Ever wondered what it's like to be on a Red Team? Join WICCA & KPN on April 11 for a hands-on ethical hacking event: red teaming exercises, expert talks, dinner, drinks & even a surprise! Bring your laptop —spots are limited!
Recent searches
Search options
Administered by:
#redteam
5 posts4 participants0 posts today
ISCRIVITI AL WEBINAR DEL CORSO ETHICAL HACKER EXTREME EDITION
La nuova Extreme Edition è il programma completo che ti porta dalle basi agli attacchi più avanzati, in 34 settimane di formazione blended learning, in italiano, con accesso esclusivo alla piattaforma HackMeUp! 
5 anni di accesso a 50+ scenari di hacking Lezioni avanzate su tecniche e strategie d’attacco Piano quinquennale per il mantenimento della certificazione professionale
WEBINAR 8 APRILE 2025 ORE 18
3755931011 
e.picconi@fatainformatica.it
New Open-Source Tool Spotlight 
GhidraMCP is an Model Context Protocol server for allowing LLMs to autonomously reverse engineer applications. It exposes numerous tools from core Ghidra functionality to MCP clients.
Project link on #GitHub 
https://lnkd.in/gRUrYpMx
#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity
— 
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 
Top #hashcat tip:
Want per-position duplication in your rules to leverage your GPU?
It's not available in a single op, but you can emulate it by incrementally duplicating the first N chars, and then incrementally deleting the position and frequency of the redundant characters
How can a DNS mail record be used to trick you into giving up your login credentials? 
Researchers at Infoblox have identified a phishing-as-a-service (PhaaS) platform called Morphing Meerkat that’s been quietly operating for over five years. What makes it notable is its use of DNS MX (Mail Exchange) records in ways rarely reported before. Instead of the usual static phishing page setups, Morphing Meerkat queries the victim’s email provider’s MX record—using DNS-over-HTTPS via Google or Cloudflare—to tailor the phishing page dynamically. This means victims are shown spoofed login interfaces that mimic the exact service they use, complete with matching branding and pre-filled email fields.
The platform supports more than 114 brand templates and uses obfuscated JavaScript to evade detection. It also includes built-in translation capabilities based on browser profile or geolocation, making the fake login pages appear native to the user's language. Earlier versions began in 2020 targeting just five email services (Gmail, Outlook, Yahoo, AOL, Office 365). By mid-2023, they could generate phishing pages dynamically using MX records and now operate in over a dozen languages.
Morphing Meerkat campaigns rely on a set of centralized email servers, primarily hosted by UK ISP iomart and US-based HostPapa, indicating a coordinated infrastructure rather than a loose network of attackers. The phishing emails often impersonate trusted services—banks, shipping companies, etc.—and are distributed using compromised WordPress sites, open redirects from platforms like Google’s DoubleClick, and embedded links in shortened URLs.
Once a user submits credentials, the system may display a fake “Invalid Password” error to lure them into re-entering data, after which they are redirected to the real login page. This not only reduces suspicion but also increases the chance of capturing correct credentials. Stolen data is sent back via AJAX, PHP scripts, or Telegram bots, sometimes with evidence removed in real-time.
This operation shows a deep understanding of modern security blind spots—including how content delivery and DNS infrastructure can be turned against end users.
#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity
— P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking
New Open-Source Tool Spotlight
TheHive is an open-source incident response platform designed to help teams investigate and manage cybersecurity incidents efficiently. It integrates with tools like MISP for threat intelligence sharing and supports automation through APIs. #CyberSecurity #IncidentResponse
Project link on #GitHub https://github.com/TheHive-Project/TheHive
#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity
— P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking
New Open-Source Tool Spotlight
APTSimulator is a tool for security teams to simulate advanced persistent threat (APT) behavior in a controlled environment. It uses batch scripts to mimic common attack techniques, like privilege escalation or ransomware actions, without real payloads. Useful for testing detection rules. #CyberSecurity #ThreatSimulation
Project link on #GitHub https://github.com/NextronSystems/APTSimulator
#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity
— P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking
New Open-Source Tool Spotlight
Velociraptor is an advanced DFIR (Digital Forensics and Incident Response) tool. It focuses on endpoint monitoring, hunting, and data collection using flexible artifact-based queries. Its scripting language, VQL, allows custom queries tailored for specific investigations. #DigitalForensics #CyberSecurity
Project link on #GitHub https://github.com/Velocidex/velociraptor
#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity
— P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking
TI HANNO DETTO CHE BASTA UNA CERTIFICAZIONE QUALSIASI PER LAVORARE NELLA CYBERSECURITY? SBAGLIATO!
Se il tuo titolo non è conforme agli standard UNI EN 11506 e UNI EN 11621-4, rischi di non essere riconosciuto nel mercato italiano ed europeo.
Certificazioni tecniche: CPSS - SOC Specialist, CDFE - Digital Forensic Expert, CPEH - Professional Ethical Hacker. Certificazioni manageriali: CISO - Certified Information Security Officer.
Webinar 1 aprile 2025 alle 18:00
LINK REGISTRAZIONE: https://cybersecurityup.webinargeek.com/fata-informatica-certificazioni-internazionali-per-il-tuo-riconoscimento-professionale?cst=rhc
New Open-Source Tool Spotlight
Rubeus is a post-exploitation tool for Kerberos-related tasks on Windows. It supports ticket extraction, pass-the-ticket attacks, ticket forging, and more. A powerful choice for understanding and simulating Kerberos security flaws.
