Offensive Security Lab: Malware, Red Team, Appsec, ICS and more

Based on "Ransomware Groups, Cognitive Surplus, Social Dynamics & Policy" – March 2023

After years of contributing to the open-source offensive security community, we at Atlan Digital R&D have reflected deeply on how our collective cognitive surplus feeds into the very problem we, and governments at large, are trying to solve. This thinking shaped our approach to Turul GAN and all subsequent research.

Cognitive Surplus

Definition: Cognitive Surplus focuses on describing the free time that individuals have to engage with collaborative activities within new media.

In the security community, focused human cognition is utilised to identify flaws in software. The larger the codebase, the more technically challenging the security vulnerability – and the more cognitive effort required to discover it.

The Problem with Open Source Offensive Tooling

Most offensive tools developed through cognitive surplus end up freely available on GitHub – accessible to both the security community and cyber criminals worldwide.

Our team experienced this directly. SharpSniper, originally developed during a Red Team engagement, was later identified in use by the Conti ransomware group. While Conti could have developed the tool themselves, its free availability – among the hundreds of other Red Team tools the community has released – contributed to decreasing defensive effectiveness and increasing attacker dwell time on corporate networks.

The Age of AI Changes Everything

With generative AI, the calculus has shifted further. Ideas themselves – novel approaches, unique methodologies, creative attack chains – are now the frontier. Code can be generated; what matters is the concept behind it.

We believe the current use of security professionals' cognitive surplus is both damaging to organisations and devaluing the research time involved. The community should stop doing cyber criminals' work for them in exchange for mere accolades.

Our Position: Turul GAN and Beyond

This philosophy guided our development of Turul GAN – our generative adversarial network for EDR/XDR evasion research. Rather than releasing the tooling publicly, we completed the research internally, validated the approach, and now offer the capability exclusively through controlled engagements and partnerships.

For these reasons, Atlan Digital R&D Research & Development no longer releases offensive tooling publicly. Our research – including Turul C2, Turul GAN, and all future capability – remains proprietary. We believe this is the responsible approach in an era where ideas propagate instantly and threat actors benefit disproportionately from open research.

Read the full article on LinkedIn →