Skip to content
Latest
Ghost Phishing Shows Why Email Security Must Follow the BrowserPakistani Police Intrusions Show Why Public-Sector Data Systems Are Strategic TargetsBad Epoll Shows Linux Kernel LPEs Belong in the Patch Priority QueueFake Payment SDKs Show Why Dependency Risk Is Credential RiskCritical UniFi Flaws Put Network Control Planes Back in the Patch QueueVidar Stealer Campaign Shows Why File Size and Fake Signatures Still Beat Weak ControlsADFS Signing Keys Show Why Federation Servers Are Tier-Zero Identity InfrastructureUAT-7810 Shows Edge Devices Are Becoming China-Nexus Relay InfrastructureFortiBleed Shows Firewall Credentials Are Ransomware FuelNetNut and Popa Takedown Shows Residential Proxies Are Now Attack InfrastructureVect and TeamPCP Show Supply-Chain Credentials Are Ransomware FuelOusaban Shows Banking Trojans Are Learning to Hide From SandboxesNUT upsmon Command Injection Shows UPS Monitoring Belongs in the Patch QueueARToken Shows Microsoft 365 Tokens Are the New BEC Control Plane

Category Archive

Offensive Devices / Tactics

13 reports · All intelligence

Bulwark Black cyber threat intelligence filed under Offensive Devices / Tactics.

General CTI
THIS WEEK IN SECURITY: LOOP DOS, FLIPPER RESPONDS, AND MORE!
General CTI·

THIS WEEK IN SECURITY: LOOP DOS, FLIPPER RESPONDS, AND MORE!

by: Jonathan Bennett Here’s a fun thought experiment. UDP packets can be sent with an arbitrary source IP and port, so you can send a packet to one server, and could aim the response at another server. What happens if that response triggers another response? What if you could cra

Offensive Devices / Tactics
SHODAN Dorks
Offensive Devices / Tactics·

SHODAN Dorks

READ ARTICLE By: ZION3R Shodan Dorks Basic Shodan Filters city: Find devices in a particular city. city:”Bangalore” country: Find devices in a particular country. country:”IN” geo: Find devices by giving geographical coordinates. geo:”56.913055,118.250862″ Location country:us cou

Bug Bounty
Detecting API endpoints and source code with JS Miner
Bug Bounty·

Detecting API endpoints and source code with JS Miner

Read Article DANA EPP’S BLOG Security (de)engineering for fun and profit Let’s be honest. Most APIs are naked without some sort of web app frontend calling it. These days, those apps are usually written in some sort of framework based on Javascript. With a bit of work, we can do

AI (General)
Threat Modeling LLM Applications
AI (General)·

Threat Modeling LLM Applications

Posted by Gavin Klondike on 06 June 2023 Read Article Before we get started: Hi! My name is GTKlondike, and these are my opinions as a cybersecurity consultant. While experts from the AI Village provided input, I will always welcome open discussion so that we can come to a better

Offensive Devices / Tactics
Active Directory Penetration Testing Orange Cyber-defense mind maps
Offensive Devices / Tactics·

Active Directory Penetration Testing Orange Cyber-defense mind maps

Get Mind Map!

Bug Bounty
SQLmap Cheat Sheet
Bug Bounty·

SQLmap Cheat Sheet

Link to Sheet

Bug Bounty
Announcing cvemap from ProjectDiscovery
Bug Bounty·

Announcing cvemap from ProjectDiscovery

Read Article Project Discovery Tool ManagerGitHub pdtm is a simple and easy-to-use golang based tool for managing open source projects from ProjectDiscovery. Security professionals are constantly on guard against cyber threats, especially given the rising number and sophisticatio

Offensive Devices / Tactics
How to protect Evilginx using Cloudflare and HTML Obfuscation
Offensive Devices / Tactics·

How to protect Evilginx using Cloudflare and HTML Obfuscation

Read Article Using a combination of Cloudflare and HTML Obfuscation, it is possible to protect your Evilginx server from being flagged as deceptive and so increase your chances of success on Red Team and Social Engineering engagements. Anyone who has tried to run a Social Enginee

Offensive Devices / Tactics
PWNAGOTCHI: DEEP REINFORCEMENT LEARNING FOR WIFI PWNING!
Offensive Devices / Tactics·

PWNAGOTCHI: DEEP REINFORCEMENT LEARNING FOR WIFI PWNING!

Project Site Pwnagotchi is an A2C-based “AI” powered by bettercap and running on a Raspberry Pi Zero W that learns from its surrounding WiFi environment in order to maximize the crackable WPA key material it captures (either through passive sniffing or by performing deauthenticat

Business
Automating C2 Infrastructure with Terraform, Nebula, Caddy and Cobalt Strike
Business·

Automating C2 Infrastructure with Terraform, Nebula, Caddy and Cobalt Strike

Read Article The ability to quickly build out a C2 infrastructure within a few minutes, including all the set up and tear down logic included would be a great asset for any offensive security group or operator. In this post, I will show exactly how to build a fully automated func

Offensive Devices / Tactics
FAKING BLUETOOTH LE WITH AN NRF24L01+ MODULE
Offensive Devices / Tactics·

FAKING BLUETOOTH LE WITH AN NRF24L01+ MODULE

Offensive Devices / Tactics
Hardware Implants as an Initial Access Vector
Offensive Devices / Tactics·

Hardware Implants as an Initial Access Vector

Read Article On every red team engagement, one of the first steps is to gain access to the target environment. Generally, red teams will leverage social engineering techniques to get their customer to run a payload sent through email or other digital means. Unfortunately for us,

Business
Red Pandas Unleashed: How Webhooks, Bad USB, and WiFi Collide in Cyberspace
Business·

Red Pandas Unleashed: How Webhooks, Bad USB, and WiFi Collide in Cyberspace

Read Article The Power of Automation for Pentesting Automation has become a game-changer in the world of penetration testing. With the ever-increasing complexity of networks and systems, manually tracking and responding to security events is no longer viable. This is where webhoo