#CyberSecurity #Kerberos #RedTeam
Project link on #GitHub https://github.com/GhostPack/Rubeus
#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity
— P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking
Follow the Adversary: The Top 3 Red Team Exploitation Paths from 2024: https://www.crowdstrike.com/en-us/blog/top-three-red-team-exploitation-paths-from-2024/
CrowdStrike.comTop 3 Trends in Red Team Exploitation PathsRead this blog as we examine the top three exploitation paths the CrowdStrike Professional Services Red Team encountered in 2024.
CORSO ETHICAL HACKER EXTREME EDITION: IL PERCORSO DEFINITIVO PER L’HACKING ETICO!
5 anni di accesso a 50+ scenari di hacking Lezioni avanzate su tecniche e strategie d’attacco Piano quinquennale per il mantenimento della certificazione professionale
WEBINAR GRATUITO – 8 APRILE 2025 ORE 18
Posti limitati – e come sempre, garanzia soddisfatti o rimborsati!LINK REGISTRAZIONE : https://cybersecurityup.webinargeek.com/presentazione-del-corso-ethical-hacker-extreme-edition-aprile-2025?cst=rhc
Info & Contatti: 375 593 1011 | e.picconi@fatainformatica.it
Proxmark3 v4.20142 "Blue Ice" is live!
With 20,000 commits, this community-driven release brings powerful new features for RFID security.
Huge thanks to all contributors! 
#RFIDHacking #OpenSource #PenTest #Proxmark3 #CyberSecurity #RedTeam
GitHubReleases · RfidResearchGroup/proxmark3Iceman Fork - Proxmark3. Contribute to RfidResearchGroup/proxmark3 development by creating an account on GitHub.
TI HANNO DETTO CHE BASTA UNA CERTIFICAZIONE QUALSIASI PER LAVORARE NELLA CYBERSECURITY? SBAGLIATO! Se il tuo titolo non è conforme agli standard UNI EN 11506 e UNI EN 11621-4, rischi di non essere riconosciuto nel mercato italiano ed europeo. Certificazioni tecniche: CPSS - SOC Specialist, CDFE - Digital Forensic Expert, CPEH - Professional Ethical Hacker. Certificazioni manageriali: CISO - Certified Information Security Officer.
Webinar il 1° aprile 2025 alle 18:00
REGISTRAZIONE: https://cybersecurityup.webinargeek.com/fata-informatica-certificazioni-internazionali-per-il-tuo-riconoscimento-professionale
Does anyone have an alternative for testmyNIDS that doesn't require me to fuck around with statically compiled curl?
#infosec #redteam #purpleteam
New Open-Source Tool Spotlight
Azure Sentinel is Microsoft's cloud-native SIEM tool. It integrates AI to detect threats, automate responses, and monitor logs across environments. Useful for hybrid clouds, it supports connectors for platforms like AWS, Office 365, and more. #CloudSecurity #SIEM
Project link on #GitHub https://github.com/Azure/Azure-Sentinel
#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity
— P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking
CORSO ETHICAL HACKER EXTREME EDITION: IL PERCORSO DEFINITIVO PER L’HACKING ETICO!
Pacchetto ELITE CLUB incluso: 5 anni di accesso a 50+ scenari di hacking Lezioni avanzate su tecniche e strategie d’attacco Piano quinquennale per il mantenimento della certificazione professionale
PARTECIPA GRATUITAMENTE AL WEBINAR DI PRESENTAZIONE – 8 APRILE 2025 ORE 18LINK REGISTRAZIONE: https://cybersecurityup.webinargeek.com/presentazione-del-corso-ethical-hacker-extreme-edition-aprile-2025?cst=rhc
Info & Contatti: 375 593 1011 | e.picconi@fatainformatica.it
New Open-Source Tool Spotlight
CrackMapExec is a post-exploitation tool for penetration testers. It automates tasks like credential validation, lateral movement, and Active Directory enumeration on Windows environments. Built on Python, it supports SMB, WinRM, and other protocols. Extremely useful for red team assessments. #CyberSecurity #PenTest
Project link on #GitHub https://github.com/byt3bl33d3r/CrackMapExec
#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity
— P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking
CORSO ETHICAL HACKER EXTREME EDITION
Pacchetto ELITE CLUB incluso: 5 anni di accesso a 50+ scenari di hacking Lezioni avanzate su tecniche e strategie d’attacco Piano quinquennale per il mantenimento della certificazione professionale
WEBINAR: 8 APRILE 2025 ORE 18:00https://cybersecurityup.webinargeek.com/presentazione-del-corso-ethical-hacker-extreme-edition-aprile-2025?cst=rhc
3755931011 e.picconi@fatainformatica.it
New Open-Source Tool Spotlight
Log4Shell still has lingering risks. If you're managing Java apps, check out Log4shell-detector on GitHub. It scans for vulnerable Log4j usage with minimal setup. Regular audits help keep your environment secure. #cybersecurity #Log4Shell
Project link on #GitHub https://github.com/Neo23x0/log4shell-detector
#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity
— P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking
