hacksys

1.7K posts

hacksys

hacksys

@flopyash

At Blackhat & Defcon 25

England Sumali ลžubat 2018
1.7K Sinusundan823 Mga Tagasunod
Naka-pin na Tweet
hacksys
hacksys@flopyashยท
๐Ÿšจ๐“๐‡๐„ $๐Ÿ ๐๐‹๐€๐‚๐Š ๐…๐‘๐ˆ๐ƒ๐€๐˜ ๐’๐“๐„๐€๐‹ ๐ˆ๐’ ๐‡๐„๐‘๐„! Get the @cyberwarfarelab Infinity Subscription Plan for just $1/Year. ๐Ÿ”ฅ130+ Labs (AI, Cloud, K8s, APT Labs) โณEnds Nov 30 - Go to infinity.cyberwarfare.live - Select "Pro Plan" - Code: BLACKFRIDAY25 #BlackFriday
hacksys tweet media
English
0
0
1
124
hacksys nag-retweet
Snyk
Snyk@snyksecยท
@karpathy The LiteLLM dependency incident didn't "just happen" though. This is part of a larger campaign LiteLLM already extends to supply chain security fallout for other projects: snyk.io/articles/poisoโ€ฆ
English
14
142
971
289.7K
hacksys nag-retweet
Mandiant (part of Google Cloud)
Mandiant (part of Google Cloud)@Mandiantยท
Coruna exploit kit is targeting iOS. Coruna leverages 23 exploits against Apple devices running iOS 13-17.2.1. It is being used for espionage, and by financially motivated actors to steal crypto. Update your iOS devices, and learn more about this threat: bit.ly/4rbeltc
Mandiant (part of Google Cloud) tweet media
English
7
119
359
117.2K
hacksys nag-retweet
Lukasz Olejnik
Lukasz Olejnik@lukOlejnikยท
Google has identified an iOS exploit kit named Coruna. 5 full exploit chains, 23 vulnerabilities, documentation in native English, modular architecture. Full professionalism. It must have cost millions of dollars. Who built it? Google doesnโ€™t say, but the evidence points to US government tools. The kit also contains components previously used in a cyber operation that Russia attributed to the NSA. Coruna traveled. First, an anonymous โ€œcompany clientโ€, then used by a Russian cyber espionage group, which hid the code on Ukrainian websites inside a visitor-counter script, delivering it only to selected users from a specific geolocation. Later a financially motivated actor โ€œoperating from Chinaโ€ deployed it (infecting over 42,000 devices). The malware added to the ready-made kit was lower quality than the original suggesting the tools were acquired and modified by someone else. One US government subcontractor, Peter Williams, just received a 7-year prison sentence for selling tools to Russian broker Operation Zero. The US government spent millions on a tool that now steals cryptocurrency. A good return on investment, just not for themselves. One more detail: Coruna did not attack devices with Lockdown Mode enabled.โ€‹โ€‹โ€‹โ€‹โ€‹โ€‹โ€‹โ€‹โ€‹โ€‹โ€‹โ€‹โ€‹โ€‹โ€‹โ€‹ cloud.google.com/blog/topics/thโ€ฆ
English
10
219
812
82K
hacksys nag-retweet
OtterHacker
OtterHacker@OtterHackerยท
I published a Sharepoint and Outlook PowerShell GUI that can be used on RedTeam operation when you've found an Azure AppId with interesting privileges. You can now use these tools to browse the SharePoint or Mailboxes through a GUI instead the GraphAPI github.com/OtterHacker/M3โ€ฆ
English
2
95
319
15.6K
hacksys nag-retweet
Panos Gkatziroulis ๐Ÿฆ„
Panos Gkatziroulis ๐Ÿฆ„@ipurpleยท
๐Ÿ” Credential Guard protects the secrets that Windows uses to authenticate users and devices. ๐Ÿ“ข A quick look at how Credential Guard bypass research has evolved. ๐Ÿ›ก๏ธ Credential Guard doesnโ€™t eliminate all identity attacks, but it raises the bar. ๐Ÿ’ก A reminder that controls and defensive assumptions must be revisited continuously. ๐“๐“ธ๐“ฝ๐“ฎ: Techniques involving domains that Credential Guard does not protect are not included in this timeline.
Panos Gkatziroulis ๐Ÿฆ„ tweet media
English
0
10
32
2.8K
hacksys nag-retweet
draw.io
draw.io@drawioยท
New: draw.io skill for Claude Code โ€” describe a diagram, get an editable PDF, PNG or SVG. Each file embeds the full draw.io XML so you can reopen and edit anytime. github.com/jgraph/drawio-โ€ฆ
English
20
159
1.6K
178.7K
KrknSec
KrknSec@KrknSecยท
Just received my Certified Windows Internals - Red Team Operator (CWI-RTO) cert from @cyberwarfarelab! Great course that dives into Windows Kernel objects and how they can be used from an attacker's perspective. Next up is the Certified Exploit Development Professional (CEDP)!
English
2
1
4
223
hacksys nag-retweet
Hunt.io
Hunt.io@Huntioยท
๐Ÿ‡จ๐Ÿ‡ณ๐Ÿ•ต๏ธโ€โ™‚๏ธ We mapped more than 18,000 active C2 servers across Chinese ISPs and cloud providers. Instead of chasing individual IPs, domains, or malware samples, we looked at malicious infrastructure at country and ISP scale to understand where attacker operations actually persist. ๐Ÿ‘‰ Full analysis here: hunt.io/blog/china-hosโ€ฆ What we saw was not random. Activity was concentrated, repeatable, and driven by shared infrastructure. Key takeaways: - More than 18,000 active C2 servers observed across Chinese hosting environments - C2 infrastructure accounted for roughly 84% of all malicious artifacts in the dataset - A small number of telecom and cloud providers hosted most of the C2 activity - Commodity malware, phishing operations, and state-linked campaigns operated inside the same networks - Infrastructure-first hunting remained effective even as IPs and domains rotated Hunting at country and ISP scale exposes infrastructure patterns that individual indicators will never reveal!
Hunt.io tweet media
English
1
60
253
16.9K
hacksys nag-retweet
vx-underground
vx-underground@vxundergroundยท
Hello. I have partnered with @cyberwarfarelab to give away FOUR HUNDRED (400) vouchers to their Infinity Learning Pro Plan. This is worth $119,600. - 130+ hands-on labs, including advanced attack chains - Unlimited challenge time - Monthly new challenges & scenario updates - Leaderboards for nerds - ??? This is a massive giveaway. How to enter: 1. You NEED a Gmail account. IF YOU ARE SELECTED AS A WINNER authentication is performed via Gmail. It does NOT have to be your real Gmail. It can be a disposable email. However, if you DO NOT have a Gmail you WILL NOT be able to authenticate. 2. This is a pit of doom. You're all fighting. Leave a comment below with an IMAGE of your SILLIEST weapon of choice. 3. This giveaway will be active for the next 48 hours (unless I get bored). It is November 30th, 2025. If you comment AFTER December 2nd, 2025 then you're a big stinky nerd. You have missed the pit of doom. 4. Winners will notified by me commenting your comment. If you do not respond to the DM within 24 hours (if you're selected) you forfeit your win and someone else is chosen. PAY ATTENTION. Good luck in the pit of doom. Have fun. I expect lots of laughs from the silliness. Cheers,
English
1.2K
102
1.3K
119.5K
hacksys
hacksys@flopyashยท
Giveaway time with @vxunderground of @cyberwarfarelab
vx-underground@vxunderground

