ITSEC Newsletter 2026-03-19

Author

Henrik Falk
March 19, 2026

Bypassing EDR in a Crystal Clear Way

In this blog I want to take you on a full trip, starting from how C2 payloads actually work under the hood, all the way to building a reflective loader that bypasses one of the best EDRs available. But more than just showing you the techniques, I want to explain why we're using them and what specific problem each one is solving. Randomly throwing evasion techniques at a target without understanding them is a great way to get caught.

lorenzomeacci.com/bypassing-edr-in-a-crystal-clear-way

Et Tu, RDP? Detecting Sticky Keys Backdoors with Brutus and WebAssembly

Everyone knows that one person on the team who’s inexplicably lucky, the one who stumbles upon a random vulnerability seemingly by chance. A few days ago, my coworker Michael Weber was telling me about a friend like this who, on a recent penetration test, pressed the shift key five times at an RDP login screen and discovered the system had the sticky keys backdoor configured, giving him unauthenticated remote code execution as NT AUTHORITY\SYSTEM. This post covers how we built automated RDP sticky keys backdoor detection into Brutus, our open-source credential testing tool.

www.praetorian.com/blog/rdp-sticky-keys-backdoor-brutus

PowerShell for Hackers, Part 11: Dropping Nukes

In this article, we focus on two tools that help bridge the gap between red teams and blue teams: Nebula and Invoke-AtomicRedTeam. These tools are designed to simulate real-world attacker behavior in a controlled way, allowing defenders to observe and improve. This kind of testing helps organizations understand not only whether something can be done, but whether it would actually be noticed when it matters.

hackers-arise.com/powershell-for-hackers-part-11-dropping-nukes