Shina Mashiro

Free DFIR resources @ Blue Cape Security ⚠️ 👉bluecapesecurity.com/courses

Offensive Security: Speeding Up AD Pentests hackers-arise.com/offensive-secu…

🛠️Nice introduction to Windows kernel exploitation for beginners 🔹Part 1: mdanilor.github.io/posts/hevd-0/ 🔹Part 2: mdanilor.github.io/posts/hevd-1/ 🔹Part 3: mdanilor.github.io/posts/hevd-2/ 🔹Part 4: mdanilor.github.io/posts/hevd-3/ 🔹Part 5: mdanilor.github.io/posts/hevd-4/ 🔖#infosec #cybersecurity #hacking

Anthropic pays $750,000+ a year for engineers who can build LLM architectures from scratch. Stanford taught the entire thing in 1 hour lecture & released it for free. Bookmark & watch this today before someone takes it down.

Every IR engagement starts the same painful way: Download KAPE. Remember the flags. Spin up Velociraptor. Hunt for the hashing script. Build a chain-of-custody spreadsheet from scratch. Write the report template on the fly. Meanwhile, the attacker has already been in the environment for days. We built VanGuard to kill that entire tooling nightmare. VanGuard is a single binary (Windows + Linux) that runs from a USB drive or your local machine — no installation, no dependencies, fully air-gapped. It consolidates triage, threat hunting, memory forensics, disk collection, remote ops, and reporting into a single, clean, professional TUI. What makes it different: → 28 pre-built IR use cases (ransomware, BEC, lateral movement, credential theft, rootkits) — each with full MITRE ATT&CK mapping → Velociraptor as a first-class citizen (server lifecycle, agent deployment, offline collectors — all from one interface) → Every artifact dual-hashed (MD5 + SHA256) + HMAC-SHA256 tamper-evident chain of custody → One-command HTML incident reports that work completely offline → True cross-platform: same binary handles Windows and Linux investigations We didn’t build this as a product. We built it because we needed it on real engagements — and as a training aid for practitioners who want to level up their DFIR skills. 👉 Landing page + screenshots: training.ridgelinecyber.com/vanguard/ 👉 GitHub: github.com/ridgelinecyber… The investigation methodology behind every VanGuard use case is taught in our Practical Incident Response course — first modules are completely free, no account required: training.ridgelinecyber.com/modules/free/i… Download it, run it in your lab, and let me know what you think. Star it if it helps. Issues and feedback very welcome 🔥 #DFIR #IncidentResponse #OpenSource #BlueTeam #Velociraptor

Here’s some useful resources I’ve put together related to Akira in the past: 1: blog.bushidotoken.net/2023/09/tracki… 2: github.com/BushidoUK/Rans… 3: github.com/BushidoUK/Rans… 🧵3/3

技書典の会期終了したので A PART OF ANTI-VIRUS 3 の WEB 版を公開しました！ kashiwaba-yuki.com/a-part-of-anti…

A Practical Guide to BloodHound Data Collection blackhillsinfosec.com/bloodhound-dat…

Web Security Academy — Roadmap Lab Lengkap (2026) ‼️ 🔸Link Github : github.com/ntrunr/WebSecu… 🔹SQL Injection → dari dasar hingga Blind SQLi & OOB 🔹XSS → Reflected, Stored, DOM, hingga bypass CSP 🔹CSRF → bypass SameSite dan kelemahan token 🔹SSRF → filter, blind SSRF, dan OOB 🔹Request Smuggling → CL.TE, TE.CL, dan HTTP/2 🔹SSTI → sandbox escape hingga RCE 🔹File Upload → polyglot hingga race condition 🔹Deserialization → gadget chain hingga RCE 🔹Access Control → IDOR hingga logic flaw 🔹Authentication → bypass 2FA, brute-force, dan kelemahan reset password 🔹JWT → alg confusion dan key injection 🔹CORS → eksploitasi kesalahan konfigurasi 🔹XXE → SSRF dan eksfiltrasi data 🔹Race Conditions → bypass di skenario nyata 🔹GraphQL & API Bugs → mass assignment dan abuse 🔹LLM Attacks → prompt injection dan output tidak aman jangan asal lompat-lompat level, ikuti alur agar kalian jadi apprentice → practitioner → Expert ‼️

