Application Control Made Simple

Stop malware‑free attacks with agentless, AI‑driven application control. Block what's abused, allow what your business truly needs.

Agentless•Evidence-based•Always Up-to-Date

Trusted by security teams at leading companies

0%of initial access attacks no longer use malware

CrowdStrike 2025 Global Threat Report

THE PROBLEM

Your security stack misses malware-free attacks

MGM Resorts ($100M+ losses), Caesars ($15M ransom), United Health (7M patients affected)
All breached using tools already installed in their environment: RMMs, PsExec, Sysinternals, PowerShell
Attackers weaponized legitimate applications, while EDR/firewalls stayed silent because those tools were "known good"
Traditional allowlisting is unmanageable: block-all models break workflows and flood IT with tickets

THE SOLUTION

MagicSword closes the gap attackers count on

MagicSword blocks attackers from turning trusted, already-installed tools into weapons, stopping one of the most common pathways to a breach
AI distinguishes legitimate use from malicious abuse automatically
Works with your existing security stack, doesn't replace it, enhances it
Deploys in 48 hours, blocking the 79% of initial access attacks that abuse native tools from day one, with zero disruption to your team
Audit-first allowlisting that learns what your teams use, then enforces safely without flooding IT with tickets

On average, a 1,000‑endpoint company sees a 208% ROI using MagicSword. See what your ROI ishere.

Updates Every 2 Hours

Our Threat Intelligence

MagicSword ingests multiple open-source and proprietary sources and it updates every 2 hours, blocking emerging abuse immediately.

Remote Management Tools

280+ RMMs tracked; allow only what you use (e.g., TeamViewer), block the rest.

Living-off-the-Land Binaries

Admin and Sysinternals utilities commonly abused for discovery, lateral movement, and persistence.

Vulnerable Drivers

Publisher-level rules that stop driver-based EDR tampering and kernel abuse.

Your Environment Data

Upload audit logs; we auto-allow what your teams actually need.

From policy to enforcement in 48 hours

Create & Enhance

Spin up a policy in minutes. Click Enhance to instantly add thousands of rules sourced from live, curated intelligence: abused RMM tools, Windows binaries and scripts, Sysinternals misuse, and known-bad driver publishers.

Unlike static allowlists, MagicSword refreshes every 2 hours.

Deploy in Audit

Deploy agentless via PowerShell, GPO, SCCM, or Microsoft Intune. Run in Audit for 24–48 hours to learn what your endpoints actually use before enforcement.

Learn your environment without breaking workflows.

Analyze & Enforce

Upload analytics to auto-allow what your teams need and flip to Enforce. Abused tools are blocked by default, but legitimate ones stay running without breaking your workflows.

Full transparency, review the exact enforcement plan before applying.

Custom Rules

Add publishers, versions, paths, filenames, or hashes as needed.
Full control over your security posture.

Complete Flexibility

COMMUNITY PROJECTS

Built by Defenders, for Defenders

Created by former threat researchers and security analysts, cited by CISA [1, 2] and Microsoft [3] in security guidance on abused admin tools and vulnerable drivers.

We believe intelligence should be free. Our open‑source projects are actively developed so teams can adopt and detect immediately. When the community levels up together, the entire industry benefits.

Our goal is to eliminate entire threat vectors where possible and remove tools from attackers. #ThisEndsWithUs. We welcome contributions and feedback, join the community on GitHub.

Adopted by teams hardening high‑risk, bandwidth‑constrained endpoints

LOLDrivers

Living Off The Land Drivers is a curated list of Windows drivers used by adversaries to bypass security controls and carry out attacks. The project helps security professionals stay informed and mitigate potential threats.

Sigconverter

sigconverter.io is a user-friendly converter for Sigma rules. This project is designed to keep in sync with the pySigma project's backends. Inspired by uncoder.io, it aims to provide an easy-to-use interface for converting Sigma rules.

LOLRMM

LOLRMM.io Living Off The Land Remote Management Tools is a curated list of Remote Monitoring and Management (RMM) tools that could potentially be abused by threat actors. The mission is to assist security professionals in staying informed about these tools and their potential for misuse, providing the community a catalog of these tools which can be used for threat hunting, detection and prevention policy creations.

Bootloaders

bootloaders.io is a curated list of known malicious bootloaders for various operating systems. The project aims to assist security professionals in staying informed and mitigating potential threats associated with bootloaders.

FREQUENTLY ASKED QUESTIONS

Frequently asked questions

Looking for something else? Chat with us via info@magicsword.io and we will try our best to help you with your questions!

No agent required. Instant protection.

Preventing thousands of malware attacks daily

#1 at stopping living-off-the-land attacks

Home Solution Intelligence Pricing Projects FAQs Blog