Iscriviti alla 𝗖𝗮𝗽𝘁𝘂𝗿𝗲 𝗧𝗵𝗲 𝗙𝗹𝗮𝗴 (𝗖𝗧𝗙) 𝗱𝗲𝗹𝗹𝗮 𝗥𝗲𝗱 𝗛𝗼𝘁 𝗖𝘆𝗯𝗲𝗿 𝗖𝗼𝗻𝗳𝗲𝗿𝗲𝗻𝗰𝗲 𝟮𝟬𝟮𝟱! La sfida epica sta per iniziare!

𝗤𝘂𝗮𝗻𝗱𝗼 : Dalle 15:30 di Giovedì 8 maggio alle 17:00 di Venerdì 9 Maggio
𝗗𝗼𝘃𝗲 : Online o presso il Teatro Italia a Roma in Via Bari,18, a pochi minuti a piedi da Termini e Piazza Bologna
𝗥𝗲𝗴𝗼𝗹𝗮𝗺𝗲𝗻𝘁𝗼 (𝗱𝗮 𝗹𝗲𝗴𝗴𝗲𝗿𝗲 𝗰𝗼𝗻 𝗔𝗧𝗧𝗘𝗡𝗭𝗜𝗢𝗡𝗘 Don't be LAMAH) : https://www.redhotcyber.com/documents/rhc-conference/CTF/rhc-conference-regolamento-ctf.pdf?ez_view_original_only=on&ez_view_optimized_only=off
𝗣𝗲𝗿 𝗶𝘀𝗰𝗿𝗶𝘃𝗲𝗿𝘁𝗶 : http://rhc-conference-2025-workshop.eventbrite.it/ (obbligatoria per l'accesso alle flag fisiche all'interno del teatro Italia)
𝗜𝘀𝗰𝗿𝗶𝘇𝗶𝗼𝗻𝗲 𝗮 𝗖𝗧𝗙𝗗 : https://ctf.redhotcyber.com/

One week from now, @defcon CTF qualifiers will begin. Register now at https://quals.2025.nautilus.institute/ , game starts at 1744416000

New Open-Source Tool Spotlight

SharPersist is a tool for creating persistence mechanisms on Windows, leveraging C#. It supports methods like registry runs, WMI event subscriptions, and scheduled tasks. Designed for red teams but publicly available. #CyberSecurity #Windows

Project link on #GitHub https://github.com/mandiant/SharPersist

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

Trying to decompile a rust binary... anyone got a useful program? Not ghidra, binary.ninja...

New Open-Source Tool Spotlight

Seatbelt is a post-exploitation tool designed for Windows environments. It collects detailed system information to help identify potential privilege escalation paths or misconfigurations. It's lightweight, written in C#, and can be run on live systems without requiring installation.

Used responsibly, tools like this can help secure your environment by simulating attacker tactics. #CyberSecurity #InfoSec

Project link on #GitHub https://github.com/GhostPack/Seatbelt

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

How is a clean, legitimate program helping hackers steal data from Ukraine?

Researchers at Cisco Talos have uncovered an ongoing spear-phishing campaign by the Russia-linked group Gamaredon, also known as Armageddon or ACTINIUM. Active since November 2024, the attacks specifically target Ukrainian users with lures tied to military activity, such as troop-related documents.

The group distributes phishing emails that include ZIP archives or links to them. Inside those ZIPs are malicious shortcut (LNK) files made to look like Office documents. Once opened, these LNKs execute obfuscated PowerShell scripts that download a second-stage payload—Remcos RAT—using geo-fenced servers located in Russia and Germany. These servers often only respond to IP addresses originating from Ukraine, returning HTTP 403 errors to others.

Delivery of the Remcos malware follows a DLL sideloading technique. A notable example includes the use of "TivoDiag.exe," a legitimate executable bundled with a malicious DLL named "mindclient.dll." When the clean executable runs, it inadvertently loads and executes the malicious DLL, which decrypts and launches the Remcos backdoor hidden in the same ZIP file. This method helps bypass basic antivirus detection.

Remcos gives remote attackers full control over infected machines. Its use, combined with selective geo-targeting and deceptive file naming, points to a focused cyber-espionage effort against Ukrainian entities.

Talos provided indicators of compromise and detection rules to help defenders spot this activity. While Gamaredon has long relied on custom tools, their adoption of commercially available backdoors like Remcos reflects a shift toward more flexible, quickly deployable payloads suited for fast-moving espionage operations.

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

New Open-Source Tool Spotlight

Loki is an open-source malware scanner designed for threat detection. It uses YARA rules, IOC pattern matching, and file system anomaly detection to identify malicious files and artifacts. Ideal for quick triage, not full AV replacement. #malware #cybersecurity

Project link on #GitHub https://github.com/Neo23x0/Loki

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

New Open-Source Tool Spotlight

GhidraMCP is an Model Context Protocol server for allowing LLMs to autonomously reverse engineer applications. It exposes numerous tools from core Ghidra functionality to MCP clients.

#ReverseEngineering #Ghidra

Project link on #GitHub https://lnkd.in/gRUrYpMx

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

How can a DNS mail record be used to trick you into giving up your login credentials?

Researchers at Infoblox have identified a phishing-as-a-service (PhaaS) platform called Morphing Meerkat that’s been quietly operating for over five years. What makes it notable is its use of DNS MX (Mail Exchange) records in ways rarely reported before. Instead of the usual static phishing page setups, Morphing Meerkat queries the victim’s email provider’s MX record—using DNS-over-HTTPS via Google or Cloudflare—to tailor the phishing page dynamically. This means victims are shown spoofed login interfaces that mimic the exact service they use, complete with matching branding and pre-filled email fields.

