My Cloud Penetration testing tools/resources :- bishopfox.com/blog/cloud-pen… cloud.hacktricks.wiki/en/pentesting-… github.com/kh4sh3i/cloud-… github.com/jeremylaratro/… github.com/RhinoSecurityL… github.com/nccgroup/azucar github.com/RyanJarv/aweso…

viXra material; we told you to stop using RSA years ago

spencer firewall.dsinternals.com/ADDS/

We’re seeing a clear trend: attackers are bypassing the endpoint entirely. Not just avoiding traditional EDR-monitored systems by pivoting to embedded and edge devices, but now also operating purely in the cloud. No shell, no malware, no persistence on the endpoint. Just an OAuth

your urgency dictates your success.

Here's our new blog on hiding your implant in VTL1, where even an EDR's kernel sensor can't see it.🧑‍🦯 Post includes full operational details. Plus our OST offering has been updated with a Cobalt Strike sleep mask exploiting secure enclaves. Full read ➡️ outflank.nl/blog/2025/06/1…

In a new blog, @Proofpoint threat research engineers disclosed their detailed discovery of Amatera Stealer, a newly rebranded and upgraded malware-as-a-service (MaaS) version of the ACR Stealer. Read the blog: brnw.ch/21wTvpI. #securityengineering #detectionengineering

At NCSC UK today we released two malware reports: UMBRELLA STAND: Malware targeting Fortinet devices with report, STIX, Yara & IoCs SHOE RACK: A post-exploitation tool for remote shell access & TCP tunnelling through a victim device along with Yara ncsc.gov.uk/section/keep-u…

Updated #Lumma stealer C2 extractor! See github.com/CAPESandbox/CA…

AMD warns of new Meltdown, Spectre-like bugs affecting CPUs go.theregister.com/feed/www.there…

Nikola Knežević created an overview of AsyncRAT forks and how they relate to each other. Great research. #AsyncRAT #QuasarRAT welivesecurity.com/en/eset-resear…

Just released Suzaku v1.0.0 with great native Sigma support for AWS CloudTrail logs. (Supports almost all field modifiers and all v2 correlation rules) github.com/Yamato-Securit… Come visit our booth at Black Hat Arsenal on Aug 7th if you are around! blackhat.com/us-25/arsenal/…

If you would like to take a gander: specterops.io/wp-content/upl…

😈 𝐓𝐫𝐚𝐢𝐧𝐢𝐧𝐠 𝐒𝐩𝐞𝐜𝐢𝐚𝐥𝐢𝐬𝐭 𝐌𝐨𝐝𝐞𝐥𝐬: 𝐀𝐮𝐭𝐨𝐦𝐚𝐭𝐢𝐧𝐠 𝐌𝐚𝐥𝐰𝐚𝐫𝐞 𝐃𝐞𝐯𝐞𝐥𝐨𝐩𝐦𝐞𝐧𝐭 How to make an LLM train itself to write more evasive malware. Outflank’s Kyle Avery describes how a small, specially trained LLM (Dante-7B, based on

26 Awesome AI Security Lists 1️⃣ github.com/wearetyomsmnv/… 2️⃣ github.com/kaplanlior/oss… 3️⃣ github.com/corca-ai/aweso… 4️⃣ github.com/zmre/awesome-s… 5️⃣ github.com/DeepSpaceHarbo… 6️⃣ github.com/Billy1900/Awes… 7️⃣ github.com/trailofbits/aw… 8️⃣ github.com/RiccardoBiosas… 9️⃣ github.com/disesdi/mlseco… 🔟

Stay ahead of cyber threats. ⚡ This page collects real-time intelligence sources—Mandiant, DFIR Report, Unit 42, Red Canary, Avast, Symantec & more—so you don’t miss critical updates. Check it out: start.me/p/wMrA5z/cyber…

Reading material: nsa.gov/Press-Room/Pre…

[1/x] I would love to make NTSleuth a community driven project so the whole research community can profit off it. For that I created ntsleuth.com which can serve as a syscall database across Windows architectures, builds, versions. Not many datasets yet but will

The DARPA AI Cyber Challenge was designed to advance cybersecurity technology and ensure that technology is applied to secure the code we all rely on. All seven finalist teams have released their competition cyber reasoning systems open source. archive.aicyberchallenge.com

Remote dumping cred files with Shadow Snapshots: labs.itresit.es/2025/06/11/rem… To use it: secretsdump -use-remoteSSMethod PR For SAM: github.com/fortra/impacke… (merged) PR For NTDS.dit: github.com/fortra/impacke… (not merged) Detection: github.com/I3IT/Detect.Re…