Can we eliminate the C2 server entirely and create truly autonomous malware? On the Dreadnode blog, Principal Security Researcher @0xdab0 details how we developed an entirely local, C2-less malware that can autonomously discover and exploit one type of privilege escalation

"If you contribute a public benchmark, are you giving free capability to your competitors?" Yes, but you stand to gain more than you lose. More on this in @shncldwll's call for public benchmarks and datasets ⬇️

If you ask me a good question, you get this Rare Shane Expression

Full paper on arXiv: https://t.co/vACC6gR4YK Blog:

CAMLIS! @shncldwll made this beautiful poster for you. Find him on the 31st floor next to the main presentation room from 4-6pm ET to talk judge models and verifiers.

🙏 Huge thanks to @JasonDClinton @newton_cheng @AnthropicAI; Richard J. Danzig @JHUAPL @USNavy; @joshua_saxe @Meta; @elie @GoogleDeepMind; @aireye @PaloAltoNtwks; Ian Brelinsky @OpenAI; Taesoo Kim @GeorgiaTech; @dguido, Riccardo Schirone @trailofbits; @tylerni7 @theori_io;

Latest blog from @0xdab0 on C2-less malware featured in @jackclarkSF's Substack ➡️

https://t.co/N3sNX9iNQt

Local C2-less malware?! 🔥

LETS FREAKING GOOOOOOOOOO Really pumped to release this post. It was really fun digging into the native inference features Windows has been building

Tonight at midnight, two critical pieces of cybersecurity legislation are due to expire: the CISA 2015 and the SLCGP. Read @velvethamm3r's take on why reauthorizing these programs will help CISA transform into a integrated defensive command: https://t.co/qfHKcUnsXW

🏴‍☠️🏴‍☠️🏴‍☠️

@LabsSentinel @milenkowski @RecordedFuture @JulianVoeg 🧠 @Dr_Machinavelli and @bradpalmtree (@dreadnode) ask: can we trust AI-assisted CTI? Through their LLM agent system analyzing Russian data leaks, they explore transparency, accountability, and the limits of AI in threat research. 🔗 https://t.co/o0EUECtefk 🔗

Dreadnode is a proud sponsor of @SentinelOne's #labscon25! Heading to Scottsdale this week? Catch Martin Wendiggensen and @bradpalmtree's talk, Auto-Poking the Bear—Analytical Tradecraft in the AI Age, on Thursday at 2pm MT. Or, shoot us a DM to find time to meet up onsite!

⚡️You know what time it is! 🥒➕🎾😅 @dreadnode

Thank you to our #CAMLIS2025 Gold Sponsors! 🙏 🎉 Without you CAMLIS would not be possible! @dreadnode @googlecloud @hiddenlayersec @mindgard @nvidia Not registered yet? Hurry up and claim your seat before they’re gone! https://t.co/MrHLAlk50A

PentestJudge: Judging Agent Behavior Against Operational Requirements - https://t.co/UgM49zhppJ by @dreadnode Introducing PentestJudge, an LLM-as-judge system for evaluating the operations of pentesting agents. The scores are compared to human domain experts as a ground-truth

What's after programmatic verification for offsec? As we deploy these systems, there's a lot about pentesting we'll want to treat as eval metrics or training objectives that are difficult to verify. Judges for non-verifiable tasks present a way forward: are they any good?

Incoming: Dreadnode paper drop from @shncldwll and the crew 🏴‍☠️ PentestJudge—Judging Agent Behavior Against Operational Requirements: https://t.co/vACC6gRCOi Explore how we built an LLM-as-judge system for evaluating the operations of pentesting agents [inspired by @OpenAI's

Read "Spain’s Huawei Deal Is a Wake-Up Call for U.S. Federal Procurement Reform" in @WarOnTheRocks, written by our very own Head of Policy @velvethamm3r.