Category Archive
Offensive Devices / Tactics
13 reports · All intelligence
Bulwark Black cyber threat intelligence filed under Offensive Devices / Tactics.
THIS WEEK IN SECURITY: LOOP DOS, FLIPPER RESPONDS, AND MORE!
by: Jonathan Bennett Here’s a fun thought experiment. UDP packets can be sent with an arbitrary source IP and port, so you can send a packet to one server, and could aim the response at another server. What happens if that response triggers another response? What if you could cra
SHODAN Dorks
READ ARTICLE By: ZION3R Shodan Dorks Basic Shodan Filters city: Find devices in a particular city. city:”Bangalore” country: Find devices in a particular country. country:”IN” geo: Find devices by giving geographical coordinates. geo:”56.913055,118.250862″ Location country:us cou
Detecting API endpoints and source code with JS Miner
Read Article DANA EPP’S BLOG Security (de)engineering for fun and profit Let’s be honest. Most APIs are naked without some sort of web app frontend calling it. These days, those apps are usually written in some sort of framework based on Javascript. With a bit of work, we can do
Threat Modeling LLM Applications
Posted by Gavin Klondike on 06 June 2023 Read Article Before we get started: Hi! My name is GTKlondike, and these are my opinions as a cybersecurity consultant. While experts from the AI Village provided input, I will always welcome open discussion so that we can come to a better
Active Directory Penetration Testing Orange Cyber-defense mind maps
Get Mind Map!
SQLmap Cheat Sheet
Link to Sheet
Announcing cvemap from ProjectDiscovery
Read Article Project Discovery Tool ManagerGitHub pdtm is a simple and easy-to-use golang based tool for managing open source projects from ProjectDiscovery. Security professionals are constantly on guard against cyber threats, especially given the rising number and sophisticatio
How to protect Evilginx using Cloudflare and HTML Obfuscation
Read Article Using a combination of Cloudflare and HTML Obfuscation, it is possible to protect your Evilginx server from being flagged as deceptive and so increase your chances of success on Red Team and Social Engineering engagements. Anyone who has tried to run a Social Enginee
PWNAGOTCHI: DEEP REINFORCEMENT LEARNING FOR WIFI PWNING!
Project Site Pwnagotchi is an A2C-based “AI” powered by bettercap and running on a Raspberry Pi Zero W that learns from its surrounding WiFi environment in order to maximize the crackable WPA key material it captures (either through passive sniffing or by performing deauthenticat
Automating C2 Infrastructure with Terraform, Nebula, Caddy and Cobalt Strike
Read Article The ability to quickly build out a C2 infrastructure within a few minutes, including all the set up and tear down logic included would be a great asset for any offensive security group or operator. In this post, I will show exactly how to build a fully automated func
FAKING BLUETOOTH LE WITH AN NRF24L01+ MODULE
Hardware Implants as an Initial Access Vector
Read Article On every red team engagement, one of the first steps is to gain access to the target environment. Generally, red teams will leverage social engineering techniques to get their customer to run a payload sent through email or other digital means. Unfortunately for us,
Red Pandas Unleashed: How Webhooks, Bad USB, and WiFi Collide in Cyberspace
Read Article The Power of Automation for Pentesting Automation has become a game-changer in the world of penetration testing. With the ever-increasing complexity of networks and systems, manually tracking and responding to security events is no longer viable. This is where webhoo