Porto, get ready! π΅πΉ
Join Abraham Aranguren on Sep 23 for a hands-on workshop on practical Android and iOS attacks.
https://t.co/KqS5wzt8c6
#OWASP#MobileSecurity#AppSec
β οΈ Your cache may hold more than performance data.
ποΈ Sessions, tokens, API responses, and auth decisions can all become security risks if your cache is misconfigured.
π https://t.co/t6C6E75KeW
#CyberSecurity#AppSec#Redis#InfoSec
π¨ BOFs reduce some of the process signals defenders rely onβbut they are not invisible.
Learn how Beacon Object Files change detection, post-exploitation testing, and defensive monitoring.
π https://t.co/K9SfAtj8qD
#CyberSecurity#BOF#CobaltStrike
π P2PE and E2EE protect different things.
Know where encryption starts, where it ends, and where plaintext still appears.
π https://t.co/b22X7al1Wd
#CyberSecurity#Encryption#AppSec
π’ New 7ASecurity public #threatmodel report
π Super Tanks lightweight threat model by 7ASecurity.
https://t.co/jgSkZyUCyr
π¬ Feedback welcome as always.
#CyberSecurity#AI#InfoSec
π³ PCI vulnerability management is more than scanning.
Validate findings. π οΈ Fix the root cause. β Verify the remediation.
Learn how penetration testing and code audits strengthen PCI DSS security.
π https://t.co/OyaqA2DQle
#PCIDSS#CyberSecurity#PaymentSecurity
π Iframes aren't the problem.
Blind trust between frames is.
Learn how attackers abuse postMessage, weak sandboxing, and embedded content flows.
π https://t.co/zLD3SiKZPI
#AppSec#WebSecurity#XSS
π WebDAV isn't automatically a vulnerability.
Weak authentication, exposed methods, and poor permissions are the real problem.
π https://t.co/ILLmV38snd
#WebSecurity#Pentesting#InfoSec
π₯ Learn Android #hacking from practitioners who do it for a living.
2 days. Hands-on: Frida, reverse engineering, pinning & root detection bypasses, CTFs, and real-world attacks.
ποΈ Code: DCTLV26SAVE10 for 10% OFF (first 10)
π https://t.co/f56k3cSYvV
#DEFCON#AndroidSecurity
π Diamond Tickets don't forge authentication from scratch.
They abuse legitimate Kerberos tickets, making them far stealthier than Golden Tickets.
π https://t.co/ausVJMI9J3
#CyberSecurity#ActiveDirectory#InfoSec
π NTDS.dit contains the keys to your Active Directory kingdom.
Attackers are using native Windows tools to extract it while evading detection.
π https://t.co/Mhp6KetFRG
#CyberSecurity#ActiveDirectory#InfoSec
π‘οΈ Attackers are using AD Explorer to quietly map Active Directory environments.
If you're only hunting for SharpHound, you could be missing the real threat.
π https://t.co/oqkO7I9FNI
#CyberSecurity#ActiveDirectory#InfoSec
π¨ NTLM is on its way out. Attackers are still abusing it today.
Pass-the-Hash and NTLM relay attacks remain major Active Directory risks.
π https://t.co/0Fv6u5fk6e
#CyberSecurity#ActiveDirectory#Kerberos
π¨ Kerberoasting has evolved.
Attackers now blend into normal network traffic with targeted service ticket requests.
Learn how to detect them with KQL hunting and Kerberos hardening.
π https://t.co/gOLs53PDbf
#CyberSecurity#ThreatHunting#Kerberos
π¨ Attackers donβt break in anymore β they log in.
Weak Entra roles, shadow admins & legacy access paths are the real targets.
π https://t.co/zckbdgaf9D
#CyberSecurity#CloudSecurity#IAM
π΄ A penetration test finds vulnerabilities.
Red Teaming shows whether attackers can actually bypass your defences.
π https://t.co/f48Gd9BOOr
#CyberSecurity#RedTeam#PenTesting