Ever want to test systems & see if your password is ever stored/sent in plaintext? Make it: X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* I am on the phone with a vendor right now because my test account is in an inoperable state. 🧐

Ransomware groups InfoSec industry

Great CISA Cyber PDF on spotting deepfake audio/video, manipulated media, etc! media.defense.gov/2023/Sep/12/20… I'm releasing a *new* video on How AI Has Impacted Hacking to my awareness video library clients soon, but below is a video anyone can use to demo this threat in the meantime!

If you ever asked yourself how complex it is to setup an O365 phishing infrastructure, the answer might be a little bit disturbing "not much". It's done in under 10 mins and free O.o Here is a walkthrough:

spencer ntlm.pw

Good morning! Out CFP for our first event is now OPEN through January 31,2024! We will be happening in May 2024 in Chicago, IL. More information on exact date and site will be available soon, so be ready! bsides312.github.io

Our fellow BREAKDEV RED member Jack Button has published the long awaited guide on how to protect your Evilginx instances ‼️ Find out how to deploy an additional Cloudflare layer in front, for extra protection! 🔥🎣 A must read for all phishermen! 🪝🐟 jackphilipbutton.com/post/how-to-pr…

Excited to share my latest research on phishing Windows Hello for Business by way of a downgrade attack, using EvilGinx. Looking forward to your thoughts. Read it here: medium.com/@yudasm/bypass…

Evilginx 💗 Gophish The long-awaited official integration of Evilginx with Gophish has finally arrived with the Evilginx 3.3 update. 🪝🐟 The update includes lots of quality-of-life improvements as well. Enjoy and happy phishing! 🤗 breakdev.org/evilginx-3-3-g…

Listen now to the new episode of #SecurityNoise, "Targets Operations, Co-Pwnership." This week, we discuss state-of-the-art red team testing with Jason Lang and Darkoperator | 🇺🇦 and Jason's upcoming talk at NolaCon. Listen wherever you get your podcasts! hubs.la/Q02wPdBG0

Threw this on during my run today and I’m usually weary on this type of podcast. Engaging, well moderated, and interesting content. Was not a commodity cybersecurity podcast conversation. Excellent work, gained a listener.

Being a Sysadmin is one of THE HARDEST jobs in tech. Not only do you need to keep the lights on but at most orgs you're wearing so many hats that you also have to upgrade servers, deploy networking equipment. Of and you have to patch and make sure you don't get hacked.

Checkout my phishing infrastructure setup guide notes, which i recently published on github. It contains tips and tricks along with some IOC removal for evilginx3.3 and GoPhish. Thanks to Kuba Gretzky for integrating Gophish with evilginx. github.com/An0nUD4Y/Evilg… #evilginx

If you want to slightly annoy a pentester that's about to test your network, make sue you include the following string in your password (with the space) \'!! \"""

reddit.com/r/sysadmin/com…

We will be happening on June 1, 2025. Keep your eyes open as we will be making some more announcements for Bsides312 soon. bsides312.org #bsides

Non-existent shares that are attempted to be mapped via logon scripts ARE exploitable in default configurations of Active Directory. This is one of the issues I discovered when I did research on logon script abuse last year. I created a tool, called ScriptSentry, to look for this

🧙‍♂️ GANDALF x BASI 🐉 The beloved prompt injection game, Gandalf by Lakera AI, has become a rite of passage for AI red teamers around the world and inspired many a jailbreaker to enter the fray of LLM spellcraft 🪄 They've been cooking up something brand new (I got a sneak peak

🧠 Think you can break an AI? Gandalf: Agent Breaker is live. Real-world GenAI fails—phishing, tool abuse, more. 🧩 Outsmart the AI. Start 👉 lnkd.in/dHuQDYdN