InfoSec Briefing - June 11, 2026

🎧 Audio Briefing

Playback Speed:

Cyber security developments for Thursday the 11th of June 2026 covering articles added to the BlueTeamSec community on infosec.pub. Today we have 6 articles to cover. All attribution is by the article authors. All article analysis is automated.

Alias Robotics ran twenty experiments where they gave AI agents different APT personas and set them loose in cyber ranges. The agents all converged on identical behaviour regardless of which group they were meant to emulate, achieving complete compromise every time. Which rather neatly undermines the idea that you can reliably attribute attacks based on tactics and techniques alone.

Virtual Routes Community argues we should stop thinking about Chinese state operations in terms of single APT groups and shift to a composite responsibility model instead. Modern campaigns like Salt Typhoon involve a mix of military units, intelligence contractors, and commercial actors all contributing distinct bits to the same operation, which makes traditional attribution messier and policy responses considerably more complicated.

Microsoft Defender for Endpoint now logs inbound remote procedure call activity, including interface identifiers and operation numbers. One for hunting lateral movement and persistence through Advanced Hunting queries if you're working in Windows environments.

A researcher demonstrated a bring-your-own-vulnerable-driver attack at Milan0day using the ThrottleStop driver. The technique gets arbitrary kernel-mode execution through physical memory primitives and can terminate security processes whilst dodging PatchGuard detection using a patch-trigger-restore cycle.

A researcher has published a proof-of-concept for RoguePlanet, which exploits a race condition in Windows Defender to escalate to SYSTEM level on Windows 10 and 11. It leverages ISO image mounting to trigger the vulnerability, though reliability varies and the current version doesn't work on Server without modification.

And finally, researchers have developed automated pipelines that can generate working exploits for Windows kernel n-day vulnerabilities in as little as thirty-one minutes. The systems use language models to automate patch-diffing, decompilation, and iterative debugging in hypervisor-based test environments, which dramatically shrinks the window between patch release and exploit in the wild.

That concludes today's briefing.

📰 Articles Covered

Synthetic APTs: the Collapse of TTP-Based Attribution - Alias Robotics

The article, *"AI-Driven Adversary Emulation and the Erosion of TTP-Based Attribution,"* presents an experimental assessment of how effectively AI-driven agents can replicate the Tactics, Techniques, and Procedures (TTPs) of known Advanced Persistent Threat (APT) groups. The study suggests that the increasing prevalence of such AI-driven operations threatens the reliability of traditional attribution methods used in cybersecurity.

### Summary of Findings

| Feature | Details |
| :--- | :--- |
| **What Happened** | Researchers conducted 20 experiments in two cyber range environments (enterprise vs. military-grade) using five AI-driven agents emulating specific APT groups (APT28, APT29, APT41, APT44, and Lazarus). |
| **Who is Affected** | Cyber Threat Intelligence (CTI) analysts, the intelligence community, and any organization relying heavily on TTP-based attribution for defense or policy decisions. |
| **Security Implications** | The study highlights a breakdown in traditional attribution methods, as different "persona" agents converged on identical behaviors. Furthermore, it reveals that AI agents can quickly identify and weaponize administrative security tools (such as *Velociraptor*) against the defender. |
| **Technical Details** | Success was determined by network topology rather than agent intelligence or assigned persona. Notably, AI agents demonstrated an ability to adapt their tactics dynamically, often ignoring their "assigned" TTPs in favor of more effective, context-aware strategies. |
| **Defensive Takeaways** | Network architecture (segmentation) is a significantly more effective defense than AI-driven detection. Security management tools must be treated as critical, high-value targets, and relying on static TTP fingerprints is increasingly obsolete. |

### Technical Analysis
* **Performance vs. Environment:** In enterprise-grade networks, the agents achieved a 100% compromise rate. In contrast, military-grade infrastructure successfully defended against or stalemated all attempts.
* **Convergence:** A critical finding was that the agents exhibited "emergent convergent behaviors." Regardless of the assigned APT persona, agents independently weaponized the defender’s *Velociraptor* endpoint management platform as a C2 channel in 80% of enterprise experiments—a behavior not present in the historical profiles of the groups they were assigned to emulate.
* **Adherence Metrics:** While agents achieved 55–80% TTP precision when successful, this adherence was purely situational. When constrained by robust perimeter defenses, agents dropped their "persona" to focus on whatever techniques were most likely to succeed, yielding only 4–8% adherence to their original profiles.

