Denny Fischer

From spoofing to tunnelling: New Red Team networking techniques for initial access and evasion | APNIC Blog Guest Post: In modern network architecture, we often assume that perimeter defences are robust enough to keep internal traffic secure. However, vulnerabilities inherent in the trust mechanisms of fund...

From spoofing to tunnelling: New Red Team networking techniques for initial access and evasion

blog.apnic.net/2026/01/16/f...

#infosec #redteam

GitHub - 1r0BIT/TaskHound: Tool to enumerate privileged Scheduled Tasks on Remote Systems Tool to enumerate privileged Scheduled Tasks on Remote Systems - 1r0BIT/TaskHound

TaskHound hunts privileged Windows scheduled tasks and exports them for BloodHound attack path analysis.

github.com/1r0BIT/TaskH...

#infosec #pentest #redteam

GitHub - Pennyw0rth/NetExec-Lab: Lab used for workshop and CTF Lab used for workshop and CTF. Contribute to Pennyw0rth/NetExec-Lab development by creating an account on GitHub.

NetExec Lab is a set of hands-on labs used in the NetExec workshop and CTF to help you mastering NetExec for your next pentest engagement.

github.com/Pennyw0rth/N...

#infosec #pentest

GitHub - Maldev-Academy/DumpBrowserSecrets: Extracts browser-stored data such as refresh tokens, cookies, saved credentials, credit cards, autofill entries, browsing history, and bookmarks from modern... Extracts browser-stored data such as refresh tokens, cookies, saved credentials, credit cards, autofill entries, browsing history, and bookmarks from modern Chromium-based and Gecko-based browsers ...

Extracts browser-stored data such as refresh tokens, cookies, saved credentials and more from modern Chromium-based and Gecko-based browsers (Chrome, Microsoft Edge, Firefox, Opera, Opera GX and Vivaldi).

github.com/Maldev-Acade...

#infosec #pentest #redteam

Many cybersecurity myths are outdated and distract from real risks. An open letter calling for practical, evidence-based security advice.

Read more: www.hacklore.org/letter

#infosec

GitHub - m4lwhere/profilehound: ProfileHound - BloodHound OpenGraph collector for user profiles stored on domain machines. Make informed decisions about looting secrets by identifying active user prof... ProfileHound - BloodHound OpenGraph collector for user profiles stored on domain machines. Make informed decisions about looting secrets by identifying active user profiles on domain machines. - m4...

ProfileHound is a tool that enumerates Windows domain user profiles via the C$ share and exports them to BloodHound as a HasUserProfile edge making it easy to see which users have profiles on which hosts.

github.com/m4lwhere/pro...

#infosec #pentest #redteam

Native Sysmon functionality coming to Windows | Microsoft Community Hub Learn how to eliminate manual deployment and reduce operational risk with Sysmon functionality in Windows.     

Native Sysmon functionality coming to Windows

techcommunity.microsoft.com/blog/windows...

#infosec #blueteam

"HELP! MY ACCOUNT GOT HACKED!" - Business Email Compromise (BEC) Part 1

www.truesec.com/hub/blog/hel...

"The Anatomy of a Business Email Compromise Attack" - Business Email Compromise (BEC) Part 2

www.truesec.com/hub/blog/the...

#infosec #blueteam

Harden Windows Security is an open source PowerShell module (with GUI/CLI/Unattended mode) that documents, automates and hardens Windows security settings based on supported Microsoft mechanisms

github.com/HotCakeX/Har...

#infosec #blueteam

GitHub - prowler-cloud/prowler: Prowler is the Open Cloud Security platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuous monitoring, security assessments & audits, incident ... Prowler is the Open Cloud Security platform for AWS, Azure, GCP, Kubernetes, M365 and more. It helps for continuous monitoring, security assessments & audits, incident response, compliance, har...

Prowler is an open-source security tool that helps assess and enforce security best practices across AWS, Azure, Google Cloud and Kubernetes.

github.com/prowler-clou...

#infosec #blueteam

GitHub - BushidoUK/Ransomware-Tool-Matrix: A resource containing all the tools each ransomware gangs uses A resource containing all the tools each ransomware gangs uses - BushidoUK/Ransomware-Tool-Matrix

Ransomware Tool Matrix by @bushidotoken.net: This repository lists tools used by ransomware gangs. Defenders can detect and block these commonly reused tools to stop intrusions.

github.com/BushidoUK/Ra...

#infosec #blueteam

State-of-the-art phishing: MFA bypass Threat actors are bypassing MFA with adversary-in-the-middle attacks via reverse proxies. Phishing-as-a-Service tools like Evilproxy make these threats harder to detect.

State-of-the-art phishing: MFA bypass by Jaeson Schultz @talosintelligence.com

blog.talosintelligence.com/state-of-the...

#infosec #blueteam

ArgFuscator is an open-source web app that generates obfuscated command lines for common system tools. Great for testing your defenses against real-world attack techniques.

argfuscator.net

#infosec #pentest #redteam #blueteam

Privacy Checkup: How well do you protect your privacy? The Privacy Checkup was launched as part of Data Privacy Week 2024 and helps you to determine whether or not you’re sufficiently protecting your data online.

How well do you protect your privacy?
The Privacy Checkup helps you assess your online surveillance defenses and take steps to protect your data.

privacy-checkup.info (English, Deutsch, Español)

#privacy #infosec

Breaking the Virtual Barrier: From Web-Shell to Ransomware Recent VMware vulnerabilities have reignited the threat of VM escapes, enabling attackers to bypass security controls and deploy ransomware. Learn how adversaries exploit these flaws and how to streng...

