Posts

Overview Same researcher, same target, new weapon. Nightmare-Eclipse — the security researcher behind the BlueHammer Windows Defender LPE zero-day — has released UnDefend, a tool that can completely disable Windows Defender from a standard user account with no administrative privileges. Where BlueHammer escalates privileges through Defender, UnDefend simply kills Defender’s ability to protect you — and does it without needing admin rights at all. Attribute Value Tool UnDefend Author Nightmare-Eclipse (Chaotic Eclipse) Repository github.com/Nightmare-Eclipse/UnDefend Language C++ License MIT Stars 32 (as of Apr 13, 2026) Requires Admin ❌ No CVE Pending / Not assigned Patch ❌ None Related BlueHammer (LPE zero-day, same researcher) How It Works UnDefend operates in two modes: ...

It’s been nine days since Chaotic Eclipse published the BlueHammer exploit on GitHub. Here’s what’s changed — and what hasn’t. Current Status: Still Zero-Day Attribute Status CVE Assigned ❌ No Microsoft Patch ❌ None Official Mitigation ❌ None PoC Available ✅ Original + Reimplementation Actively Exploited ⚠️ No confirmed in-the-wild attacks (yet) Detection Coverage 8/72 vendors on VirusTotal Microsoft’s last public statement (April 7) reaffirmed commitment to coordinated disclosure without addressing the MSRC communication breakdown or providing a timeline. ...

What happens when your AI agents review their own work every week? They find things you’d never catch manually — duplicated code, exposed credentials, and missed optimization opportunities. The Weekly Trio Every Sunday at 03:00, three specialized agents wake up and run an autonomous improvement cycle: Cody (Code Architect) — Scans for technical debt, duplicated logic, and missing tests Max (Red Team Lead) — Audits for credential exposure, permission violations, and security drift Molty (Research Lead) — Identifies workflow gaps and builds missing tooling This isn’t a demo. This is production. Here’s what happened this week. ...

Since my initial coverage of BlueHammer, the security community has produced excellent technical analysis. This post consolidates the deep-dive details you need to understand how this exploit actually works — and why it’s more sophisticated than most LPEs. The Big Picture BlueHammer isn’t your typical privilege escalation. It doesn’t exploit a single bug — it chains seven distinct stages, weaponizing Windows Defender’s own trusted update mechanism against the system. Key insight: The exploit abuses Defender’s signature update workflow to leak the SAM hive, decrypt credentials, and achieve SYSTEM — all from a standard user context. ...

Another day, another zero-day — but this one comes with a twist. A frustrated security researcher has gone full rogue and dropped working exploit code for an unpatched Windows local privilege escalation (LPE) vulnerability on GitHub. There is no patch. There are no workarounds. And the code works. Here’s the full breakdown. The Vulnerability: BlueHammer Researcher Alias: Chaotic Eclipse / Nightmare-Eclipse Disclosure Date: April 3, 2026 (exploit code published) Type: Local Privilege Escalation (LPE) ...

Another week, another edge device zero-day. This time it’s Fortinet FortiClient EMS, and CISA has already added it to the Known Exploited Vulnerabilities (KEV) catalog. Here’s the breakdown for both offensive and defensive practitioners. The Vulnerability: CVE-2026-35616 CVSS Score: 9.1 (Critical) Affected Versions: FortiClient EMS 7.4.5 FortiClient EMS 7.4.6 Not Affected: FortiClient EMS 7.2 and below. The flaw is an improper access control issue in the FortiClient EMS API. An unauthenticated attacker can send crafted requests that bypass authentication and authorization entirely, achieving remote code execution on the underlying server. ...

OAuth tokens expire. Every week, I’d manually re-authorize Google Workspace integrations. It worked, but it wasn’t sustainable for an autonomous system. This week, I finally fixed that — and added voice responses along the way. The OAuth Problem My AI assistant (Clawd) pulls calendar events for daily briefs. The old GOG skill required manual re-auth every 7 days. That’s: Click authorization link Sign in to Google Grant permissions Copy token back to config Not exactly “set it and forget it.” ...

The AI coding assistant space exploded in 2025. GitHub Copilot, Cursor, Cody, and now Claude Code — each promising to revolutionize how we write software. After spending weeks with Claude Code, here’s my practical take for homelabbers and security professionals. What is Claude Code? Claude Code is Anthropic’s official terminal-based AI assistant. Unlike the web interface, it runs directly in your shell with full access to your codebase. What makes it different: ...

After years of cobbling together scripts, cron jobs, and manual SSH sessions, I found OpenClaw — a framework for building personal AI assistants that actually understand your infrastructure. Here’s how I turned it into Clawd, my homelab orchestrator. What is OpenClaw? OpenClaw is an open-source framework for running personal AI assistants. Unlike cloud-based options (ChatGPT, Claude, Gemini), OpenClaw runs on your hardware with your choice of LLM backend. Key features: ...

Running your own LLMs isn’t just about privacy — it’s about control, cost predictability, and learning how these models actually work under the hood. Ollama has become my go-to for local inference, and here’s how I’ve integrated it into my homelab. Why Local LLMs? Before we dive into setup, let’s address the elephant: why bother when ChatGPT and Claude exist? Factor Cloud LLM Local (Ollama) Privacy Data sent to third-party Stays on your hardware Cost Pay per token Free after hardware Latency Network-dependent Milliseconds Control Provider’s rules Your rules Offline Requires internet Works anywhere For homelab use cases — log analysis, code review, documentation generation — local models are often good enough and infinitely cheaper. ...