### Guidance for Defenders
* **Prioritize Architecture:** Defenders should prioritize network segmentation and isolation. These structural defenses proved to be the decisive factor in neutralizing campaigns, regardless of the attacker's underlying model or profile.
* **Secure the Security Stack:** Defensive management tools and platforms (e.g., *Wazuh*, *Velociraptor*) are primary targets for AI agents. These must be hardened, monitored, and isolated with the same rigor as sensitive data assets.
* **Update Attribution Frameworks:** MITRE ATT&CK profiles should be treated as a "floor"—a baseline of expected capability—rather than a reliable, unique fingerprint for specific threat actors. As AI agents lower the barrier to entry for sophisticated tactics, defenders must shift their focus from identifying *who* is attacking to how to mitigate the *behaviors* they are currently witnessing.
* **Credential Management:** The study identified the failure to rotate pre-configured credentials on security tools as the primary vulnerability exploited by the AI agents in enterprise environments. Proactive credential rotation is a mandatory hygiene practice.
Microsoft Defender now monitors RPC activity - Microsoft

Microsoft Defender for Endpoint has introduced expanded monitoring capabilities for Remote Procedure Call (RPC) activity, significantly enhancing the ability of security teams to detect malicious behavior within Windows environments.

### What Happened
Microsoft has updated Defender for Endpoint to capture and log granular telemetry regarding inbound remote RPC calls. This provides visibility into the methods and interfaces used by external actors or compromised internal systems to interact with remote machines via RPC, a protocol frequently abused in lateral movement, privilege escalation, and reconnaissance activities.

### Who Is Affected
This update applies to all environments managed by Microsoft Defender for Endpoint. Defenders and security operations center (SOC) teams are the primary users of this new capability, as it requires the use of Advanced Hunting in the Microsoft Defender portal to query the newly available telemetry.

### Security Implications
RPC is a legacy yet fundamental mechanism for inter-process communication in Windows. Attackers often exploit RPC interfaces to perform unauthorized actions because legitimate administrative tools also rely on them. By monitoring this traffic, defenders can now identify:
* **Lateral Movement:** Unauthorized attempts to create services or interact with the registry on remote hosts.
* **Reconnaissance:** Enumeration of network sessions, accounts, or services that help attackers map a target environment.
* **Malicious Persistence:** Techniques involving remote service creation or configuration changes via RPC.

### Technical Details
The new telemetry is surfaced through the `DeviceEvents` table in Advanced Hunting under the `ActionType` value `InboundRemoteRpcCall`. When an inbound RPC call occurs, Defender logs specific metadata in the `AdditionalFields` column, including:
* **`RpcInterfaceUuid`**: The identifier of the specific RPC interface being called.
* **`RpcOpNum`**: The operation number (OpNum) representing the specific function being executed within that interface.

This allows for the creation of precise detection logic focused on specific, high-risk RPC functions.

### What Defenders Should Know
Defenders should incorporate these events into their threat hunting playbooks. Microsoft provides specific examples for hunting, which can be tailored to baseline normal administrative traffic in their environment and alert on deviations. Key areas to focus on include:

| Activity Focus | Description |
| :--- | :--- |
| **Remote Registry Abuse** | Hunting for `BaseRegSaveKey` or `BaseRegSaveKeyEx` operations, which can be abused for credential dumping or persistence. |
| **Remote Service Creation** | Detecting calls to `RCreateService` variants, a hallmark of lateral movement via tools like PsExec or similar methodologies. |
| **Session/Account Discovery** | Monitoring `NetrSessionEnum` or similar functions to identify attackers enumerating active sessions across the network to identify high-value targets. |

Defenders are encouraged to use Kusto Query Language (KQL) to filter `DeviceEvents` by `InboundRemoteRpcCall`, parse the `AdditionalFields` JSON, and map the `RpcInterfaceUuid` and `OpNum` to known suspicious behaviors 【1】.
Whoops! I did it again. I patched Windows Kernel at Milan0day 2026 - Ethical Hacker

The article by the security researcher known as "zer0matt" outlines a sophisticated "Bring Your Own Vulnerable Driver" (BYOVD) attack demonstrated at the Milan0day 2026 conference. The research highlights the persistent danger posed by signed kernel drivers that contain insecure IOCTL handlers.

### **Summary of the Incident**
The researcher presented a method for achieving arbitrary kernel-mode code execution by exploiting the **ThrottleStop.sys** driver (CVE-2025-7771). By leveraging this driver, an attacker can gain arbitrary physical memory read and write primitives, allowing them to bypass security controls by directly manipulating the kernel.