Anyone else seeing Microsoft #Defender flagging #DigiCert root certificate registry keys as malware? We’ve seen reports that Defender signature update from April 30 added a detection called: Trojan:Win32/Cerdigent.A!dha In some environments, Defender apparently detected DigiCert Root CA certificate registry entries and removed them from the trust store. The affected cert hashes mentioned so far: 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 Example path: HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 There’s also a Reddit comment suggesting Microsoft has started restoring the certs and that admins can check this via Advanced Hunting in Defender: DeviceRegistryEvents | where RegistryKey contains "0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43" or RegistryKey contains "DDFB16CD4931C973A2037D3FC83A4D7D775D05E4" | where ActionType == "RegistryKeyCreated" | where Timestamp > datetime(2026-05-03T04:00:00) | project Timestamp, DeviceName, ActionType, InitiatingProcessFileName | order by Timestamp desc On an affected device, this can also be checked with: certutil -store AuthRoot | findstr -i "digicert" Could become an annoying day for admins if this spreads reddit.com/r/cybersecurit…

Quick recon tip for bug bounty hunters 👇 Found an IP in JS/API responses? Pivot it using ASN lookup to understand ownership, infra, and expand attack surface. Try it here: devina.io/asn-lookup #BugBounty #Recon #OSINT #CyberSecurity #InfoSec

@bl4ckarch @0xocdsec @M4yFly How to install GOAD with smoothly? So many Issues when I'm try to install

@M4yFly Successfully Found my way up to Domain Admin I made a walkthrough on how i did that here bl4ckarch.github.io/posts/GOAD-DRA… Feel free to come and discuss about it 😉

🔥🐉 New GOAD Lab: DRACARYS I’ve just released a new free lab environment on GOAD: DRACARYS. The challenge includes 3 VMs and the objective is simple: Start with no authentication and work your way up to Domain Admin. Have fun exploiting it! 🔥🐉 mayfly277.github.io/posts/Dracarys…

Understanding Windows Artefacts as Evidence, Not Indicators #DFIR sethenoka.com/posts/understa…

[論文] SOCの検知・クエリ生成・対応推奨をLLMで一気通貫に処理するエンドツーエンド設計の提案。汎用LLMで頻発するSIEMクエリの構文ハルシネーションを、構文許可リスト、メタデータ検索、公式ドキュメント参照の3層制約からなるSQM（Syntax-Query-Metadata）アーキテクチャで抑制する構成とされる。 カナダのオンタリオ工科大学の研究チームがarXivに公開した論文。実環境のSIEM（Security Information and Event Management）ログ20000件およびServiceNowチケットで検証し、調査・証拠収集・解決コード付与・推奨生成までを含む処理時間が、従来の手動運用で平均約4時間だったところを約10分に短縮できたとの報告。 【ポイント】 ・検出はGPT-4o-mini、Gemma-3n、Llama-3.3-70Bの多数決アンサンブル。Accuracy 82.8パーセント、誤検知率（FPR）12.0パーセント ・個別モデルは誤検知率が高く（DeepSeek-V3で44.5パーセント、Qwen3で77.6パーセント）、アンサンブルで実用水準に低減したとされる ・IBM QRadarのクエリ言語AQL（Ariel Query Language）とGoogle SecOpsのクエリ言語YARA-L 2.0の両方に対応。生成クエリの88パーセントが構文的に正しく、無修正で実行可能だったとのこと ・解決コード予測の精度はベースラインの78.3パーセントから、SQMで得た証拠の統合とGemma-3n／GPT-4o-miniの加重アンサンブルを組み合わせた提案手法で90.0パーセントに向上。解決用は検出用とは別構成 ・推奨アクションの品質はGPT-5.1を評価者に用いるLLM-as-a-Judge方式での採点で10点満点中8.70 ・ServiceNowチケット2年分をベクトルデータベースに格納し類似事例検索に活用 ベースモデル単独では構文のハルシネーションが頻発したものの、3層制約により構文的な実行可能性が実用水準に達したとの報告。SIEMクエリ生成の構文信頼性確保とSOCワークフロー統合を扱った論文。 詳細は以下を参照： arxiv.org/abs/2604.27321…