Giveaway time. Our friends at @cyberwarfarelab have gifted us AIO (All In One) Access to ALL of their courses for TWO PEOPLE You'll have access to the following courses (including labs). It is a lot. You're not expected to complete everything. This is valued at over $11,000. If you're gifted this you're expected to actually do something and not be a bum. This is a life changing giveaway. If you win this giveaway, bucked up, and lock in, you could be big brain real fast. Don't squander this. How to enter: - Leave a comment - ??? - I like cats Red Teaming: - Web Red Team Analyst [Web-RTA] - Active Directory Red Team Specialist [AD-RTS] - Enterprise Lateral Movement Specialist [CELMS] - Red Team Analyst [CRTA] - Red Team Specialist [CRTS V2] - Red Team Infra Dev [CRT-ID] - Stealth Cyber Operator [CSCO] Blue Teaming: - Blue Team Fundamentals [BTF] - Cyber Defence Analyst [CCDA] Purple Teaming: - Purple Teaming Fundamentals-C-Edition - Process Injection Analyst [CPIA] - Purple Team Analyst [CPTA V2] Cloud Security: - Multi-Cloud Red Team Analyst [MCRTA] - Hybrid Multi-Cloud Red Team Specialist [CHMRTS] - Google Cloud Red Team Specialist [CGRTS] - AWS Cloud Red Team Specialist [CARTS] - Multi-Cloud Blue Team Analyst [MCBTA] Ethical Hacking (Introduction courses): - Cyber Security Analyst [C3SA] - Certified Cyber Security Engineer [CCSE] Evasion & Exploitation: - Red Team โ€“ CredOps Infiltrator [CRT-COI] - Enterprise Sec. Controls Attack Specialist [CESC-AS] - Windows Internals Red Team Operator [CWI-RTO] - Certified Exploit Development Professional [CEDP] DevOps: - Certified DevOps Red Team Analyst (DO-RTA) Kubernetes Security: - K8s Red Team Analyst (K8s-RTA)

