INFORM-Framework: Bedrohungsbasierte Cybersicherheit messbar machen
Strategische Verteidigungsplanung mit neuem Messansatz
Die MITRE Cyber Threat Intelligence Division (CTID) präsentiert INFORM, ein webbasiertes Bewertungsinstrument für bedrohungsorientierte Sicherheitsarchitekturen
Aller la team #VendrediLecture 🦄🐰🎩
Je reprends la #RedTeam en version poche ! "Ces Guerres qui nous attendent : 2030-2060" les trois tomes ! Y compris les "Ultimes Scénarios"
Facile à inclure avec l'Encyclopédie #CyberAge pour des scénarios #CyberPunk en Jeu de Rôle ! #JdR
Extracts browser-stored data such as refresh tokens, cookies, saved credentials, credit cards, autofill entries, browsing history, and bookmarks from modern Chromium-based and Gecko-based browsers (Chrome, Microsoft Edge, Firefox, Opera, Opera GX, and Vivaldi)🕵️♂️
A python-based pentesting library for Azure and Entra ID🕵️♂️
https://github.com/codyburkard/azol
#infosec #cybersecurity #redteam #pentest #cloud #python #opensource
The DEF CON Training Singapore course lineup is now live!
We’re thrilled to share the full slate of courses for the first-ever DEF CON Training Singapore! Join us in April for hands-on, skills-forward trainings led by top practitioners from across the community. Whether you’re sharpening fundamentals or diving deep into emerging threats and advanced techniques, there’s something here for you!
Explore the full lineup and course details here:
https://training.defcon.org/collections/singapore-2026
Spots go fast, so take a look, grab your seat, and get ready to learn and build.
Early bird pricing available now until February 8. See you in Singapore 🇸🇬
#DEFCON #DEFCONTraining #Singapore #DCSG #Cybersecurity #Training #InfoSec #HackerCommunity #RedTeam #BlueTeam #AI #CyberTraining
ProfileHound is a tool that enumerates Windows domain user profiles via the C$ share and exports them to BloodHound as a HasUserProfile edge making it easy to see which users have profiles on which hosts.
Ghostly Hollowing Via Tampered Syscalls https://github.com/Maldev-Academy/GhostlyHollowingViaTamperedSyscalls2 #redteam
Analyzes software dependencies across GitHub repositories to identify security vulnerabilities and health risks in your supply chain🕵️♂️
Agent 0DIN: A Gamified CTF for Breaking AI Systems🕵️♂️
This infographic highlights #linux based tools that red teams use to simulate real-world attacks and pressure-test defenses 😎👇
Shared for security awareness and defensive learning—not misuse. Understanding how attacks work is key to building stronger defenses. Stay informed. Stay ethical.
Find a pdf book with all my #cybersecurity related infographics from https://study-notes.org
#redteam #cybersecuritytraining #cybersecurityawareness #informationsecurity
RedTeamCoin is a blockchain-based cryptocurrency mining pool implementation designed for authorized security testing (cryptomining attacks)🕵️♂️
It’s wild that 170k+ of you are rocking a free Pentest-Tools.com account. 💥
Data shows registered users run 3x more scans than anonymous users. It’s likely because of the "Santa-tier" perks (2 parallel scans, asset monitoring, & 90-day history).
Most used tools by the community: 1️⃣ Website Scanner (792k)
2️⃣ Port Scanner (726k)
3️⃣ Network Scanner (722k)
Which tool is your "Step 1" for recon?
Get the bundle here: https://pentest-tools.com/usage/pricing/free
🚨 Active exploitation confirmed: CVE-2025-11953
VulnCheck is reporting active exploitation attempts in the wild against the React Native Metro server.
The issue? It binds to 0.0.0.0 by default, exposing a "local" dev tool to the internet.
⚠️ Crucial Detail: While the exposure is general, the current RCE exploit specifically targets Windows environments.
We’ve updated Pentest-Tools.com to help you validate this:
Network Scanner: Detects exposed Metro servers.
Sniper Auto-Exploiter: Safely executes a PoC (on Windows) to confirm RCE.
Fix: Update @react-native-community/cli-server-api to v20.0.0+ or bind to 127.0.0.1.
Validate your risk.
#InfoSec #AppSec #RedTeam #VulnerabilityManagement #ReactNative #CVE202511953
Open-source offensive security platform for conducting phishing campaigns that weaponizes iCalendar automatic event processing🕵️♂️
This function takes a tenant ID and queries the public accounts.accesscontrol.windows.net metadata (returns all domains associated with that Office 365 tenant)🕵️♂️
This is amusing. I wonder if the free PlayStations, live fish, and Kosher wine were worth it.