### **Affected Systems**
Any Windows system that allows the loading of the vulnerable `ThrottleStop.sys` driver (or similar signed drivers with unsafe IOCTLs) is potentially vulnerable. The core issue lies in the validation mechanisms of kernel IOCTL handlers rather than the OS signature enforcement itself.

### **Technical Details**
The exploit utilizes the following technical progression:
* **Primitive Acquisition:** The driver is used to expose two IOCTLs (`0x80006498` for arbitrary physical memory read and `0x8000649C` for arbitrary write) via `MmMapIoSpace`.
* **Trampoline Injection:** The exploit translates the virtual address of a legitimate kernel routine (e.g., `NtAddAtom`) into its physical address. It then overwrites the routine's first instructions with a "trampoline" (a jump instruction) pointing to malicious code.
* **Execution Hijacking:** This trampoline redirects execution flow to kernel functions like `PsTerminateProcess`. The researcher demonstrated this by terminating AV/EDR processes directly from kernel mode.
* **PatchGuard Evasion:** To avoid detection and the resulting `CRITICAL_STRUCTURE_CORRUPTION` bug check (BSOD) caused by PatchGuard, the exploit uses a "Patch -> Trigger -> Restore" cycle. It restores the original bytes immediately after each operation, ensuring the "patch" is only present in memory for the duration of the malicious action.

### **Security Implications**
This technique provides an attacker with high-privilege control over the kernel, effectively rendering standard user-mode security software ineffective. Capabilities enabled by this exploit include:
* Directly terminating security software (AV/EDR).
* Performing token stealing or removing security object callbacks.
* Disabling kernel-level telemetry.

### **What Defenders Should Know**
* **Signature != Safety:** The most critical takeaway is that a driver’s valid digital signature does not guarantee it is secure.
* **BYOVD Reality:** BYOVD remains one of the most effective bypass techniques for modern endpoint protections.
* **Defense Strategy:** Defenders should focus on maintaining updated blocklists of known vulnerable drivers (e.g., Microsoft's vulnerable driver blocklist) and enforcing strict policies regarding which drivers are permitted to be loaded in their environment.

***

*Sources:*
【1】
【1】
【1】
【1】
【1】
【1】
【1】
【1】
【1】
RoguePlanet: RoguePlanet Windows Defender Vulnerability - MSNightmare

The **RoguePlanet** project details a proof-of-concept (PoC) exploit targeting a vulnerability in Microsoft Windows Defender. Below is a detailed precis based on the provided documentation.

### Overview
RoguePlanet identifies a security vulnerability in Windows Defender that allows an attacker to escalate privileges and achieve arbitrary code execution as `SYSTEM`. The exploit functions by leveraging a race condition, meaning its reliability can vary; while some test environments achieved a 100% success rate, it remains inconsistent across different machines 【1】.

### Who is Affected
* **Operating Systems:** The vulnerability has been confirmed on **Windows 11** (Official and Canary channels) and **Windows 10** (including machines with the June 2026 security patches) 【1】.
* **Windows Server:** The author asserts that all Windows Server versions are inherently vulnerable. However, the provided PoC specifically requires the ability to mount an ISO image—a privilege typically unavailable to standard users—meaning the current exploit script does not function on Windows Server without modification 【1】.

### Security Implications
The primary security implication is a **Privilege Escalation** attack. A successful exploit grants the attacker a shell running with **SYSTEM** privileges—the highest level of authority in the Windows environment. This effectively bypasses standard user protections and grants full control over the compromised system 【1】.

### Technical Details
* **Vulnerability Type:** The exploit targets Windows Defender using a race condition 【1】.
* **Mechanism:** The PoC relies on mounting an ISO image to trigger the race condition. Because standard Windows Server configurations restrict ISO mounting for non-administrative users, the current PoC is limited to desktop environments, though the underlying flaw is not OS-specific 【1】.

### What Defenders Should Know
* **Persistent Risk:** The existence of a SYSTEM-level exploit targeting a core security component (Windows Defender) represents a significant threat.
* **Platform Scope:** Even if specific exploits (like this one) are blocked by platform-specific restrictions (e.g., ISO mounting on Server), the underlying vulnerability may still exist. Defenders should not assume systems are safe simply because a public PoC fails to execute.
* **Mitigation:** As this is a vulnerability in Windows Defender, security teams should prioritize monitoring for anomalous process spawning, especially processes executing with SYSTEM privileges that originate from unexpected paths or activities related to image mounting. Organizations should remain vigilant for official security updates from Microsoft addressing this flaw.
Benchmarking n-day exploit generation [via AI] - Josh Merrill

The article highlights a significant shift in exploit development: the rise of LLM-driven, automated pipelines that dramatically reduce the time required to weaponize "n-day" (previously patched) vulnerabilities.

