| Driving lessons: The kernel drivers in Sophos Intercept X Advanced | 3 | digicat | | | | |
| Amassing Country-Code Top-Level Domains from Public Data | 3 | digicat | | | | |
| Zola ransomware: The many faces of the Proton family | 3 | jnazario | | | | |
| LayeredSyscall - Abusing VEH to Bypass EDRs | 3 | digicat | | | | |
| Trapster Community : easy to install low interaction Honeypot | 3 | MoCyberB3 | | | | |
| BITS and Bytes: Analyzing BITSLOTH, a newly identified backdoor | 3 | digicat | | | | |
| BITS and Bytes: Analyzing BITSLOTH, a newly identified backdoor | 3 | jnazario | | | | |
| smbtakeover: BOF and Python3 implementation of technique to unbind 445/tcp on Windows via SCM interactions | 3 | digicat | | | | |
| StackExchange Abused to Spread Malicious Python Package | 3 | jnazario | | | | |
| Velociraptor RDPCache - This artifact parses, views and enables simplified upload of RDP cache files. | 3 | digicat | | | | |