English
1
0
2
114
vx-underground
vx-underground@vxundergroundยท
.@cyberwarfarelab is doing a Black Friday sale where they're selling courses, and labs, and stuff for $1. It's only valid for the next 48 hours. What if I bought 100 of them and gifted them to 100 people
vx-underground tweet media
English
69
25
437
19.6K
hacksys nag-retweet
The SecOps Group
The SecOps Group@TheSecOpsGroupยท
Hey!ย ๐Ÿ‘‹ ๐ŸŽŠ Weโ€™re collaborating withย @cyberwarfarelab๐Ÿค to bring something valuable to The SecOps Group & the entire security community. ๐Ÿฅท This Black Friday, theirย ๐—œ๐—ป๐—ณ๐—ถ๐—ป๐—ถ๐˜๐˜† ๐—Ÿ๐—ฒ๐—ฎ๐—ฟ๐—ป๐—ถ๐—ป๐—ด ๐—ฃ๐—ฟ๐—ฒ๐—บ๐—ถ๐˜‚๐—บ ๐—ฃ๐—น๐—ฎ๐˜๐—ณ๐—ผ๐—ฟ๐—บย is available for justย $๐Ÿญ ๐—ณ๐—ผ๐—ฟ ๐—ฎ ๐—ณ๐˜‚๐—น๐—น ๐˜†๐—ฒ๐—ฎ๐—ฟย making continuous cybersecurity learning accessible to everyone. ๐Ÿ“ˆ ๐Ÿฅณ If youโ€™ve been meaning to refresh core concepts, explore tools, or stay current with cybersecurity trends, this is a simple way to get started without overthinking the cost. ๐—›๐—ผ๐˜„ ๐˜๐—ผ ๐—ฐ๐—น๐—ฎ๐—ถ๐—บ ๐˜†๐—ผ๐˜‚๐—ฟ $๐Ÿญ ๐—ฎ๐—ฐ๐—ฐ๐—ฒ๐˜€๐˜€: โœ… Visit โœ… Open the Pricing page โœ… Select โ€œGet Started Nowโ€ under the yearly Plan โœ… Apply codeย ๐—•๐—Ÿ๐—”๐—–๐—ž๐—™๐—ฅ๐—œ๐——๐—”๐—ฌ๐Ÿฎ๐Ÿฑ โœ… Subscribe and start learning ๐Ÿ’ฏ Thanks to CWL for making learning easier for the community. Visit -ย cyberwarfare.live
The SecOps Group tweet media
English
5
11
72
6.2K
hacksys nag-retweet
vx-underground
vx-underground@vxundergroundยท
Hi, I will begin doing giveaways soon for the holiday season. This will be our third year doing giveaways. This year I'll be giving away significantly less stuff because I have a baby and he doesn't respect anything except milk, food, pooping, and sleep. Regardless, I still have lots of cool stuff to giveaway. I'll be doing giveaways from @cyberwarfarelab, @CCGCyberWorld, @HCAdamSec, @ddd1ms, and some stuff from myself personally out-of-pocket. I forgot to harass more people for free stuff. I'm sure someone will come around. For those new: each holiday season I giveaway a bunch of educational cybersecurity and/or information technology stuff. It's for anyone. tl;dr cats r cool
English
39
25
676
28.1K
hacksys nag-retweet
vx-underground
vx-underground@vxundergroundยท
tl;dr to kill Copilot forever just block copilot[.]microsoft[.]com
English
26
169
1.8K
57.7K

Tuklasin

@karpathy @KrknSec @cyberwarfarelab @vxunderground @RiderHomie @TheSecOpsGroup @CCGCyberWorld @HCAdamSec