Lubo Nistor

Automation blueprints for Red Team & Pentest, Blue Team (SOC/DFIR/TI), Application Security (AppSec/DevSecOps), and Platform/General Security — all using n8n. github.com/CyberSecurityU…

ADCS Attack Techniques Cheatsheet docs.google.com/spreadsheets/d…

If you like VPN exploits as much as us, you're going to love this course Zeroshi is bringing to @_ringzer0! Marco will walk students into opening up edge devices for research, mapping their attack surface, finding vulns and building full exploit chains. ringzer0.training/countermeasure…

🚀 Open-sourcing MCP Security Hub A growing collection of MCP servers bringing security tools to AI assistants Nmap, Ghidra, Nuclei, SQLMap, Hashcat... and we're just getting started Contribute your favorite tools 🛠️ ⭐ github.com/FuzzingLabs/mc…

This blog post examines the growing threat of destructive "bricking" attacks on Operational Technology (OT) devices, using the December 29, 2025, coordinated cyber attacks on Poland's electric grid as a case study. Hitachi Energy Relion 650 Series IEDs (protection relays): Exploited default FTP credentials to delete critical files → causing a "soft brick" (device fails to boot properly, loses remote/local access). Similar to a previously disclosed CVE-2024-8036 in ABB equipment (Hitachi acquired ABB's power grids division). Hitachi Energy RTU560: Accessed via default web credentials. Uploaded malicious firmware (bypassing secure update checks in older versions). Resulted in a "hard brick" with an infinite bootloop due to corrupted entry-point code on the ARM-based processor. Mikronika RTUs: Compromised via SSH with default root credentials. Filesystem completely wiped. Moxa NPort 6000 Series (serial-to-IP converters): Default web credentials used to factory reset, change passwords, and set unreachable IPs (disruptive but not fully bricked). midnightblue.nl/blog/have-you-… #sandworm

WSL2 is a powerful attacker hideout because it runs as a separate Hyper-V VM, and defenders rarely monitor it. Daniel Mayer explains how attackers pivot into WSL2 and what it took to build tooling that works across WSL2 versions. Read more ⤵️ ghst.ly/45fPUma

Security Detections MCP - github.com/MHaggis/Securi… An MCP (Model Context Protocol) server that lets LLMs query a unified database of Sigma, Splunk ESCU, Elastic, and KQL security detection rules.

SMB3 Linux Kernel Server (ksmbd) exploitation. 3-parts series by @Doyensec Part 1: blog.doyensec.com/2025/01/07/ksm… Part 2: blog.doyensec.com/2025/09/02/ksm… Part 3: blog.doyensec.com/2025/10/08/ksm… #infosec

NTLM reflection attacks can be used to compromise Active Directory domains even with SMB signing if systems aren’t fully patched depthsecurity.com/blog/using-ntl…

New Blog: Based on his talk at Black Hat, @0xTriboulet discusses integrating Windows AI/ML APIs into Cobalt Strike’s workflows and presents proof-of-concept implementations for AI-augmented post-exploitation capabilities in Cobalt Strike. ow.ly/8hSO50WWTSW

Got access to an AWS infrastructure during your RedTeam and you don't know how to do access persistence other than just adding an AccessKey ? 🫤 Step up your game with new TTPs ! 🫡 From IAM modification to lambda hijacking, 1001 ways to keep access ! riskinsight-wavestone.com/en/2025/09/aws…

An unexpected journey into Microsoft Defender's signature World retooling.io/blog/an-unexpe…

Just a reminder that this stream is today at 6PM PT!

DLL Sideloading for Initial Access – Red Team Operator's Guide 🔥 (new article) print3m.github.io/blog/dll-sidel… - finding software to backdoor - finding DLL and function to backdoor - legit software backdooring - OPSEC considerations #redteam #infosec #malware #security

A huge list of interesting Azure Sentinel hunting queries to give you some inspiration for your next purple team. github.com/Azure/Azure-Se…

Silent Harvest: Extracting Windows Secrets Under the Radar, by @haider_kabibo sud0ru.ghost.io/silent-harvest…

In about an hour I’ll present my talk I’m in your logs now, deceiving your analysts and blinding your EDR at #BHUSA25 @BlackHatEvents in Islander E/I. Come and hang out!

Slides of the @WEareTROOPERS #TROOPERS25 'AD & Entra ID Security' track have been published. Just click on the individual talks in the agenda. Day 1 #agenda-day--2025-06-25" target="_blank" rel="nofollow noopener">troopers.de/troopers25/age… Day 2 #agenda-day--2025-06-26" target="_blank" rel="nofollow noopener">troopers.de/troopers25/age…

🚨 A new Linux backdoor named Plague hid in plain sight for a year—undetected by every antivirus. It hacks PAM to silently hijack SSH logins and wipe all traces. The worst part? No antivirus flagged it. Not one. How it works ↓ thehackernews.com/2025/08/new-pl…

''NativeDump: Stealthy LSASS Dumping Tool Bypasses EDRs Using Only NTAPIs'' #infosec #pentest #redteam #blueteam meterpreter.org/nativedump-ste…