HackLabs is a collection of hands-on vulnerable labs designed to practice web exploitation, privilege escalation, Active Directory attacks, and general pentesting techniques in a safe environment.
⚠️ For educational and authorized testing only.
🔗 https://t.co/yIKRr71ymP
#CyberSecurity #Pentesting #EthicalHacking #RedTeam #CTF #InfoSec #AppSec
https://t.co/YC4ii76Xza by @CTI__Updates
Input a username and locate active forum accounts, very useful for your OSINT research or finding posts shared on X
‼️ The open-sourced Miasma worm code includes a GitHub zero-day, and per the researcher who disclosed it, GitHub has known about it since September 8, 2025 and still hasn't fixed it.
Researcher Adnan Khan reported this exact technique to GitHub. Roughly nine months later it's now weaponized in the open-sourced Miasma code and running in the wild.
Khan's open question: how many GitHub customers were hit by the worm through it.
🚨🇯🇵 FamilyMart allegedly targeted in 21.5M record database leak
A threat actor on an underground forum is claiming to have leaked data allegedly belonging to FamilyMart, a major convenience store chain and retail brand.
The actor claims the dataset contains 21,581,576 records, including company planning data, payment records, agreements, employee information, and trade-related records.
𝗪𝗵𝗮𝘁’𝘀 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗲𝘅𝗽𝗼𝘀𝗲𝗱:
• Company planning records
• Payment-related data
• Agreement and contract records
• Employee information
• Trade-related records
• Advertiser and agency records
• Activity and schedule tables
• CSV database files
𝗗𝗲𝘁𝗮𝗶𝗹𝘀:
𝗧𝗮𝗿𝗴𝗲𝘁: FamilyMart
𝗖𝗼𝘂𝗻𝘁𝗿𝘆: Japan
𝗦𝗲𝗰𝘁𝗼𝗿: Retail / Convenience Stores
𝗔𝗰𝘁𝗼𝗿: tbabi / Anka Red Team
𝗖𝗹𝗮𝗶𝗺: Database leak
𝗘𝘅𝗽𝗼𝘀𝘂𝗿𝗲: 21,581,576 records
𝗣𝗿𝗶𝗰𝗲: Not stated
𝗢𝗯𝘀𝗲𝗿𝘃𝗲𝗱: May 22, 2026
Stop guessing what's redacted. Subscribers see everything: https://t.co/281Qjc6p2J
The detection rule that catches most BEC persistence (most still miss this one):
OfficeActivity
| where TimeGenerated > ago(1h)
| where Operation in ("New-InboxRule", "Set-InboxRule", "UpdateInboxRules", "Set-Mailbox")
| extend Parsed = parse_json(Parameters)
| mv-expand Parsed
| extend ParamName = tostring(https://t.co/NoT29gDyYJ), ParamValue = tostring(Parsed.Value)
| where ParamName in ("ForwardTo", "RedirectTo", "ForwardAsAttachmentTo", "ForwardingSmtpAddress", "DeleteMessage", "MarkAsRead", "MoveToFolder", "Name")
| summarize
RuleActions = make_set(ParamName),
ForwardDest = make_set(iff(ParamName in ("ForwardTo", " RedirectTo", "ForwardAsAttachmentTo", "ForwardingSmtpAddress"), ParamValue, "")),
RuleName = max( iff(ParamName == "Name", ParamValue, "") ),
ClientIP = max(ClientIP)
by TimeGenerated, UserId, Operation
| where RuleActions has_any ("ForwardTo", "RedirectTo", "ForwardAsAttachmentTo", "ForwardingSmtpAddress")
and (RuleActions has_any ("DeleteMessage", "MarkAsRead", "MoveToFolder") or array_length(ForwardDest) > 0)
// Optional: add your internal domains filter here to eliminate noise
// | where not(ForwardDest has_any ("@example.com", "@yourdomain.com", ...))
| project TimeGenerated, UserId, Operation, RuleName, ForwardDest, RuleActions, ClientIP
| order by TimeGenerated desc
Deploy this as a Sentinel analytics rule.
Run every 15 minutes. Alert on every hit.
This catches end-user inbox rules that forward to external addresses + hide/delete messages — the #1 BEC persistence trick.
(Pro tip: add your internal domains to kill false positives.)
This single rule would have caught the persistence mechanism in the majority of BEC cases we investigated last year.
There are other ways to address this, but the focus is on detection
New to Threat Hunting Labs?
We made the first investigation path easier to start.
Case 0001 is now free to run on the Azure platform for both:
- Threat Hunting
- Incident Response
That means new users can launch the guided walkthrough, use the Azure search console, run their first query, submit their first answer, and learn the core workflow without spending credits on the initial lab start.
The guided walkthrough now helps you:
- Launch Case 0001
- Work in Azure Log Analytics
- Run a starter query
- Submit your first answer
- Understand how THL investigations flow
This is the best starting point if you want to try the platform properly.
Start here:
https://t.co/EdI62I7Rba
‼️🚨 Microsoft calls this "intended behaviour," so here we go.
How to dump the credentials of every user stored in Microsoft Edge:
1. Open Edge. Don't browse anywhere, just open it.
2. Flip to Task Manager, find Edge, expand the task.
3. Highlight the "browser" sub-task, right-click, and choose "Create Memory Dump."
4. Open the dump file and look for credentials.
The logged-in Windows user can dump every stored Edge credential with no additional rights. Which means any malware that user executes has those credentials for the asking.
Thanks to Rob VandenBrink at SANS: https://t.co/ebtVZxne4L
GitHub - samftggr/VEN0m-Ransomware: Demonstrate how a signed driver can bypass defenses to deploy ransomware on Windows 11 with advanced AV and UAC evasion techniques. · GitHub https://t.co/bMPcb44YVI