A great read on the exploitation of VMware vulnerabilities - from both attacker and defender perspectives - plus practical recommendations to strengthen your security posture.

"Breaking the Virtual Barrier: From Web-Shell to Ransomware"

www.sygnia.co/threat-repor...

#infosec #blueteam

Fake-Shops von der Stange: BogusBazaar Du bestellst im Internet? Natürlich bestellst Du im Internet. Aber dieses Mal wird Deine Ware nicht geliefert. Stattdessen sind Dein Geld...

Eine kriminelle Organisation hinter mehr als 75.000 Fake-Shops, >1 Mio. Bestellungen & >$50M Schaden. Einblick in ihr ausgeklügeltes System & wie sie Käufer täuschen.

#38C3: "Fake-Shops von der Stange: BogusBazaar" mit @kaibiermann.bsky.social und kantorkel.
media.ccc.de/v/38c3-fake-...

#infosec

"Mastering Sysmon: Deploying, Configuring, and Fine-Tuning"
A free mini eBook for #DFIR professionals with practical steps to deploy, fine-tune, and start logging with Sysmon.

dfirinsights.com/2024/11/27/m...

#infosec #blueteam

Die elektronische Patientenakte (ePA) kommt im Januar – ist ein Opt-Out sinnvoll? – Datenschutz – Unter dem Radar Datenschutz – Unter dem Radar

Welche Daten enthält die elektronische #Patientenakte und was bedeutet sie für die ärztliche Schweigepflicht?

GitHub - 0xthirteen/Carseat: Python implementation of GhostPack's Seatbelt situational awareness tool Python implementation of GhostPack's Seatbelt situational awareness tool - 0xthirteen/Carseat

Carseat is a Python implementation of GhostPack's Seatbelt, a situational awareness tool for analyzing Windows security configurations.

github.com/0xthirteen/C...

#infosec #pentest #redteam

The fascinating security model of dark web marketplaces Captchas, Monero, Scams and absolutely no JavaScript

The fascinating security model of dark web marketplaces by @boehs.org

boehs.org/node/dark-we...

#infosec

That's a Cybersecurity Advisory worth reading, with many important points to note.

Enhancing Cyber Resilience: Insights from CISA Red Team Assessment of a US Critical Infrastructure Sector Organization
www.cisa.gov/news-events/...

#infosec #blueteam

LOLESXi features a comprehensive list of binaries/scripts natively available in VMware ESXi that adversaries have utilised in their operations.

lolesxi-project.github.io/LOLESXi/

#infosec #pentest #redteam #blueteam

5 Phishing Email Scams and How NOT To Fall For Them | Huntress Explore the art of phishing, learn how to spot common phishing scams and red flags, and understand the importance of security awareness training.

Phishing remains one of the most widespread cyberattacks - here are some tips on how to avoid falling victim!

5 Phishing Email Scams and How NOT To Fall For Them
www.huntress.com/blog/5-phish...

#infosec

DEF CON 32 Main Stage Talks - YouTube

🚨 Exciting news for all hackers and tech enthusiasts! The #DEFCON32 talks are now available on YouTube! 🎉

youtube.com/playlist?lis...

#infosec #pentest #redteam #blueteam

GitHub - netero1010/EDRSilencer: A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server. A tool uses Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server. - netero1010/EDRSilencer

A tool that uses the Windows Filtering Platform (WFP) to block Endpoint Detection and Response (EDR) agents from reporting security events to the server.

github.com/netero1010/E...

#infosec #pentest #redteam

Spannend & unterhaltsam: Die #BigBrotherAwards prämieren jedes Jahr die größten Datensünder in Wirtschaft & Politik!

BigBrotherAwards 2024: Preisträger, Bilder und Livestream unter bigbrotherawards.de/2024

Also available in English: bigbrotherawards.de/en/2024

#infosec #BBA24

Guidance on Detecting and Mitigating Active Directory Compromises

www.cisa.gov/news-events/...

#infosec #blueteam

Event Log Talks a Lot: Identifying Human-operated Ransomware through Windows Event Logs - JPCERT/CC Eyes The difficult part of the initial response to a human-operated ransomware attack is identifying the attack vector. You may already know from recent security incident trends that the vulnerabilities of...

Event Log Talks a Lot: Identifying Human-operated Ransomware through Windows Event Logs

blogs.jpcert.or.jp/en/2024/09/w...

#infosec #blueteam

Active Directory Hardening Series - Part 5 – Enforcing LDAP Channel Binding Channel Binding is a LDAP hardening setting that is often misunderstood and as a result is often not enabled.  In this post I explain why it is important along..

Active Directory Hardening Series - Part 5 - Enforcing LDAP Channel Binding

techcommunity.microsoft.com/t5/core-infr...

#infosec #blueteam

GitHub - Friends-Security/SharpExclusionFinder: Tool designed to find folder exclusions using Windows Defender using command line utility MpCmdRun.exe as a low privileged user, without relying on even... Tool designed to find folder exclusions using Windows Defender using command line utility MpCmdRun.exe as a low privileged user, without relying on event logs - Friends-Security/SharpExclusionFinder

SharpExclusionFinder: This C# tool finds Windows Defender folder exclusions using Windows Defender through its command-line tool (MpCmdRun.exe)

github.com/Friends-Secu...

A blog explaining the technique utilised can be viewed here: blog.fndsec.net/2024/10/04/u...

#infosec #pentest #redteam