The platform supports more than 114 brand templates and uses obfuscated JavaScript to evade detection. It also includes built-in translation capabilities based on browser profile or geolocation, making the fake login pages appear native to the user's language. Earlier versions began in 2020 targeting just five email services (Gmail, Outlook, Yahoo, AOL, Office 365). By mid-2023, they could generate phishing pages dynamically using MX records and now operate in over a dozen languages.

Morphing Meerkat campaigns rely on a set of centralized email servers, primarily hosted by UK ISP iomart and US-based HostPapa, indicating a coordinated infrastructure rather than a loose network of attackers. The phishing emails often impersonate trusted services—banks, shipping companies, etc.—and are distributed using compromised WordPress sites, open redirects from platforms like Google’s DoubleClick, and embedded links in shortened URLs.

Once a user submits credentials, the system may display a fake “Invalid Password” error to lure them into re-entering data, after which they are redirected to the real login page. This not only reduces suspicion but also increases the chance of capturing correct credentials. Stolen data is sent back via AJAX, PHP scripts, or Telegram bots, sometimes with evidence removed in real-time.

This operation shows a deep understanding of modern security blind spots—including how content delivery and DNS infrastructure can be turned against end users.

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

New Open-Source Tool Spotlight

TheHive is an open-source incident response platform designed to help teams investigate and manage cybersecurity incidents efficiently. It integrates with tools like MISP for threat intelligence sharing and supports automation through APIs. #CyberSecurity #IncidentResponse

Project link on #GitHub https://github.com/TheHive-Project/TheHive

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

New Open-Source Tool Spotlight

APTSimulator is a tool for security teams to simulate advanced persistent threat (APT) behavior in a controlled environment. It uses batch scripts to mimic common attack techniques, like privilege escalation or ransomware actions, without real payloads. Useful for testing detection rules. #CyberSecurity #ThreatSimulation

Project link on #GitHub https://github.com/NextronSystems/APTSimulator

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

New Open-Source Tool Spotlight

Velociraptor is an advanced DFIR (Digital Forensics and Incident Response) tool. It focuses on endpoint monitoring, hunting, and data collection using flexible artifact-based queries. Its scripting language, VQL, allows custom queries tailored for specific investigations. #DigitalForensics #CyberSecurity

Project link on #GitHub https://github.com/Velocidex/velociraptor

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

ph0wn labs #2: Raspberry Pico (RP2040)

- next Tuesday: April 1st, 2025
- time: 19:00 - 22:00
- Sophia Hack Lab (SHL) - 2323 Chem. de Saint-Bernard, Space Antipolis Batiment 9, 06220 Vallauris - Sophia Antipolis. On site only - no recording.

1. Setup Pico SDK
2. Pico le Croco's car engine won't start! Help him repair it, and solve ph0wn 2024 CTF challenge Pico PCB
3. Implement an April Fool program for the board, and flash it

Have fun!
Don't forget your laptop, you'd be left with your eyes to cry. Please check your laptop has a USB slot Type A. If not, come with an adapter.
+ install a disassembler (Ghidra, IDA Pro, Radare2...)

NB. Pico le Croco is not affiliated with the Raspberry Pico, but the play on words was so tempting...

New Open-Source Tool Spotlight

Rubeus is a post-exploitation tool for Kerberos-related tasks on Windows. It supports ticket extraction, pass-the-ticket attacks, ticket forging, and more. A powerful choice for understanding and simulating Kerberos security flaws.

#CyberSecurity #Kerberos #RedTeam

Project link on #GitHub https://github.com/GhostPack/Rubeus

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

New Open-Source Tool Spotlight

Blacksmith is a cloud-native adversary simulation tool that scales offensive testing in Azure. It’s built to automate simulation setups, leveraging Azure services like Sentinel for detection validation. Useful for red teaming and continuous security improvement.

#ThreatHunting #AzureSecurity

Project link on #GitHub https://github.com/OTRF/Blacksmith

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

New Open-Source Tool Spotlight

Azure Sentinel is Microsoft's cloud-native SIEM tool. It integrates AI to detect threats, automate responses, and monitor logs across environments. Useful for hybrid clouds, it supports connectors for platforms like AWS, Office 365, and more. #CloudSecurity #SIEM

Project link on #GitHub https://github.com/Azure/Azure-Sentinel

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

Know your linker - and what functional and security aspects the Global Offset Table (GOT) and the Procedure Linkage Table (PLT) have.

https://tmpout.sh/4/4.html

New Open-Source Tool Spotlight

CrackMapExec is a post-exploitation tool for penetration testers. It automates tasks like credential validation, lateral movement, and Active Directory enumeration on Windows environments. Built on Python, it supports SMB, WinRM, and other protocols. Extremely useful for red team assessments. #CyberSecurity #PenTest

Project link on #GitHub https://github.com/byt3bl33d3r/CrackMapExec

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

New Open-Source Tool Spotlight

FLARE's FLOSS is a tool that extracts strings from malware, even if they're obfuscated. Unlike standard tools, FLOSS uses emulation and decoding techniques to identify hidden strings, making it invaluable for reverse engineers. It bridges gaps where simple static analysis falls short. #malwareanalysis #reversing

Project link on #GitHub https://github.com/fireeye/flare-floss

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

It's #ZeroDays #CTF day

Off to Croke Park with meself. #Dubs4Sam

https://zerodays.ie/