All-in-one offensive security toolbox with AI agent and MCP architecture. Integrates tools like Nmap, Metasploit, FFUF, SQLMap. Enables pentesting, bug bounty hunting, threat hunting, and reporting. RAG-based responses with local knowledge base support. https://t.co/sVDVUjlz9F
In recent weeks, our research team’ve identified a sophisticated phishing campaign targeting Türkiye. Threat actors targeted computers running Windows operating systems located in Türkiye and using the Turkish language.
Key takeaway: the malware bypassed every public sandbox and AV aside from https://t.co/33UOuuYlmQ, and also evaded EDR/XDR in real-world incidents. We noted impact across many banks, ISPs, and mid-level organizations.
This case again shows why on-premises sandboxes are essential for critical infrastructure and why real dynamic analysis is crucial for SOC teams.
https://t.co/KfgbdCtc3j
Novel KimJongRAT stealer variants identified: One implements in Portable Executable (PE) format and the other leverages PowerShell. We compare these variants to previous versions of the malware. https://t.co/j05t6KjkXW
@x86matthew's old "Embedding an EXE within a LNK" research came to mind again and I spent a bit playing with .ZIP instead. I found that you can smuggle extra data inbetween the file data and .ZIP's central directory which won't display + can be extracted with powershell
𝗟𝗟𝗠 𝗥𝗲𝗱 𝗧𝗲𝗮𝗺𝗶𝗻𝗴 𝗥𝗲𝘀𝗼𝘂𝗿𝗰𝗲𝘀
1. Red Teaming LLM Applications by DeepLearning :-
https://t.co/jtsqHVQBaP
2. Planning red teaming for LLMs by Microsoft :-
https://t.co/8LTuQuTgWz
3. Red teaming LLMs by HuggingFace :-
https://t.co/CyZ6qZ1dMQ
4. LLM Red Teaming by KLU :-
https://t.co/FZ2kYk2fAy
5. Red Teaming LLMs Nihad Hassan :-
https://t.co/Q9x9jOhPOb
🔗Red-Teaming to make LLMs robust and safer :-
https://t.co/nPBD0hxbN0
Confirmed! Chen Le Qi (@cplearns2h4ck) of STARLabs SG combined a UAF and an integer overflow to escalate to SYSTEM on #Windows 11. He earns $30,000 and 3 Master of Pwn points. #Pwn2Own#P2OBerlin
AWSPEAS (https://t.co/oQfy7RHFhj) maps what AWS creds can do: reads IAM, simulates calls & brute-forces perms, then flags risks via HackTricksAI.
Essential for Red Team/Pentest ops.
#cloudpeass#AWS#CloudSecurity