### Summary of Findings

| Feature | Details |
| :--- | :--- |
| **What happened** | Researchers have successfully automated manual exploit workflows—specifically patch-diffing, decompilation, and iterative debugging—using LLM-driven agents. These tools can develop functional exploits in as little as 31 minutes. |
| **Who is affected** | The Windows ecosystem is the primary focus, specifically kernel-level Local Privilege Escalation (LPE) vulnerabilities found within drivers and cumulative updates. |
| **Technical details** | Pipelines ingest Patch Tuesday releases, diff binaries to find changes, and use LLM agents to conduct trial-and-error exploitation inside hypervisor-based (Hyper-V) environments. Verification is automated via objective success states (e.g., confirming `whoami` or reading a flag). |
| **Security implications** | The collapse of "time-to-exploit" narrows the window of safety between patch disclosure and weaponization, potentially allowing attackers to exploit systems before enterprises can complete deployment. |
| **What defenders should know** | Proactive defensive evolution requires these benchmarks to be public. The author asserts that defensive adaptation is currently trailing behind offensive development; making these tools available allows the security community to develop better detections and policies to counter automated exploitation. |

### Key Context & References
The development of these capabilities is contextualized by several related research efforts that aim to standardize and accelerate the evaluation of automated exploitation:

* **[Anthropic: Exploit Evaluations](https://red.anthropic.com/2026/exploit-evals/)**
* **[100+ Kernel Bugs in 30 Days](https://ydinkin.substack.com/p/200-kernel-bugs-in-30-days)**
* **[Origin: Patch-diffing pipeline](https://www.originhq.com/research/patch-diffing-pipeline)**
* **[ExploitBench](https://arxiv.org/abs/2605.14153)**
* **[ExploitGym](https://arxiv.org/abs/2605.11086)**
Understanding modern Chinese cyber operations means shifting from ‘APT’ to composite responsibility - Virtual Routes Community

The article argues that the traditional "Advanced Persistent Threat" (APT) model is increasingly inadequate for describing modern Chinese state-sponsored cyber operations. Instead, it proposes a "composite responsibility" framework to better capture the complex, interconnected ecosystem of state and private actors involved in these campaigns 【1】.

### What Happened
Chinese cyber operations have evolved from single-group intrusions to multifaceted campaigns where multiple public and private sector entities contribute distinct functions (such as malware development, infrastructure provision, and target exploitation) to the same operation 【1】. A primary example cited is "Salt Typhoon," which illustrates this interconnected ecosystem of commercial relationships and complex tasking networks 【1】.

### Who Is Affected
* **Victim Organizations:** Businesses and entities targeted by these campaigns face a more amorphous threat landscape, as the activity may be state-directed, contractor-driven, or a mix of both.
* **Policymakers and Defenders:** They are affected by the increased difficulty in accurately attributing operations and determining appropriate responses, as the lines between military units, intelligence contractors, and private commercial actors are increasingly blurred 【1】.

### Security Implications
* **Attribution Complexity:** Because multiple actors may contribute to a single campaign, assigning a single "APT" label is insufficient and potentially misleading 【1】.
* **Escalation Risks:** The source of the tasking dictates the risk level. Military (PLA) tasking carries higher escalation stakes, whereas activity by an MSS contractor or reckless private actors requires different strategic calculations and lower-intensity responses 【1】.
* **Accountability Gaps:** When operations are driven by commercial initiative or contractor recklessness rather than direct state tasking, holding the state accountable becomes significantly more difficult 【1】.

### Technical Details
* **Functional Decomposition:** Modern campaigns involve distinct roles: the intelligence customer, the entity issuing tasking, the executor of the intrusion, and the enablers (such as providers of malware, tooling, or infrastructure) 【1】.
* **Tooling Proliferation:** Private-sector entities create tools and malware that are frequently reused across various state-linked and contractor-led operations, meaning responsibility may extend beyond the direct operator to the developers and distributors of the malicious software 【1】.

### What Defenders Should Know
* **Move Beyond APT Labels:** Defenders should shift from simple APT labeling toward a more granular analysis that identifies the specific roles (customer, executor, enabler) within an operation 【1】.
* **Calibrated Responses:** By understanding the web of relationships, policymakers can craft more precise responses—ranging from infrastructure takedowns and sanctions to diplomatic signaling—that are commensurate with the specific role (directing, executing, or enabling) of the entity involved 【1】.