Woop. @mitreattack community slides are up here:
https://web.tresorit.com/l/tz3En#5ePZHUjQNg6GFFHZNVEhSA
#att&ck, #redteam, #blueteam, #purpleteam, #dataanalytics, #security, #research
Been here a while and haven’t found #hardware #hackers or those #building projects. Where’s the #bugbounty pros with the tips? #Blueteam with those new #YARA rules?
Here’s a $20 FPV scanner I’ll probably document and open source.
Hashtags might help? #infosec #detection #makestuff #reverseengineering #drones
Day 1 of posting to social media until I get an offensive security research job
First, I’m going to start with what I know – Windows. I need to recreate what I had access to at Microsoft, so that starts by setting up a dev environment and finding a copy of Windows System Internals, perhaps the greatest resource for learning Windows out there. My expertise is in Windows and virtualization, so I’m going to make sure I master those areas.
Next, I don’t think I want to grind coding exercises, but I do need to shake the rust off my coding skills. I think I’m going to start with some HackTheBox challenges and find some CTFs to participate in.
Finally, my long overdue goal: learn Rust. I’m not sure if this will help immediately, as I could choose to improve my knowledge of Python. But Rust was getting more and more popular in the areas of Windows I was tasked with protecting, so I need to learn what all the fuss is about with regards to memory safety.
If anyone is on a similar journey, let’s hold each other accountable in the comments! I will be sure to document any write-ups at blog.maxrenke.com (work in progress).
Mini Digital Forensic Diaries story: got sent to a university in London to investigate a case where a student, who bragged of hacker prowess openly, was suspected of introducing malware to a machine and stealing a lecturers password.
“We don’t know how, but we know they logged into the account, and sent emails - and this is the only machine the lecturer uses,” came the brief.
Imaged the machine suspected of being targeted.
While giving the lecturer their laptop back post imaging I observed, via projector, the lecturer entering in their password to the username field on the login screen.
“Whoops, I’m always doing that - at least this time it wasn’t in front of the students,” they said.
Sure enough, there was no evidence of anything untoward on the laptop, but I had a good theory as to what may have occurred.
Check out more, less mini, stories like this at https://infosecdiaries.com.
New Open-Source Tool Spotlight 
Living Off the Land (LOL) techniques exploit legitimate tools for malicious purposes. This GitHub repo curates an impressive list of methods and resources attackers use across endpoints, cloud services, and more. Great for defenders seeking to enhance detection strategies. #Cybersecurity #Infosec
Project link on #GitHub 
https://github.com/danzek/awesome-lol-commonly-abused
#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity
— 
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 
New Open-Source Tool Spotlight
CVEMap by ProjectDiscovery simplifies vulnerability intelligence with a CLI tool that maps CVEs to EPSS, KEV, CPE, GitHub PoCs, and more. Customizable filters, JSON output, and integration-ready. Requires Go 1.21. #cybersecurity #opensource
Project link on #GitHub https://github.com/projectdiscovery/cvemap
#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity
— P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking
are you in any other cybersecurity communities? discord? slack? matrix? IRC? carrier pigeons?
let me know!
"Analysis of command-line activity reveals the threat actor’s use of specific PowerShell cmdlets for discovering and interacting with virtual machines. They initiated powershell.exe with the -ExecutionPolicy Bypass flag to execute sequences such as Get-VM for VM enumeration, followed by Get-VHD to identify associated virtual disk files.
The pipeline further extended to Get-DiskImage -ImagePath $_.Path and Dismount-DiskImage, suggesting a process of accessing and then unlinking VHD contents. Commands to halt virtual machine operations (Get-VM | Stop-VM) were also noted as."
Interested in receiving private reports similar to this report? Contact us for pricing - https://thedfirreport.com/contact/
I love ATT&CK Community. Every 15 minute talk is an interesting idea. Data, threats, tools - what's not to like.
#att&ck, #redteam, #blueteam, #purpleteam, #dataanalytics, #security, #research
New Open-Source Tool Spotlight
Loading PowerShell scripts from C# while bypassing AMSI, ETW, and logging? Meet Stracciatella. Think SharpPick but designed for evasion—with Constrained Language Mode & defenses disabled on startup using .NET runspaces. Intricate yet efficient. #CSharp #RedTeam
Project link on #GitHub https://github.com/mgeeky/Stracciatella
#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity
— P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking
The Extended Vulnerability Community is a Discord where a number of people from all walks of the vulnerability life have gathered together to share information, resources, and provide guidance to one another.
Come join us if you are involved in discovery, reporting, triaging, managing, remediating, or fighting the vulnerability life!
What happens when a single Go module can wipe your entire Linux system? 
Researchers have uncovered three malicious Go packages that, once installed, can render a Linux machine completely unbootable. These modules—`prototransform`, `go-mcp`, and `tlsproxy`—were hosted on GitHub and disguised as legitimate open-source tools. What sets them apart isn’t just the malware, but how it’s delivered: hidden in obfuscated code that quietly checks if the OS is Linux, then downloads a shell script using `wget`. That script doesn’t just corrupt the system—it zeroes out `/dev/sda`, the primary disk, erasing all data beyond recovery.
These aren't isolated incidents. A parallel wave of threats has hit JavaScript and Python ecosystems too. Several npm packages—such as `crypto-encrypt-ts` and `userbridge-paypal`—were found stealing cryptocurrency wallet seed phrases and exfiltrating private keys. Meanwhile, other PyPI packages like `web3x` and `herewalletbot` targeted similar data and have already been downloaded over 6,800 times.
More concerning, another group of seven PyPI packages communicated through Gmail’s SMTP servers and WebSockets to exfiltrate data and enable remote command execution. Using hardcoded Gmail credentials, they sent success notifications back to attackers and opened persistent channels for control. Since Gmail traffic often bypasses scrutiny from corporate firewalls and endpoint protection systems, these packages operated with minimal detection.
The recurring theme here is trust—developers importing open-source packages assume some degree of safety if a library has been around or appears well-maintained. But attackers are exploiting that assumption, embedding silent functionality behind familiar names and benign-looking codebases.
Defensive practices matter. Teams should scrutinize dependency trees, validate GitHub sources, monitor for unusual outbound connections—including SMTP—and treat every third-party library as a potential threat vector, regardless of its age or download count. Ignoring this risk is no longer viable.
#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity
— P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking
Team Cymru @teamcymru_S2 writes about the Bulletproof Host ELITETEAM. They've been moving their one IP network amongst their various ASN's to try and avoid being blocked. You definitely want to block this IP subnet:
185.215.113.0/24
https://www.team-cymru.com/post/seychelles-seychelles-on-the-c-2-shore
Courtesy of Intel471 we have another article and another bulletproof host: Zservers.
Their IP address ranges are here. Block them both!
https://ipinfo.io/AS197414
Intel471's article on Zservers is here:
https://intel471.com/blog/zservers-bulletproof-hosting-for-crime
Heard of bulletproof hosting? This refers to service providers who will host any and all kinds of malicious content. You don't want to see any traffic to or from these service providers. One of the worst (and most documented) is Proton66. I highly recommend you block all of their IP address ranges.
Their IP ranges are available here:
https://ipinfo.io/AS198953
An article about some of their malicious hosted content courtesy of @DomainTools is available here:
https://dti.domaintools.com/proton66-where-to-find-aspiring-hackers/
Weren't we just talking about defenses for GenAI and whatnot? Huh. Wonder if LlamaFirewall is endorsed by @jerry ...
https://ai.meta.com/blog/ai-defenders-program-llama-protection-tools/
(KØMVH) 
