artifacts Archives

Tech Optimizer

December 2, 2025

AWS Transform announces full-stack Windows modernization capabilities

AWS launched AWS Transform for .NET in May, aimed at modernizing .NET applications. In response to user feedback, AWS introduced AWS Transform for full-stack Windows modernization, which streamlines modernization tasks across the Windows application stack. This service enhances modernization efficiency by up to five times and supports migration from .NET Framework to cross-platform .NET and SQL Server to Amazon Aurora PostgreSQL-Compatible Edition. It includes features for validating and testing applications, customizable deployment configurations, and modernizing ASP.NET Web Forms UI to Blazor. AWS Transform connects to source code repositories and database servers to analyze dependencies and create modernization waves. Users can configure database connectors for SQL Server and source code repositories, leading to a wave-based transformation plan. The service generates a SQL Modernization Assessment Report detailing the proposed modernization strategy. The transformation process involves converting SQL Server schema to PostgreSQL, migrating data, transforming .NET application code, and deploying applications for testing. AWS Transform exclusively supports codebases in .NET 6 or later. It also facilitates UI modernization from ASP.NET Web Forms to Blazor, managing the conversion of various project files. Additional features include support for porting to .NET 10 and .NET Standard, an editable transformation report, real-time tracking of transformation progress, and a markdown file outlining remaining tasks post-transformation. AWS Transform for full-stack Windows modernization is available in the US East (N. Virginia) Region, with no additional charges for the features beyond standard resource usage. It supports SQL Server versions from 2008 R2 to 2022 and Entity Framework versions 6.3 to 8.0.

AppWizard

November 28, 2025

Google decks out its arts & culture app with AI ‘World Toon Video,’ Art Chats

Google is introducing experimental features in its Arts & Culture app, including "World Toon Video," which allows users to turn selfies into cartoon styles for educational clips, and "Learn Everything," which interprets photos of everyday items as metaphors for learning opportunities. Additionally, the app includes "Arts Chat," enabling real-time conversations with AI about artists and their works, along with access to explainer videos on various art genres. These features aim to enhance the educational experience by blending personal interaction with engaging content.

Tech Optimizer

November 19, 2025

Tiger Data Launches Agentic Postgres: The Database For Agents

Agents are emerging as new users of databases, requiring infinite, secure copies of data for experimentation and continuous learning. Current databases do not meet these demands, leading to inefficiencies. Agentic Postgres, available on Tiger Data's managed Postgres cloud, introduces forkable infrastructure, allowing instant, copy-on-write branches of databases and volumes for safe parallel experiments. It includes three new features: an interface for agent control, hybrid search capabilities, and persistent memory for state management. Forkable databases enable lightweight, zero-copy branches for testing, while forkable volumes provide complete, reproducible snapshots of the entire environment. This infrastructure allows rapid creation of environments with cost-effective charging for changes made. Agentic Postgres maintains compatibility with Postgres, avoiding vendor lock-in, and offers a free tier for developers to access its features. Tiger Data, the company behind Agentic Postgres, has a strong customer base and significant investment backing.

AppWizard

November 18, 2025

Start building with Gemini 3

Google has launched Antigravity, a platform designed to enhance the integration of models and integrated development environments (IDEs). It utilizes Gemini 3 to provide an agentic development experience, allowing developers to manage intelligent agents across workspaces while maintaining a familiar AI IDE interface. Antigravity accelerates the development process by enabling developers to collaborate with autonomous agents that can navigate the editor, terminal, and browser, assisting in tasks such as building features, iterating on user interfaces, fixing bugs, conducting research, and generating reports. The public preview of Google Antigravity is available for free download on MacOS, Windows, and Linux.

Tech Optimizer

November 18, 2025

SilentButDeadly: New Tool Blocks Network Traffic to Bypass EDR and Antivirus

A newly released open-source tool called SilentButDeadly, developed by Ryan Framiñán and launched on November 2, 2025, can disable Endpoint Detection and Response (EDR) systems and antivirus software without terminating processes. It exploits the Windows Filtering Platform to sever cloud connectivity for security products, leaving systems vulnerable to attacks. SilentButDeadly operates through a seven-phase execution sequence, starting with verifying administrator privileges, then scanning for active EDR processes like SentinelOne and Windows Defender. It establishes network filters that block communications for these security applications, preventing them from receiving updates or transmitting telemetry data. The tool also attempts to disable EDR services by changing their startup types. SilentButDeadly features dynamic, self-cleaning filters and builds on techniques from EDRSilencer, introducing enhanced operational safety. Organizations using cloud-based threat detection face risks when their security solutions lose connectivity. Security teams are advised to monitor Windows event logs for specific filter creation events and implement real-time monitoring and redundant communication channels for EDR telemetry.