I spoke about hacking meeting room hardware at the DEF CON Singapore C517 Village! Full blogpost: spaceraccoon.dev/discovering-vu…

🤔 Guided Hacking's Malware Analysis Tutorials 👉 guidedhacking.com/forums/malware… Unpacking VMProtect Unpacking Packed Files Series Setting Up CAPEV2 Sandbox Unpacking PECompact Practical Malware Analysis Exercises Unpacking FlawedAmmyy Unpacking ASPack Malware Analysis VM Setup Top 5 IDA Pro Plugins for Malware Gootkit Decryption with Python Removing Obfuscation in IDA Pro Top 5 Malware Analysis Websites LimeCrypter Analysis: Crypter Internals Reverse Engineering Go Binaries StormKitty C# Stealer Analysis Rebuilding IAT for Malware Analysis Unpacking Ramnit Dropper Best SysInternals Tools for Malware Writing YARA Rules ChatGPT for Malware Analysis Dumping Malware at OEP CyberChef for Malware Analysis Downloading New Malware Samples CyberChef: DCRat Loader Analysis Dumpulator for Malware Analysis Miasm Python RE Framework Intro API Monitor for Malware Analysis Process Monitor for Malware Analysis BlackNET C2 with FakeNet-NG Unpacking YouHacker & Python Malware Beginner Malware Traffic Analysis VKeylogger Analysis: Dumping & Fixing Imports Beginner Malware CTF (CyberDefenders RE101) Miasm: Symbolic Execution Finding Malware C2 Panels Malware Persistence Techniques Redline Infostealer: C2 Analysis Mallox Ransomware Analysis Windows Defender Bypass (Token Manipulation) Binary Refinery Tutorial WhiteSnake Stealer Analysis CAPA for Malware Analysis Comparing Binaries with BinDiff APT37 RokRAT Analysis (North Korea) Learning Malware Analysis (Beginners) Paradies Clipper: Crypto Jacker Analysis Reverse Engineering Skid Malware CrashedTech Loader Analysis Fileless Malware on Linux via Scripting File Type Identification Tools KLBanker String Decryption with Python Miasm: Basic Syntax Detecting Manual Mapping in Memory BlackGuard Infostealer Analysis Malware Analysis Learning Resources Miasm: Jitter PE-sieve for Malware Analysis Detecting Process Hollowing Finding Shellcode in Malware Memory LockBit Ransomware KillChain LockBit: Extracting Binary from XLL PolyGlot Files & IcedID Evasion Malicious OneNote Documents (AsyncRAT) Popular UAC Bypass Techniques VFlooder: VirusTotal Flooder Analysis Popular Windows Malware Analysis Tools ProCDOT for Malware Analysis pySMT Deobfuscation via SMT Solver Back-Doored RedLine Targeting Skids CapLoader for PCAP Analysis RedLine Targeting YouTubers Analyzing Office File Malware (Oletools) Top 7 Malware Detection Techniques Regshot for Malware Analysis Detecting DLL Side-Loading Detecting C2 Servers Scanning Memory for Malware Threat Intelligence in Malware Analysis DoNex Ransomware Analysis (Malcore) IcedID / BokBot Banking Trojan Analysis Analyzing Malware Stager Techniques Reversing an HWID Spoofer

サイバー脅威インテリジェンス能力成熟度モデル(Cyber Threat Intelligence Capability Maturity Model)についてまとめました。全体概要や気になった設問、CRESTの成熟度アセスとの違いなど。 shimotsuki.hatenablog.jp/entry/2026/04/…

We study the impact of e-money on cash demand in Indonesia. E-money adoption is associated with lower cash demand. Moreover, the effect is heterogeneous across regions and denominations. Happy reading! doi.org/10.1016/j.econ…

Our Preemptive Defense Blueprint for SOC Teams is your guide on exactly how to shift from reactive defense to preemptive visibility, including a 30-60-90 day checklist. Download here 👉 hubs.ly/Q04d_-xv0 #soc #siem #ciso #iofa

🧰 𝗠𝗨𝗦𝗧-𝗛𝗔𝗩𝗘 𝗕𝗨𝗥𝗣 𝗦𝗨𝗜𝗧𝗘 𝗘𝗫𝗧𝗘𝗡𝗦𝗜𝗢𝗡𝗦 𝗙𝗢𝗥 𝗪𝗘𝗕 𝗣𝗘𝗡𝗘𝗧𝗥𝗔𝗧𝗜𝗢𝗡 𝗧𝗘𝗦𝗧𝗜𝗡𝗚 ━━━━━━━━━━━━━━━━━━ 🔐 𝗔𝗨𝗧𝗛𝗢𝗥𝗜𝗭𝗔𝗧𝗜𝗢𝗡 & 𝗔𝗖𝗖𝗘𝗦𝗦 𝗖𝗢𝗡𝗧𝗥𝗢𝗟 • BurpLay → replay requests to detect privilege escalation • AuthMatrix → test access across roles • Autorize → auto-detect authorization flaws • Auth Analyzer → test with custom tokens • Burp SessionAuth → session-based privilege issues • Authz → quick authorization testing ━━━━━━━━━━━━━━━━━━ 🔁 𝗥𝗘𝗤𝗨𝗘𝗦𝗧 𝗔𝗨𝗧𝗢𝗠𝗔𝗧𝗜𝗢𝗡 • AutoRepeater → automate request replay + diff • IncrementMe Please → auto-increment parameters ━━━━━━━━━━━━━━━━━━ 🔍 𝗥𝗘𝗖𝗢𝗡 & 𝗗𝗜𝗦𝗖𝗢𝗩𝗘𝗥𝗬 • LinkFinder → extract endpoints from JS • JS Miner / JS Parser → find sensitive data in JS ━━━━━━━━━━━━━━━━━━ 🔐 𝗧𝗢𝗞𝗘𝗡 & 𝗔𝗨𝗧𝗛 𝗧𝗘𝗦𝗧𝗜𝗡𝗚 • JWT Editor → test JWT vulnerabilities • Turbo Intruder → high-speed attacks (race, brute) ━━━━━━━━━━━━━━━━━━ 🧪 𝗙𝗨𝗭𝗭𝗜𝗡𝗚 & 𝗦𝗖𝗔𝗡𝗡𝗜𝗡𝗚 • ActiveScan++ → improved scanning coverage • Backslash Powered Scanner → injection detection ━━━━━━━━━━━━━━━━━━ 📦 𝗔𝗗𝗩𝗔𝗡𝗖𝗘𝗗 𝗔𝗧𝗧𝗔𝗖𝗞𝗦 • HTTP Request Smuggler → find smuggling bugs • Content Type Converter → bypass filters ━━━━━━━━━━━━━━━━━━ 🧠 𝗣𝗥𝗢𝗗𝗨𝗖𝗧𝗜𝗩𝗜𝗧𝗬 • Logger++ → advanced request logging • Flow → visualize request flow ━━━━━━━━━━━━━━━━━━ ⚠️ 𝗥𝗘𝗔𝗟𝗜𝗧𝗬 Installing tools ≠ finding bugs Understanding logic = finding bugs ━━━━━━━━━━━━━━━━━━ 🎯 𝗨𝗦𝗘 𝗧𝗛𝗜𝗦 𝗟𝗜𝗞𝗘 𝗔 𝗣𝗥𝗢 Start with recon → test auth → fuzz → automate → verify ━━━━━━━━━━━━━━━━━━ 🔗 𝗕𝘂𝗿𝗽 𝗘𝘅𝘁𝗲𝗻𝘀𝗶𝗼𝗻𝘀 (𝗢𝗳𝗳𝗶𝗰𝗶𝗮𝗹) portswigger.net/bappstore ━━━━━━━━━━━━━━━━━━ #BurpSuite #WebSecurity #Pentesting #BugBounty #InfoSec