WHmacmac

claude-red is a curated library of offensive security skills designed for the Claude skills system. Each skill is a structured SKILL.mdfile that primes Claude with expert-level methodology for a specific attack surface from SQLi to shellcode, EDR evasion to exploit development. Resource: github.com/SnailSploit/Cl…

I built an open-source library of 700+ cybersecurity skills for AI coding agents -- covers DFIR, threat hunting, cloud security, and more github.com/mukul975/Anthr…

Guide to Windows identity and Kerberos research github.com/darkoperator/m…

🚨 Someone just proved that your Instagram account is NOT as private as you think. A security researcher built a script that finds your Instagram profile using just your name and email or phone number. It's called yesitsme and it's a wake-up call. Here's what it actually exposed: → Instagram leaks obfuscated email and phone data on every account → Anyone can cross-reference your name + partial contact info to find you → Even "private" accounts are discoverable if your contact info matches → The tool rates matches as HIGH, MEDIUM, or LOW confidence automatically → It works on accounts you think are completely anonymous This is exactly the kind of tool law enforcement and journalists use for OSINT investigations. But it also means stalkers, scammers, and bad actors can find you the same way. Here's how to protect yourself right now: → Remove your phone number from your Instagram account → Use an email address that isn't linked to your real identity → Never use your real name as your display name on anonymous accounts → Regularly audit what contact info Instagram has on you Your "anonymous" Instagram account probably isn't anonymous. This researcher proved it with 100 lines of Python. 100% Open Source.

Red Team Operations Architecture Map A single HTML file that covers the full kill chain from infrastructure setup to impact. It maps out how techniques actually chain together - 28 attack flow chains showing real-world operator workflows, from initial access through lateral movement to domain compromise. Things like ZIP → LNK → DLL Sideload, Device Code Phish → Token Theft → Cloud Lateral, NTLM Reflection → LDAPS Relay → Full Domain Compromise. 119 technique cards broken down across C2, evasion, injection, persistence, credential access, privilege escalation, AD attacks, cloud ops, MOTW bypass, vishing, AI-assisted operations, and more. Each card covers the why, not just the what detection surfaces, OPSEC tradeoffs, and vendor-specific nuances for CrowdStrike, Cortex, SentinelOne, and Defender. No frameworks, no dependencies. One HTML file, works offline, open it in a browser and go. Source: kypvas.github.io/red-team-map/

ElevenLabs just lost its moat 🤯 Someone just dropped Voicebox, and it clones any voice from just a 3-second audio clip, running 100% locally on your machine. 100% Open Source

Awesome real-life RedTeam infrastructure overview by @0XDbgMan 🔥🔥🔥 Juicy. 0xdbgman.github.io/posts/red-team…

🚨BREAKING: Microsoft just solved the "Agent Loop" problem. Agent Lightning is an open-source framework that lets agents learn from their own mistakes using Reinforcement Learning. Your agent fails a task → Agent Lightning analyzes why → Updates the prompt automatically → Next run succeeds. 100% Opensource.

Orchestrates Codex, Gemini, and Claude for parallel task execution github.com/nyldn/claude-o…

🚀 AZexec: New Release Out Now! Big update with a ton of new offensive capabilities added: - Lockscreen enumeration: detect Windows lockscreen accessibility backdoors - Intune enumeration: enumerate Endpoint Manager–managed devices and configuration - Password spraying: two-phase workflow with validated usernames to reduce lockouts - Local authentication mode: target cloud-only (non-federated) accounts - OAuth2 delegation enumeration: identify consent-based impersonation paths - Remote command execution: execute commands on Azure VMs and devices - PI execution method: execute as another user via process injection - Empire execution: deploy Empire stagers for C2 access - Meterpreter execution: deliver Metasploit payloads - Spidering: enumerate and optionally download files from storage, VMs, and devices - File transfer: get and put files across VMs, Arc devices, and Azure storage - Credential extraction: dump credentials via SAM, LSA, NTDS, tokens, DPAPI, and more - github.com/Logisek/AZexec #Azure #RedTeam #OffensiveSecurity #CloudSecurity #Pentesting #PenTest #Offsec #Infosec #Logisek

Rapid7 dropped a write-up on the Notepad++ update-chain abuse and - finally - it comes with real IOCs - update.exe downloaded from 95.179.213[.]0 after notepad++.exe -> GUP.exe - file hashes for update.exe / log.dll / BluetoothService.exe / conf.c / libtcc.dll - network IOCs incl. api[.]skycloudcenter[.]com (-> 61.4.102[.]97), api[.]wiresguard[.]com, 59.110.7[.]32, 124.222.137[.]114 by @rapid7 rapid7.com/blog/post/tr-c…

The same Trading 212 experience, now with crypto. Invest with 0 commission.

"By default, a domain account can configure RBCD on themselves or any resource they control [which] lets the service decide who may delegate to it instead of the domain." Read more: blackhillsinfosec.com/abusing-delega… Abusing Delegation with Impacket (Part 3): Resource-Based Constrained Delegation by: Hunter Wade Published: 11/26/2025

Burp AI Agent is now public MCP-powered AI agent (and server) living inside Burp. Instead of a chat next to it, extends itself: tools, actions, live traffic and findings. AIO to reduce context switching while testing Repo: github.com/six2dez/burp-a… Docs: burp-ai-agent.six2dez.com

1/3: Claude now supports authorized security testing, CTFs, and educational security work (not just defensive). It still refuses harmful use: destructive techniques, DoS, mass targeting, supply chain compromise, and malicious detection evasion. Dual-use tools require explicit authorization context. Diff: #diff-b0a16d13c25d701124251a8943c92de0ff67deacae73de1e83107722f5e5d7f1L15-R20" target="_blank" rel="nofollow noopener">github.com/marckrenn/clau…

"Prompt Injection: The AI version of talking your way past the bouncer." Read more: blackhillsinfosec.com/getting-starte… Getting Started with AI Hacking Part 2: Prompt Injection by: Brian Fehrman Published: 10/8/2025

WSL2 is a powerful attacker hideout because it runs as a separate Hyper-V VM, and defenders rarely monitor it. Daniel Mayer explains how attackers pivot into WSL2 and what it took to build tooling that works across WSL2 versions. Read more ⤵️ ghst.ly/45fPUma

Announcing our latest open medical AI models for developers: MedGemma 1.5, which is small enough to run offline & improves performance on 3D imaging (CT & MRI), & MedASR, a speech-to-text model for medical dictation. Both available on Hugging Face + Vertex AI. goo.gle/3L9oiII #MedGemma #HealthAI #GenerativeAI

2026 is here—time to refresh that toolkit! Atomic Red Team: Atomic Red Team Hands on Getting Started Guide - youtube.com/watch?v=O6w0oF… Why? Exactly are you not using Atomic Red Team? - youtube.com/watch?v=VTkRkg… DeepBlueCLI DeepBlueCLI - Tactical IR - youtube.com/watch?v=Gk9dRT… Threat Hunting Toolkit Looking for Needles in Needlestacks w/ Threat Hunting Toolkit - youtube.com/watch?v=q7ai6P… Bloodhound: A Blue Team's Perspective on Red Team Hack Tools - youtube.com/watch?v=0mIN2O… RITA: RITA - Finding Bad Things on Your Network Using Free and Open Source Tools - youtube.com/watch?v=mpCBOQ… Zeek: Introduction to Zeek Log Analysis w/ Troy Wojewoda - youtube.com/watch?v=a2Cp6V… Wireshark: Getting started with Wireshark - John Strand - youtube.com/watch?v=KYnbfY… Search Engine: How to Design and Execute Social Engineering Calls w/ John Malone - youtube.com/watch?v=v8HzQ0…

This article explores a novel attack technique that combines Ghost SPNs and Kerberos reflection to elevate privileges on SMB servers, highlighting a critical gap in traditional detection methods. It details how attackers can exploit stale or misconfigured Service Principal Names (SPNs) in Active Directory—termed "Ghost SPNs"—to manipulate Kerberos authentication and reflect service tickets back to the SMB server, gaining elevated access. The technique bypasses common defenses like LDAP filtering and SPN hygiene, making it stealthy and potent. Semperis emphasizes the need for proactive detection strategies and shares insights into identifying vulnerable configurations and mitigating the threat. semperis.com/blog/exploitin…