New cheatsheets pushed🕵️♂️
https://github.com/r1cksec/cheatsheets
#infosec #cybersecurity #redteam #pentest #malware #osint #cloud #hacking #opensource
eWPTXv3: проверяем «экстремальность» экзамена от INE
Привет, Хабр. Сегодня мы расскажем вам о таком звере, как eWPTX (Web Application Penetration Tester e Xtreme), сертификации для веб-пентестеров от INE Security. В данной статье мы с вами разберёмся: · что это за сертификация; · чему и как нас будут учить; · действительно ли она eXtreme. Ну и попутно будем сравнивать eWPTX с Burp Suite Certified Practitioner (BSCP), ещё одной широко известной сертификацией в области анализа защищённости веб-приложений.
https://habr.com/ru/companies/angarasecurity/articles/978438/
#redteam #пентест #сертификация #eWPTX #вебпентест #ибобучение
🏋🏻 𝗡𝗼𝗿𝘁𝗵𝗦𝗲𝗰 𝟮𝟬𝟮𝟲: 𝟭𝟬 𝘀𝗲𝘀𝘀𝗶𝗼𝗻𝘀 𝗱𝗲 𝗳𝗼𝗿𝗺𝗮𝘁𝗶𝗼𝗻 𝗮𝘃𝗮𝗻𝗰é𝗲 𝗱𝗼𝗻𝘁 𝘃𝗼𝘁𝗿𝗲 é𝗾𝘂𝗶𝗽𝗲 𝗱𝗲 𝘀é𝗰𝘂𝗿𝗶𝘁é 𝗮 𝗯𝗲𝘀𝗼𝗶𝗻 • 𝟭𝟬 𝗔𝗱𝘃𝗮𝗻𝗰𝗲𝗱 𝗧𝗿𝗮𝗶𝗻𝗶𝗻𝗴 𝗦𝗲𝘀𝘀𝗶𝗼𝗻𝘀 𝗬𝗼𝘂𝗿 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗧𝗲𝗮𝗺 𝗡𝗲𝗲𝗱𝘀
Montez en compétence votre équipe de cybersécurité avec des formations pratiques offertes par des experts de l'industrie! NorthSec 2026 compte 10 cours intensifs couvrant les compétences les plus recherchées!
Level up your cybersecurity team with hands-on training from industry-leading experts! NorthSec 2026 brings together 10 intensive courses covering the most in-demand skills!
➡️ Red Team Training
Charles F. Hamilton (Mr.Un1k0d3r)
➡️ Beyond Whiteboard Hacking: Master AI-Enhanced Threat Modeling
Steven Wierckx
➡️ Offensive Active Directory Operations Certification (OADOC)
Evan Hosinski (White Knight Labs)
➡️ Deconstructing Rust Binaries
@cxiao
➡️ Reverse, Bypass, Exploit: Mobile Hacking Workshop
David Baker & Steven Smiley (Corellium)
➡️ Offensive Development Practitioner Certification (ODPC)
Munaf Shariff (White Knight Labs)
➡️ Attacking & Securing CI/CD Pipeline Certification (ASCPC)
Raunak Parmar & Robert (Bobby) Schwass (White Knight Labs)
➡️ Advanced Detection Engineering in the Enterprise
FalconForce
➡️ Offensive GCP Operations & Tactics Certification (OGOTC)
Chirag Savla (White Knight Labs)
➡️ Practical AI Security - Go Beyond Theory: Build, Break, and Defend
Harish Ramadoss
📅 11-13 mai/May 2026
📍 Montréal, QC
👉 Description complète des cours, réductions pour étudiant(e)s et informations sur l'inscription disponibles à:
𝘍𝘶𝘭𝘭 𝘤𝘰𝘶𝘳𝘴𝘦 𝘥𝘦𝘴𝘤𝘳𝘪𝘱𝘵𝘪𝘰𝘯, 𝘴𝘵𝘶𝘥𝘦𝘯𝘵 𝘥𝘪𝘴𝘤𝘰𝘶𝘯𝘵𝘴, 𝘢𝘯𝘥 𝘳𝘦𝘨𝘪𝘴𝘵𝘳𝘢𝘵𝘪𝘰𝘯 𝘪𝘯𝘧𝘰 𝘢𝘵:
🔗 https://nsec.io/training-sessions/
#trainings #cybersecurity #infosec #redteam #bluelteam #cloudsecurity
The year ahead is shaped by what you choose to learn now. Take 40% off everything with code HOLIDAY40 and build a foundation for deeper thinking and hands-on skill development. Sale ends Jan 2 at 11:59 PM PST.
#books #bookstodon #programming #devops #hacking #hardware #engineering #cybersecurity #infosec #redteam #blueteam
