New Open-Source Tool Spotlight

TinyAuth is a lightweight authentication backend that integrates seamlessly into your project with minimal setup. It supports password hashing (bcrypt, argon2) and JSON Web Tokens (JWT). Perfect for those prioritizing simplicity without sacrificing security. #Authentication #OpenSource

Project link on #GitHub https://github.com/steveiliop56/tinyauth

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

New Open-Source Tool Spotlight

VISTA is a Python-based AI chatbot built using OpenAI GPT and LangChain. It integrates with Pinecone for vector databases, focusing on semantic search and managing context. Looks like a good starting point if you're exploring AI chatbot frameworks. #AI #Chatbots

Project link on #GitHub https://github.com/RitikaVerma7/VISTA

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

Auto-color - Linux backdoor :

https://zw01f.github.io/malware%20analysis/auto-color/

Ever wondered what it's like to be on a Red Team? Join WICCA & KPN on April 11 for a hands-on ethical hacking event: red teaming exercises, expert talks, dinner, drinks & even a surprise! Bring your laptop —spots are limited!

https://www.meetup.com/wiccanl/events/306613663/

New Open-Source Tool Spotlight

SharPersist is a tool for creating persistence mechanisms on Windows, leveraging C#. It supports methods like registry runs, WMI event subscriptions, and scheduled tasks. Designed for red teams but publicly available. #CyberSecurity #Windows

Project link on #GitHub https://github.com/mandiant/SharPersist

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

ISCRIVITI AL WEBINAR DEL CORSO ETHICAL HACKER EXTREME EDITION

La nuova Extreme Edition è il programma completo che ti porta dalle basi agli attacchi più avanzati, in 34 settimane di formazione blended learning, in italiano, con accesso esclusivo alla piattaforma HackMeUp!

5 anni di accesso a 50+ scenari di hacking
Lezioni avanzate su tecniche e strategie d’attacco
Piano quinquennale per il mantenimento della certificazione professionale

WEBINAR 8 APRILE 2025 ORE 18

https://cybersecurityup.webinargeek.com/presentazione-del-corso-ethical-hacker-extreme-edition-aprile-2025?cst=rhc

3755931011 e.picconi@fatainformatica.it

New Open-Source Tool Spotlight

Seatbelt is a post-exploitation tool designed for Windows environments. It collects detailed system information to help identify potential privilege escalation paths or misconfigurations. It's lightweight, written in C#, and can be run on live systems without requiring installation.

Used responsibly, tools like this can help secure your environment by simulating attacker tactics. #CyberSecurity #InfoSec

Project link on #GitHub https://github.com/GhostPack/Seatbelt

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

Don't tell me you have your keys in user space?
#Nitrokey #riskmanagement #redteam #dfir #opsec

How is a clean, legitimate program helping hackers steal data from Ukraine?

Researchers at Cisco Talos have uncovered an ongoing spear-phishing campaign by the Russia-linked group Gamaredon, also known as Armageddon or ACTINIUM. Active since November 2024, the attacks specifically target Ukrainian users with lures tied to military activity, such as troop-related documents.

The group distributes phishing emails that include ZIP archives or links to them. Inside those ZIPs are malicious shortcut (LNK) files made to look like Office documents. Once opened, these LNKs execute obfuscated PowerShell scripts that download a second-stage payload—Remcos RAT—using geo-fenced servers located in Russia and Germany. These servers often only respond to IP addresses originating from Ukraine, returning HTTP 403 errors to others.

Delivery of the Remcos malware follows a DLL sideloading technique. A notable example includes the use of "TivoDiag.exe," a legitimate executable bundled with a malicious DLL named "mindclient.dll." When the clean executable runs, it inadvertently loads and executes the malicious DLL, which decrypts and launches the Remcos backdoor hidden in the same ZIP file. This method helps bypass basic antivirus detection.

Remcos gives remote attackers full control over infected machines. Its use, combined with selective geo-targeting and deceptive file naming, points to a focused cyber-espionage effort against Ukrainian entities.

Talos provided indicators of compromise and detection rules to help defenders spot this activity. While Gamaredon has long relied on custom tools, their adoption of commercially available backdoors like Remcos reflects a shift toward more flexible, quickly deployable payloads suited for fast-moving espionage operations.

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

New Open-Source Tool Spotlight

Loki is an open-source malware scanner designed for threat detection. It uses YARA rules, IOC pattern matching, and file system anomaly detection to identify malicious files and artifacts. Ideal for quick triage, not full AV replacement. #malware #cybersecurity

Project link on #GitHub https://github.com/Neo23x0/Loki

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

New Open-Source Tool Spotlight

GhidraMCP is an Model Context Protocol server for allowing LLMs to autonomously reverse engineer applications. It exposes numerous tools from core Ghidra functionality to MCP clients.

