameworks such as Sliver and Mythic. There are tons of options in the space, each with their own little pros and cons.

redheadsec.tech/adaptixc2-possibly-my-new-favorite-open-source-c2-platform

Red Team Tactics: Evading EDR on Linux with io_uring

In this article, I will explore the use of io_uring, a legitimate Linux kernel feature designed for high-performance asynchronous I/O, but which can be adapted to evade traditional syscall-based detection mechanisms. We will see how modern techniques can enable stealthy and silent operations, bypassing EDR and other monitoring mechanisms, and what this means for both attackers and defenders.

matheuzsecurity.github.io/hacking/evading-linux-edrs-with-io-uring

A Novel Technique for SQL Injection in PDO’s Prepared Statements

Over the weekend, the sixth edition of the DownUnderCTF capture-the-flag competition was held. I (hashkitten) contributed a single hard web challenge called ‘legendary’, which was solved by a single team. As part of the challenge, you had to exploit a seemingly impossible SQL injection, where everything was escaped correctly and PHP PDO prepared statements were used. The solution leverages a little-known technique, which I believe to be novel, and allows for injection in otherwise unexploitable scenarios. This technique is the subject of this blog post.

slcyber.io/assetnote-security-research-center/a-novel-technique-for-sql-injection-in-pdos-prepared-statements