Offensive Security

pySimReader: A Python-Based SIM Card Management Tool for Security Professionals

Red-Team

pySimReader: A Python-Based SIM Card Management Tool for Security Professionals

pySimReader is a Python-based utility designed for managing GSM SIM cards, offering functionalities like phonebook and SMS...

Display Protocol Vulnerabilities: Exploiting EDID, HDMI Side-Channels, and Digital Signage

Red-Team

Display Protocol Vulnerabilities: Exploiting EDID, HDMI Side-Channels, and Digital Signage

Display interfaces like HDMI, DVI, and DisplayPort contain overlooked attack surfaces that security professionals should understand. Research...

Soffid Console Java Deserialization Vulnerability (CVE-2025-32408): Technical Analysis and Mitigation

CVE News

Soffid Console Java Deserialization Vulnerability (CVE-2025-32408): Technical Analysis and Mitigation

A newly disclosed vulnerability in Soffid Console (CVE-2025-32408) exposes systems to remote code execution through insecure Java...

UK Court Rules Against Secret Hearings in Apple Encryption Dispute

Cyber Laws & Regulations

UK Court Rules Against Secret Hearings in Apple Encryption Dispute

The UK’s Investigatory Powers Tribunal has ruled that the legal dispute between Apple and the UK government...

From CIA to VC: How Eric Slesinger Is Shaping Europe’s Defense Tech Landscape

Threat Intelligence

From CIA to VC: How Eric Slesinger Is Shaping Europe’s Defense Tech Landscape

Eric Slesinger, a 35-year-old former CIA officer, has emerged as a key figure in Europe’s defense technology...

Australia’s Pension Funds Hit by Coordinated Cyberattacks: Technical Breakdown

Data Breach

Australia’s Pension Funds Hit by Coordinated Cyberattacks: Technical Breakdown

Australia’s largest pension funds, including AustralianSuper and Rest Super, were targeted in a series of coordinated cyberattacks,...

Ransomware Groups and Russian Hackers Adopt Fast-Flux DNS for Infrastructure Evasion

Threat Intelligence

Ransomware Groups and Russian Hackers Adopt Fast-Flux DNS for Infrastructure Evasion

Cybercriminal groups, including ransomware operators and Russian state-sponsored actors, are reviving an old technique called “fast flux”...

China’s Deep-Sea Electromagnetic Device: Assessing the Threat to Undersea Infrastructure

Threat Intelligence

China’s Deep-Sea Electromagnetic Device: Assessing the Threat to Undersea Infrastructure

Recent reports of a Chinese deep-sea electromagnetic device capable of disrupting global communications and energy networks have...

2025 Threat Detection Report: Key Strategies for Security Teams

Threat Intelligence

2025 Threat Detection Report: Key Strategies for Security Teams

The 2025 Threat Detection Report highlights critical trends and actionable strategies for security teams to counter emerging...

Morphing Meerkat PhaaS Operation Leverages DNS-over-HTTPS for Evasion

Threat Intelligence

Morphing Meerkat PhaaS Operation Leverages DNS-over-HTTPS for Evasion

A newly identified phishing-as-a-service (PhaaS) operation, dubbed Morphing Meerkat by researchers, has adopted DNS-over-HTTPS (DoH) to bypass...

SHELBY Malware Campaign: GitHub Abuse for C2 Operations in Iraqi Telecom Attacks

Malware Analysis

SHELBY Malware Campaign: GitHub Abuse for C2 Operations in Iraqi Telecom Attacks

Elastic Security Labs has uncovered a sophisticated malware campaign targeting Iraq’s telecommunications sector, utilizing a new malware...

AI-Powered Red Teaming: Evolving Tactics in Cybersecurity

Red-Team

AI-Powered Red Teaming: Evolving Tactics in Cybersecurity

Recent research highlights a significant shift in red team operations as artificial intelligence becomes more sophisticated. A...

Active Directory Security: Exploiting and Mitigating GenericWrite DACL Vulnerabilities

Blue-Team

Active Directory Security: Exploiting and Mitigating GenericWrite DACL Vulnerabilities

Active Directory’s Discretionary Access Control Lists (DACLs) serve as fundamental security mechanisms governing object permissions within directory...