#ReverseEngineering #Ghidra

Project link on #GitHub https://lnkd.in/gRUrYpMx

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

Top #hashcat tip:

Want per-position duplication in your rules to leverage your GPU?

It's not available in a single op, but you can emulate it by incrementally duplicating the first N chars, and then incrementally deleting the position and frequency of the redundant characters

How can a DNS mail record be used to trick you into giving up your login credentials?

Researchers at Infoblox have identified a phishing-as-a-service (PhaaS) platform called Morphing Meerkat that’s been quietly operating for over five years. What makes it notable is its use of DNS MX (Mail Exchange) records in ways rarely reported before. Instead of the usual static phishing page setups, Morphing Meerkat queries the victim’s email provider’s MX record—using DNS-over-HTTPS via Google or Cloudflare—to tailor the phishing page dynamically. This means victims are shown spoofed login interfaces that mimic the exact service they use, complete with matching branding and pre-filled email fields.

The platform supports more than 114 brand templates and uses obfuscated JavaScript to evade detection. It also includes built-in translation capabilities based on browser profile or geolocation, making the fake login pages appear native to the user's language. Earlier versions began in 2020 targeting just five email services (Gmail, Outlook, Yahoo, AOL, Office 365). By mid-2023, they could generate phishing pages dynamically using MX records and now operate in over a dozen languages.

Morphing Meerkat campaigns rely on a set of centralized email servers, primarily hosted by UK ISP iomart and US-based HostPapa, indicating a coordinated infrastructure rather than a loose network of attackers. The phishing emails often impersonate trusted services—banks, shipping companies, etc.—and are distributed using compromised WordPress sites, open redirects from platforms like Google’s DoubleClick, and embedded links in shortened URLs.

Once a user submits credentials, the system may display a fake “Invalid Password” error to lure them into re-entering data, after which they are redirected to the real login page. This not only reduces suspicion but also increases the chance of capturing correct credentials. Stolen data is sent back via AJAX, PHP scripts, or Telegram bots, sometimes with evidence removed in real-time.

This operation shows a deep understanding of modern security blind spots—including how content delivery and DNS infrastructure can be turned against end users.

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

How you implement your 'under four eyes policy' ? Do you really ship your key material without tamper protection ? How about your travels and hotel security ? Signing your releases from disk stored keys? Lot of question where apple believers cannot answer. Stop being stupid.

#opsec #redteam #dfir #riskmanagement #physicalsecurity

[1] https://www.youtube.com/watch?v=WOqfqDpDx6o

New Open-Source Tool Spotlight

TheHive is an open-source incident response platform designed to help teams investigate and manage cybersecurity incidents efficiently. It integrates with tools like MISP for threat intelligence sharing and supports automation through APIs. #CyberSecurity #IncidentResponse

Project link on #GitHub https://github.com/TheHive-Project/TheHive

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

New Open-Source Tool Spotlight

APTSimulator is a tool for security teams to simulate advanced persistent threat (APT) behavior in a controlled environment. It uses batch scripts to mimic common attack techniques, like privilege escalation or ransomware actions, without real payloads. Useful for testing detection rules. #CyberSecurity #ThreatSimulation

Project link on #GitHub https://github.com/NextronSystems/APTSimulator

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

New Open-Source Tool Spotlight

Velociraptor is an advanced DFIR (Digital Forensics and Incident Response) tool. It focuses on endpoint monitoring, hunting, and data collection using flexible artifact-based queries. Its scripting language, VQL, allows custom queries tailored for specific investigations. #DigitalForensics #CyberSecurity

Project link on #GitHub https://github.com/Velocidex/velociraptor

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

New Open-Source Tool Spotlight

Rubeus is a post-exploitation tool for Kerberos-related tasks on Windows. It supports ticket extraction, pass-the-ticket attacks, ticket forging, and more. A powerful choice for understanding and simulating Kerberos security flaws.

#CyberSecurity #Kerberos #RedTeam

Project link on #GitHub https://github.com/GhostPack/Rubeus

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

New Open-Source Tool Spotlight

Blacksmith is a cloud-native adversary simulation tool that scales offensive testing in Azure. It’s built to automate simulation setups, leveraging Azure services like Sentinel for detection validation. Useful for red teaming and continuous security improvement.

#ThreatHunting #AzureSecurity

Project link on #GitHub https://github.com/OTRF/Blacksmith

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

New Open-Source Tool Spotlight

Azure Sentinel is Microsoft's cloud-native SIEM tool. It integrates AI to detect threats, automate responses, and monitor logs across environments. Useful for hybrid clouds, it supports connectors for platforms like AWS, Office 365, and more. #CloudSecurity #SIEM

Project link on #GitHub https://github.com/Azure/Azure-Sentinel

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking