Nous mettons les voiles dans une semaine ! Voici quelques extraits de notre conférence. Au hasard, mais toujours très intéressant. Cela montre vraiment la qualité que nous avons cette année, nous avons hâte de vous en dire plus ! Si vous ne l'avez pas encore fait, n'oubliez pas d'acheter votre billet pour le Nsec 2025 !
We are setting sails in one week! Here are some random picks from our conference. Random, and still super interesting. This really shows the quality we have this year, we can't wait to tell you more about it! If you haven't yet, make sure to buy your ticket for Nsec 2025!
@Sibshops not really, it keeps stable at the €250-ish mark, so it's simply a jump in value tuat seems persistent. Whereas any ML would spike it for a bit and/or go down afterwards...
If anything, #delisting|s of #Monero made it harder to do #AML & #CTF investigations since #Exchanges did keep record on the exact "coin" (like a Serial Number on a banknote), allowing for #cash-like tracing based off known date/time, wallet & coin correlation.
before heading out 2 the #2600 #meeting in #madrid worked on my #gemini #gemlog
& on the #http output https://rek2.hispagatos.org & gemini://rek2.hispagatos.org
still a lot of work to do also started something I been wanting to do for years
is attach a sub-blog only of #hacking and #CTF topics like #writeups and such I
created it under https://rek2.hispagatos.org/writeups/ & added 2 test writeups
I did last year of #hackthebox 200+ more 2 come & good
#hacking info & tricks <3
#HappyHacking #HackingIsNotACrime
New Open-Source Tool Spotlight 
WinPwn simplifies internal Windows penetration testing by automating reconnaissance and exploitation through PowerShell. Features include domain recon, privilege escalation, Kerberoasting, UAC bypasses, and proxy-aware scripting. Also works offline with `Offline_Winpwn.ps1`. #cybersecurity #pentesting
Project link on #GitHub 
https://github.com/S3cur3Th1sSh1t/WinPwn
#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity
— 
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 
How does a threat actor evade detection using Microsoft Paint and Outlook? 
A newly identified cyberespionage group known as Earth Alux has been actively targeting sectors like government, telecom, logistics, and IT across countries in the Asia-Pacific and Latin America since mid-2023. According to Trend Micro researchers, the group uses a layered and adaptive toolset designed for stealth and persistence.
The attack starts with the exploitation of vulnerable public-facing services to deploy Godzilla, a web shell that acts as the entry point. Once inside, Earth Alux typically deploys either VARGEIT or COBEACON backdoors. VARGEIT is notable for spawning within benign processes such as *mspaint.exe*, allowing it to execute reconnaissance and steal data while blending into normal activity.
COBEACON, based on Cobalt Strike Beacon, is usually deployed first and delivered by MASQLOADER—an obfuscated shellcode loader. Some versions of MASQLOADER employ anti-API hooking by directly patching NTDLL.dll, a core Windows system library, to bypass endpoint detection solutions.
VARGEIT stands out for its flexible command-and-control mechanisms. It can communicate through up to 10 different channels, including DNS, ICMP, and even Microsoft Outlook via the Graph API. Communication through Outlook drafts is structured using specific prefixes ("r_" for commands, "p_" for responses), allowing attackers to maintain control without raising immediate flags.
The group also utilizes DLL side-loading techniques through loaders like RAILLOAD, accompanied by a timestomping module called RAILSETTER that ensures persistence by altering timestamps and setting scheduled tasks. To find new binaries suitable for side-loading, Earth Alux reportedly runs detection tests using open-source tools like ZeroEye and VirTest, both widely used in Chinese-speaking security circles.
Researchers suggest that the group carefully tests each component for stealth and evasion, pointing to a longer-term campaign focused on espionage rather than quick monetization. The structure and testing of tools indicate professional development practices and a commitment to remaining undetected in targeted environments.
#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity
— P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking
New Open-Source Tool Spotlight
PAYGoat is a deliberately vulnerable banking app designed to explore business logic flaws like BOLAC, race conditions, and balance tampering. A hands-on tool for researchers, pen testers, and devs studying secure backend design. #AppSec #CyberSecurity
Project link on #GitHub https://github.com/stuxctf/PAYGoat
#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity
— P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking
New Open-Source Tool Spotlight
AggressorScripts is a curated collection of .cna scripts enhancing Cobalt Strike's functionality. From Beacon-to-Empire migrations to Slack notifications for new Beacons, it’s packed with Red Team utilities. Highlights: OPSEC profiles, mimikatz automation, and stale beacon alerts. #RedTeam #CobaltStrike
Project link on #GitHub https://github.com/bluscreenofjeff/AggressorScripts
#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity
— P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking
Cybench evaluates language models by testing them in real-world cybersecurity scenarios using Capture The Flag (CTF) challenges. These tasks include areas like cryptography, reverse engineering, and web vulnerabilities. The assessment highlights the models' capabilities and areas needing enhancement, offering valuable insights into their security expertise. Learn more at: https://cybench.github.io/
Compétition Capture The Flag - SecureIT
https://fsm.rnu.tn/fra/articles/4908/competition-capture-the-flag---secureit
New Open-Source Tool Spotlight
angr is a Python-based framework for binary analysis, spanning capabilities like symbolic execution, control-flow analysis, and decompilation. Ideal for CTF challenges and reverse engineering tasks. #binaryanalysis #reverseengineering
Project link on #GitHub https://github.com/angr/angr
#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity
— P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking
New Open-Source Tool Spotlight
GOAD (Game of Active Directory) by Orange-Cyberdefense is a lab for pentesting Active Directory environments. With multiple configurations like GOAD-Mini and SCCM labs, it helps security professionals practice AD attack techniques. Caution: Designed for isolated lab use only. #ActiveDirectory #Cybersecurity
Project link on #GitHub https://github.com/Orange-Cyberdefense/GOAD
#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity
— P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking
New Open-Source Tool Spotlight
Mapping your threat-hunting workflows to the MITRE ATT&CK framework? Check out olafhartong's ThreatHunting Splunk app. With 130+ reports and dashboards, it simplifies hunting while integrating Sysmon data for deep insights. Requires tuning for best results. #ThreatHunting #MITREATTACK
Project link on #GitHub https://github.com/olafhartong/ThreatHunting
#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity
— P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking
SAVE THE DATE: HackHERthon am 08.-10.09. in Berlin
Wir wollen talentierte und interessierte Menschen, die sich als Frau identifizieren, anhand von technischen Herausforderungen zusammenbringen.
Drei Tage und zwei Events in einem: Wir bieten euch einen Tag voll mit Challenges in einem #CTF-Wettbewerb und zwei Tage kreativer Problemlösung. Du hast die Wahl, entweder an einem Format teilzunehmen oder beides mitzuerleben!
Die Teilnahme ist kostenfrei und bietet dir nicht nur eine moderne Umgebung, in der du dich frei von Erwartungshaltung oder Leistungsdruck entfalten kannst, sondern auch eine Atmosphäre, in der Teamarbeit und individuelle Weiterentwicklung im Vordergrund stehen.
Die Veranstaltung ist für alle Interessierten, die sich als Frau identifizieren.
Eindrücke aus dem vergangenen Jahr: https://youtu.be/jee2Y8n8KOc?si=gOB3qxuPizuPeBxZ
Bewirb dich jetzt hier: https://www.hisolutions.com/hackherthon
New Open-Source Tool Spotlight
Scopify is a Python-based recon tool for pentesters, leveraging `netify.ai` to analyze CDNs, hosting, and SaaS infra of target companies. Optional OpenAI integration adds AI-guided insights for deeper testing. Built by @Jhaddix & Arcanum-Sec. #CyberSecurity #BugBounty
Project link on #GitHub https://github.com/Arcanum-Sec/Scopify
#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity
— P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking
I will be giving a talk on Pwndbg open source development in ~1h on a local Python meeetup!
It will be livestreamed on: https://www.youtube.com/live/euK_S81Qnuo?si=EhZ-WhnP-4yZRElE
New Open-Source Tool Spotlight
Mandiant's `capa` analyzes executable files to pinpoint their capabilities. From detecting HTTP communications to identifying persistence mechanisms, it helps analysts assess malware functionality quickly. Supports PE, ELF, .NET, shellcode, and sandbox reports. #malwareanalysis #cybersecurity
Project link on #GitHub https://github.com/fireeye/capa
#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity
— P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking
Im Umfeld des @RaumZeitLabor formt sich gerade ein neues #CTF-Team. Wenn ihr Bock habt euch regelmäßig vor Ort in Mannheim mit anderen zum lernen und pwnen zu treffen, guckt mal nächsten Montag 28.04. um 19Uhr zum ersten regulären Treffen im Space vorbei. Alle Skill-Level sind willkommen. Weitere Infos folgen voraussichtlich dannach auf Website/Mailingliste/Wiki/Masto
https://raumzeitlabor.de/kontakt/anfahrt/
How can a simple SQL command open the door to full system takeover and cryptocurrency mining? 
A recent cloud attack campaign is exploiting misconfigured PostgreSQL servers, using legitimate database functionality to run malicious code on compromised systems. The operation, tracked by Wiz under the name JINX-0126, has targeted more than 1,500 exposed PostgreSQL instances so far. It builds on an earlier wave of attacks identified in mid-2024, but now includes more advanced evasion techniques.
At the core is the misuse of PostgreSQL's `COPY ... FROM PROGRAM` command. This command, intended for importing data, is leveraged to execute arbitrary shell commands directly on the host. Once inside, the attacker runs a Base64-decoded shell script that removes rival miners and installs a binary called PG_CORE.
A critical piece of this attack is an obfuscated Golang binary named *postmaster*. It mimics PostgreSQL’s real process, helping it blend in. It also sets up persistence through cron jobs, creates new privileged roles, and writes a binary named *cpu_hu* to disk.
That binary fetches and launches the XMRig cryptocurrency miner—without leaving files behind. This uses Linux's `memfd_create`, a technique that loads executables directly into memory to bypass detection tools that scan disk activity.
Each infected system is assigned a unique worker identity and connected to one of three Monero wallets controlled by the attacker. With about 550 active miners tied to each wallet, the impact spans at least 1,500 machines.
The broader issue is clear: many PostgreSQL services remain poorly secured with weak or default credentials. Combined with powerful features like programmatic file imports, they become easy targets for attackers looking to monetize unauthorized access without raising alarms.
#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity
— P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking
# 
