An alternative variant of Clickfix phishing (open file upload dialog, Ctrl + L, paste command in the navigation bar of the file path)🕵️‍♂️

https://mrd0x.com/filefix-clickfix-alternative/

#infosec #cybersecurity #redteam #phishing

New Open-Source Tool Spotlight 🚨🚨🚨

Kubeshark brings Wireshark-like functionality to Kubernetes, capturing real-time protocol-level traffic across pods, nodes, and clusters. Think API observability at scale with support for Helm and Homebrew. #Kubernetes #DevOps

🔗 Project link on #GitHub 👉 https://github.com/kubeshark/kubeshark

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

— ✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

How Mouse Without Borders can be used for lateral movement and data exfiltration🕵️‍♂️

https://0xsultan.github.io/dfir/Exfiltrate-Without-Borders

#infosec #cybersecurity #pentest #redteam

New Open-Source Tool Spotlight 🚨🚨🚨

Threat Designer by AWS uses Generative AI to automate threat modeling for secure system design. It leverages services like AWS Lambda, Amplify, and DynamoDB to analyze architectures, detect threats, and streamline security workflows. #cybersecurity #AI

🔗 Project link on #GitHub 👉 https://github.com/awslabs/threat-designer

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

— ✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

Phantom Persistence:

https://blog.phantomsec.tools/phantom-persistence

#cybersecurity #hacking #malware #informationsecurity #redteam #blueteam #programming

Phantom Persistence:

https://blog.phantomsec.tools/phantom-persistence

#cybersecurity #hacking #malware #informationsecurity #redteam #blueteam #programming

🇬🇧✨ Physical intrusion starts long before the door.
At #leHACK 2025, Mr JACK unveils the hidden side of physical security: pre-intrusion strategy, lock reverse engineering, and how attackers adapt to modern systems (RFID, AI cameras, electronic locks…).
From 3D scanning to mechanical analysis—get ready to see what you’ve missed.
🗓️ 28 June
🕐 7:45pm
🔗 https://lehack.org/2025/tracks/conferences
🎟️ Late bird : https://billetweb.fr/lehack-2025-the-singularity
#PhysicalSecurity #redteam #leHACK

🇫🇷✨ L’intrusion physique commence bien avant la porte.
Pendant #leHACK 2025, Mr JACK explore les techniques de pré-intrusion et de reverse engineering appliquées à la sécurité physique moderne : serrures électroniques, RFID, caméras IA…
Scanners 3D, rayons X, analyse mécanique : tout ce qu’on ne voit pas… mais qui ouvre.
🗓️ 28 juin
🕐 19h45
🔗 https://lehack.org/2025/tracks/conferences
🎟️ Dernières places : https://billetweb.fr/lehack-2025-the-singularity
#sécuritéphysique #redteam #leHACK

Are you attending @PSConfEU? Make sure not to miss my session tomorrow:
"I’m in your browser, eating your cookies (…and bypassing your MFA)"

Join me in room 4 at 1pm - there will be cookies.

#PSConfEU #RedTeam #PurpleTeam #LiveHackDemo #PowerShell

New cheatsheets pushed🕵️‍♂️

https://github.com/r1cksec/cheatsheets

#infosec #cybersecurity #pentest #redteam #threatintel #osint #cloud

New Open-Source Tool Spotlight 🚨🚨🚨

Nosey Parker is like a precision `grep` for secrets. It scans files, directories, Git histories, and GitHub repos, using 186 regex patterns to detect sensitive info with high accuracy. Outputs are deduplicated to reduce noise, and it scales up to 20TB inputs at GB/s speeds. #CyberSecurity #OpenSource

🔗 Project link on #GitHub 👉 https://github.com/praetorian-inc/noseyparker

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

— ✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

#ad #adcs #privesc #pentest #redteam

Breaking ADCS: ESC1 to ESC16 Attack Techniques

Lab Environment: All examples in this article are demonstrated using the GOAD [Game of Active Directory](https://github.com/Orange-Cyberdefense/GOAD) lab environment, which provides a realistic multi-domain Active Directory setup perfect for testing these techniques. The domains we'll be working with include `essos.local`, `sevenkingdoms.local`, and `north.sevenkingdoms.local`.

Whether you're a red teamer looking to expand your toolkit or a defender trying to understand these threats, this article will give you the deep technical knowledge you need.

https://xbz0n.sh/blog/adcs-complete-attack-reference

A walkthrough of various vulnerabilities in Sitecore's Experience Platform (CVE-2025-34509, CVE-2025-34510, CVE-2025-34511)🕵️‍♂️

https://labs.watchtowr.com/is-b-for-backdoor-pre-auth-rce-chain-in-sitecore-experience-platform

#infosec #cybersecurity #cve #redteam #pentest

A technique that prevents amsi.dll from being loaded into a process when attempting to load an assembly via a custom CLR🕵️‍♂️

https://medium.com/@itayomer83/amsi-bypass-without-amsi-bypass-693b542eb05c

#infosec #cybersecurity #pentest #redteam

El lado del mal - Vibe Hacking con Cybersecurity AI (CAI): Agentes AI autónomos para ciberseguridad ofensiva y defensiva https://www.elladodelmal.com/2025/06/vibe-hacking-con-cybersecurity-ai-cai.html #IA #AI #AgenticAI #hacking #Pentest #Pentesting #CAI #CybersecurityAI #RedTeam #BlueTeam #InteligenciaArtificial

New Open-Source Tool Spotlight 🚨🚨🚨

A Rust-powered Windows kernel rootkit, **shadow-rs**, blends advanced system manipulation with Rust's safety principles. Features include process hiding, privilege elevation, callback management, and more. For research/education. 🌐 #RustLang #KernelDevelopment

🔗 Project link on #GitHub 👉 https://github.com/joaoviictorti/shadow-rs

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

— ✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

𝐅𝐫𝐞𝐞 𝐌𝐚𝐬𝐭𝐞𝐫𝐜𝐥𝐚𝐬𝐬 𝐨𝐧 "𝐇𝐨𝐰 𝐓𝐡𝐫𝐞𝐚𝐭 𝐈𝐧𝐭𝐞𝐥𝐥𝐢𝐠𝐞𝐧𝐜𝐞 𝐨𝐧 𝐀𝐈 𝐀𝐬𝐬𝐢𝐬𝐭𝐬 𝐘𝐨𝐮𝐫 𝐑𝐞𝐝/𝐁𝐥𝐮𝐞 𝐓𝐞𝐚𝐦 𝐑𝐨𝐚𝐝𝐦𝐚𝐩"

📅 Date: 25 June (Wed)
⌚ Time: 07:30 – 08:30 PM (IST)

Free Register Now: https://infosectrain.com/events/how-threat-intelligence-on-ai-assists-your-red-blue-team-roadmap/

#AI #InfosecTrain #Cybersecurity #ThreatIntelligence #RedTeam #BlueTeam #CyberDefense

My good friends over at SecBSD have launched their new website.

What is SecBSD?

It's a security-hardened operating system for modern security assessment.

It is engineered as a ready-to-use environment for penetration testers, ethical hackers, red and blue teams, bug bounty hunters, and analysts —basically any security professional that requires specialized security tools on a daily basis.

SecBSD is based on OpenBSD and inherits it's robust security architecture including proactive hardening, code auditing, and exploit mitigation.

You can find out more here: https://secbsd.org

#SecBSD #InfoSec #OSINT #Cybersecurity #OpenBSD #RedTeam #BlueTeam #Privacy

New Open-Source Tool Spotlight 🚨🚨🚨

PurpleLab offers a fully deployable cybersecurity lab with a web-based UI. Includes Windows Server 2019 sandbox, detection rule management, and MITRE ATT&CK integration. Ideal for testing detection rules or simulating attacks. #Cybersecurity #DevSecOps

🔗 Project link on #GitHub 👉 https://github.com/Krook9d/PurpleLab

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

— ✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

New Open-Source Tool Spotlight 🚨🚨🚨

Transform any URL into an LLM-ready input with `Reader`. Just prefix the URL with `https://r.jina.ai/` for clean, readable content extraction. Perfect for enhancing agents & RAG pipelines. #LLM #NLP

Need web search results for your LLM? Prepend queries with `https://s.jina.ai/` to fetch top results—content included. E.g., `https://s.jina.ai/your+query` brings knowledge directly to your model. #AItools #DataEngineering

Reader API now supports images! Captions are auto-generated for images missing alt tags, giving LLMs better context for reasoning and summarizing multimedia pages. #MachineLearning #AI

🔗 Project link on #GitHub 👉 https://github.com/jina-ai/reader

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

— ✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️