A census of the Starlette host-header auth bypass Persistent Security - research writeup. Aggregate findings only; per-target detail is withheld pending the coordinated-disclosure window (public deadline 2026-08-26). Classification: TLP:AMBER. 2,856 findings (deduped) ~2,393 confirmed vulnerable 58 countries ~78% fail-open (Tier 1) TL;DR CVE-2026-48710 is a Starlette host-header authentication bypass. Because FastAPI is built on Starlette, the affected population spans applic

By the Persistent Security Research Team - May 2026 Process Injection - MITRE ATT&CK T1055.002 Last time, we loaded mimikatz entirely from memory without Defender noticing. This time, we take the next step: cross-process injection into one of Windows' most sensitive processes to check if AV or EDRs will catch this! We inject a .NET CLR runtime into winlogon.exe, read stored credentials from registry, and exfiltrate them over DNS - all without triggering a single Defender aler

By the Persistent Security Research Team - April 2026 Portable Executable Injection - MITRE ATT&CK T1055.002 When Defender sees mimikatz, it kills it. On disk, in a ZIP being extracted, in a PowerShell script that references it - the binary has thousands of signatures pointing at it from every angle. Yet it's still one of the most useful tools for red teamers and bad actors alike! So how do you run mimikatz on a fully patched Windows 11 system with Defender at latest signatur