Active Directory Security: Detecting and Mitigating WriteDacl Abuse Risks

Blue-Team

Active Directory Security: Detecting and Mitigating WriteDacl Abuse Risks

Active Directory Discretionary Access Control Lists (DACLs) serve as a fundamental security mechanism governing access to directory...

Active Directory Security Testing with Netexec: A Red Team Perspective

Red-Team

Active Directory Security Testing with Netexec: A Red Team Perspective

Active Directory penetration testing remains a cornerstone of enterprise security assessments, with tools like Netexec providing robust...

Active Directory Security: Detecting and Mitigating WriteOwner Permission Abuse

News

Active Directory Security: Detecting and Mitigating WriteOwner Permission Abuse

Misconfigured WriteOwner permissions in Active Directory can enable attackers to take ownership of critical objects, bypass security...

Diamond Ticket Attacks: The Stealthy Kerberos Exploit Targeting Active Directory

Red-Team

Diamond Ticket Attacks: The Stealthy Kerberos Exploit Targeting Active Directory

The Diamond Ticket attack represents an advanced exploitation technique targeting Active Directory environments by manipulating Kerberos authentication...

Active Directory Security: Mitigating Risks from Pre-Windows 2000 Compatibility Weaknesses

Blue-Team

Active Directory Security: Mitigating Risks from Pre-Windows 2000 Compatibility Weaknesses

Legacy configurations in Active Directory (AD) often introduce security vulnerabilities, and one of the most persistent risks...

Shadow Credentials Attack: Exploiting Active Directory for Stealthy Privilege Escalation

Blue-Team

Shadow Credentials Attack: Exploiting Active Directory for Stealthy Privilege Escalation

A Shadow Credentials attack is an advanced exploitation technique targeting Active Directory Certificate Services (AD CS), enabling...

GhostPack: Red Team Tactics for Active Directory Exploitation and Defense

Red-Team

GhostPack: Red Team Tactics for Active Directory Exploitation and Defense

Active Directory (AD) remains a prime target for attackers due to its central role in enterprise authentication...

Posts pagination

Previous 1 2 3 4 5 6 Next

Offensive Security

pySimReader: A Python-Based SIM Card Management Tool for Security Professionals

Display Protocol Vulnerabilities: Exploiting EDID, HDMI Side-Channels, and Digital Signage

Soffid Console Java Deserialization Vulnerability (CVE-2025-32408): Technical Analysis and Mitigation

UK Court Rules Against Secret Hearings in Apple Encryption Dispute

From CIA to VC: How Eric Slesinger Is Shaping Europe’s Defense Tech Landscape

Australia’s Pension Funds Hit by Coordinated Cyberattacks: Technical Breakdown

Ransomware Groups and Russian Hackers Adopt Fast-Flux DNS for Infrastructure Evasion

China’s Deep-Sea Electromagnetic Device: Assessing the Threat to Undersea Infrastructure

2025 Threat Detection Report: Key Strategies for Security Teams

SHELBY Malware Campaign: GitHub Abuse for C2 Operations in Iraqi Telecom Attacks

AI-Powered Red Teaming: Evolving Tactics in Cybersecurity

Active Directory Security: Exploiting and Mitigating GenericWrite DACL Vulnerabilities

Active Directory Security: Detecting and Mitigating WriteDacl Abuse Risks

Active Directory Security Testing with Netexec: A Red Team Perspective

Active Directory Security: Detecting and Mitigating WriteOwner Permission Abuse

Diamond Ticket Attacks: The Stealthy Kerberos Exploit Targeting Active Directory

Active Directory Security: Mitigating Risks from Pre-Windows 2000 Compatibility Weaknesses

Shadow Credentials Attack: Exploiting Active Directory for Stealthy Privilege Escalation

GhostPack: Red Team Tactics for Active Directory Exploitation and Defense

You may have missed

Procolored Printer Drivers Distributed Malware for Six Months: Technical Analysis and Mitigation

Tor Oniux: Kernel-Level Network Anonymization for Linux Applications

Google Chrome’s Security Update: Blocking Admin-Level Launches in Windows

Australian Human Rights Commission Data Breach: Technical Analysis and Impact