🎉Leonidas for Kubernetes is officially on GitHub!🎉 Our cloud attack simulation framework has been updated to support #Kubernetes environments! Remember that tool we demo'ed at DefCon Adversary Village this summer? You can finally take it for a ride: github.com/WithSecureLabs…

Our talk at #BHEU is done! Hope you all enjoyed it. 😉 A detailed blog is on the way, but in the meantime, check out the pre-alpha website worst.fit for early access and the slides! Huge thanks to Black Hat and my awesome co-presenter splitline 👁️🐈‍⬛! 🐈‍

TIL : There's a way to prevent the Win+R phishing thewindowsclub.com/enable-or-disa…

Twice a year we dive into the latest, notable tradecraft that has caught our attention in the world of phishing and initial access over the past six months. From Pastejacking, to image-less QR codes, to zip concatenation. 📚 Read our new Top 10: blog.delivr.to/delivr-tos-top…

Who says #Python Malware is out of style? In our new #blog,kevin revisits an old technique he believes is a prime candidate to host #malware payloads—Python for Windows. Read it now! hubs.la/Q033Jvyq0

Introducing Forge 🔥 – the first “Command Augmentation” container for Mythic! Check out Cody Thomas's latest blog post to learn how this new add-on offers a more standardized way of executing BOFs and .NET assemblies. ghst.ly/416iKnu

This is a really cool use of LLMs to dynamically generate and execute Python code with the Medusa Mythic agent! 🐍🤖 gosecure.ai/blog/2025/03/2…

Using Mythic and VECTR on your purple teams? 💜 I’ve just open-sourced a new Mythic service container that allows you to auto-populate VECTR test cases based on your Mythic taskings. github.com/MythicAgents/V…

Our Phishing Attack Technique Explorer is now live! 😈🔍 Next time you browse our catalogue, you'll see a new view to find payloads combining popular attack techniques; from Pastejacking and Bring Your Own Interpreter, to HTML Smuggling and Auth Coercion delivr.to/app/payloads

My next book is open for pre-orders!!! I have included the first two chapters in audiobook form for free. You can listen to them now on my website or you can listen and read the sample on Apple Books. Looking forward to getting it into your hands. themittenmac.com/threat-hunting…

TIL that there's a Defender 365 detection for use of the Microsoft logo from a wiki page - "Phish_HTML_WithMsLogoFromWiki_A" 🤣

Turns out the same ClickFix mitigation of ‘disabling’ the Win+R shortcut (HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer - NoRun DWORD 1) also prevents exploitation of the address bar FileFix technique💡

Cool to see our Sigma rule for FileFix detection being merged today 🚀🩵 github.com/SigmaHQ/sigma/…

A few yrs ago, when we began building delivr.to, a piece of me wondered if we'd see the innovation and creativity in the threat landscape to justify writing this kind of blog. This is the fifth(!) time we've put together our Top 10 and... the answer is 100% yes 😅

A short GitHub repository explaining on weaponizing WSL file extensions github.com/dmcxblue/WSL-P… #redteam

See you in Vegas! 👀✍️📚🎰

Friday 2pm. Come say hi! 💜

🚨 I am publishing my research on the File System API. FileJacking might used to establish Initial Access. Key points: - File smuggling via File System API - Backdooring files directly from a browser - Reading / creating folders and files from a browser print3m.github.io/blog/filejacki…

If you haven’t already, check out Print3M’s research on File System APIs here: print3m.github.io/blog/filejacki… We went down the exfil path for this research, but certainly some abuse potential there!