Tech Optimizer

November 17, 2025

SilentButDeadly – A Network Communication Blocker That Neutralizes EDR and AV Tools

A new endpoint detection and response (EDR) evasion technique called SilentButDeadly has been identified, which exploits vulnerabilities in security software by using a network communication blocker that leverages the Windows Filtering Platform (WFP). This technique disrupts EDR and antivirus solutions' cloud connectivity without terminating processes or manipulating the kernel. SilentButDeadly operates through a seven-phase execution sequence, starting with verifying administrator privileges and discovering EDR solutions like SentinelOne and Windows Defender. It establishes dynamic WFP sessions with high-priority filtering rules to block outbound telemetry and inbound command-and-control communications, preventing EDR solutions from receiving updates and executing remote management commands. Additionally, it attempts to disable EDR services, hindering automatic restarts and background monitoring. This technique highlights a significant architectural vulnerability in EDR systems that rely on network connectivity. To mitigate this threat, security teams can monitor Windows event logs for specific Event IDs related to WFP filter creation and implement real-time monitoring and redundant communication channels. SilentButDeadly requires administrator privileges and is ineffective against EDR solutions protected by kernel-level network drivers.

AppWizard

November 14, 2025

One of our favorite 4X games is holding an extra-long free weekend starting today

Age of Wonders 4 is available for free this weekend until Monday, November 17. The game combines 4X gameplay with turn-based tactical RPG mechanics, allowing players to customize rulers with unique cultures and abilities. Players can gather magical artifacts, develop schools of magic, and engage in turn-based battles. It features asynchronous multiplayer options for cooperative or competitive play. There is also a vampire-themed DLC and a limited-time sale on Steam, offering the game at 50% off its regular price. The free trial primarily includes the base game, providing players with a wealth of content to explore.

Tech Optimizer

November 6, 2025

EndClient RAT Abuses Stolen Code-Signing Certificate to Evade Antivirus Detection

North Korean cyber actors have developed a Remote Access Trojan (RAT) called "EndClient RAT," targeting human rights defenders in South Korea and internationally. This malware evades antivirus detection by using stolen code-signing certificates and is delivered through a Microsoft Installer package named "StressClear.msi," which is signed by a Chinese firm. The RAT deploys an AutoIT-based payload, creates a scheduled task for persistence, and communicates with its command-and-control server using a custom protocol. Detection rates for EndClient RAT are low, with only 7 out of 64 detections for the dropper and 1 out of 64 for the payload script. Organizations are advised to block identified indicators of compromise and treat signed MSIs as untrusted until verified.

Winsage

November 4, 2025

Hackers Use Hyper-V to Deploy Linux Malware on Windows Systems

The Russian-aligned APT group Curly COMrades has been using hidden Alpine Linux virtual machines (VMs) on compromised Windows hosts via Microsoft Hyper-V to evade detection and maintain covert access. This technique was uncovered in mid-2025 through an investigation by Bitdefender and the Georgian CERT, which traced suspicious activities to a compromised Georgian website. The attackers activated Hyper-V on the infected machines, downloaded a disguised VM image, and named it “WSL.” The VM, operating on Alpine Linux, had a small disk footprint and low RAM usage, minimizing alerts from security systems. Within this environment, they deployed two malware implants: CurlyShell, a reverse shell for command execution, and CurlCat, a reverse proxy tool for SSH traffic. Both implants were designed to maintain a low forensic footprint. The attackers also used a PowerShell script to inject encrypted Kerberos tickets into LSASS for lateral movement and employed various tunneling tools for communication. Artifacts from their operations were stored in directories that blended with legitimate Windows files. Security teams are advised to audit Hyper-V usage, monitor for hidden VMs, and enable host-based network inspection.

Winsage

October 31, 2025

China-Linked Hackers Exploit Windows Shortcut Flaw to Target European Diplomats

A China-affiliated threat actor, UNC6384, has been conducting cyber attacks targeting diplomatic and governmental entities in Europe, including Hungary, Belgium, Italy, the Netherlands, and Serbia. These attacks exploit an unpatched Windows shortcut vulnerability (CVE-2025-9491) through spear-phishing emails that appear relevant to diplomatic events. The emails deliver malicious LNK files that deploy PlugX malware via DLL side-loading. PlugX is a remote access trojan that allows extensive control over compromised systems and has been linked to another hacking group, Mustang Panda. Microsoft Defender can detect these attacks, and Smart App Control provides additional protection. The LNK file executes a PowerShell command to extract a TAR archive containing a legitimate utility, a malicious DLL, and an encrypted PlugX payload. The size of the malicious artifacts has decreased significantly, indicating ongoing evolution. UNC6384 has also begun using HTML Application files to load external JavaScript for retrieving malicious payloads, aligning with Chinese intelligence objectives regarding European defense policies.