Fortra Intelligence and Research Experts (FIRE) have conducted a detailed analysis of RedSun, the latest proof-of-concept by "Chaotic Eclipse", the same researcher responsible for disclosing BlueHammer. Published in April 2026, RedSun is related to BlueHammer both in origin and technique, abusing Microsoft Defender logic and filesystem timing/path confusion to achieve privilege escalation.

Introduction

While researching the Common Log File System (CLFS) to analyze a published vulnerability, I achieved remote code execution (RCE). However, after modifying certain values in a proof of concept (PoC), I observed that it triggered a non‑exploitable blue screen of death (BSoD) on the target system. Consequently, I am reporting this issue. This document helps the reader understand the BSoD behavior and provides guidance on how the issue can be reproduced in a controlled research environment.

Core Impact Exploit Library Additions

One of Core Impact’s most valuable features is its certified exploit library, maintained by a team (formerly Core Labs) within the Fortra Intelligence & Research Experts (FIRE) group.

We’re excited to share what’s new in Core Impact v21.8! This release is all about making your penetration testing workflows more efficient, more integrated, and easier to manage. Let’s dive into the highlights.

Technical debt can have cybersecurity consequences. Even teams that feel they know exactly what needs fixing are often surprised at what a team of outside hackers can do – as they so often are during a breach.

So how can you determine what’s emergency-worthy technical debt? Your backlog might not show it, but your pen test will.