#redteam — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #redteam, aggregated by home.social.
-
What is Web Security and Web Penetration Testing Tools
In this article, I cover essential web penetration testing tools and how they fit into different stages of the assessment process.
https://denizhalil.com/2024/12/19/web-penetration-testing-tools/#CyberSecurity #WebSecurity #Pentesting #BurpSuite #Nmap #SQLMap #BugBounty #RedTeam #InfoSec #EthicalHacking #SecurityTools #DenizHalil
-
----------------
🛠️ Tool
===================claude-osint is a paired set of skills for the Claude skills system, built by ElementalSoul (GenAI Security Research). Rather than a standalone script, it integrates into Claude's skill infrastructure, providing structured tradecraft for external reconnaissance during authorized red-team and bug-bounty engagements.
The project delivers two SKILL.md files you drop into ~/.claude/skills/:
• osint-methodology (455 lines): Strategic and procedural. Covers asset-graph discipline, severity rubric, time budgeting with four profiles (1h, 4h, 1d, 1w), identity-fabric mapping, and deliverable templates.
• offensive-osint (4,168 lines): Tactical arsenal. Probe paths, regexes, payloads, scoring rules, curl one-liners, and tool URLs.Together they cover 90+ modules across 12 domains.
Reconnaissance & Asset Discovery includes a 5-stage pipeline with time-budget profiles, subdomain enumeration via crt.sh with a 7-source fallback chain (handles crt.sh 502s), common-prefix sweeps in PowerShell and bash (100+ prefixes), Wayback CDX deep mining with legacy-app pivots targeting .asp/.php/.jsp/.cfm, WHOIS/RDAP and historical-WHOIS with reverse-WHOIS pivots, public records lookups (OpenCorporates, SEC EDGAR, GSXT, Rusprofile, Companies House), and bulk IP-to-ASN correlation via Cymru, RIPEstat, bgp.tools.
Identity & SSO Mapping covers Microsoft Entra (Azure AD) tenant fingerprinting with GUID extraction, M365 deep enumeration (Teams federation, SharePoint, OneDrive, OAuth, device-code phishing), Autodiscover IP correlation for passive M365 confirmation even when MX records are wrapped by Mimecast/Proofpoint, Okta tenant slug and /api/v1/authn user enumeration, ADFS fingerprinting with mex endpoints, Google Workspace OIDC discovery, generic OIDC providers (Auth0, Keycloak, Ping, OneLogin, Duo), SAML metadata across 5 paths, and AWS account-ID extraction from headers and ARN regexes.
Web Application Attack Surface covers Swagger/OpenAPI discovery across 28 paths, GraphQL discovery and introspection across 13 paths, field-suggestion enumeration when introspection is disabled, alias batching and depth bypass, and 15 always-on HTTP checks (.git, .env, actuator, heapdump).
Additional capabilities: 48 secret-regex patterns, 9 read-only credential validators, 27 attack-path templates, secret_scan.py (stdlib-only), h1_reference.py (HackerOne disclosed-reports agent).
Self-reported: 96.9% pass on 32-prompt evaluation, 85-90% estimated practitioner coverage. Four end-to-end walkthroughs included. Metrics are self-reported and lack independent verification. Claude-specific, authorized-use only.
🔹 tool #OSINT #redteam #claude #reconnaissance
-
What is Silver Ticket Attack: A Comprehensive Guide
In this article, I cover how Silver Ticket attacks work, common exploitation scenarios, detection techniques, and mitigation strategies.
https://denizhalil.com/2026/05/27/silver-ticket-attack-comprehensive-guide/#CyberSecurity #ActiveDirectory #SilverTicket #Kerberos #CredentialAccess #RedTeam #BlueTeam #Pentesting #WindowsSecurity #InfoSec #ThreatDetection #DenizHalil
-
What is Silver Ticket Attack: A Comprehensive Guide
In this article, I cover how Silver Ticket attacks work, common exploitation scenarios, detection techniques, and mitigation strategies.
https://denizhalil.com/2026/05/27/silver-ticket-attack-comprehensive-guide/#CyberSecurity #ActiveDirectory #SilverTicket #Kerberos #CredentialAccess #RedTeam #BlueTeam #Pentesting #WindowsSecurity #InfoSec #ThreatDetection #DenizHalil
-
What is Silver Ticket Attack: A Comprehensive Guide
In this article, I cover how Silver Ticket attacks work, common exploitation scenarios, detection techniques, and mitigation strategies.
https://denizhalil.com/2026/05/27/silver-ticket-attack-comprehensive-guide/#CyberSecurity #ActiveDirectory #SilverTicket #Kerberos #CredentialAccess #RedTeam #BlueTeam #Pentesting #WindowsSecurity #InfoSec #ThreatDetection #DenizHalil
-
----------------
🎥 Video
===================Jason Haddix delivered a talk at NDC Security 2026 in Oslo titled "Attacking AI," presenting findings from Arcanum's AI security assessments conducted in 2024 and 2025.
The core contribution is a 7-point methodology for assessing AI-enabled systems, specifically those that connect LLMs to web applications and internal tools. This is distinct from academic AI red teaming, which often focuses on getting frontier models to produce policy-violating outputs in isolation. Haddix emphasizes that real-world AI assessments involve integrated systems where the LLM is a component, not the entire attack surface.
Key technical points:
• The methodology addresses the gap between academic prompt injection research and practical assessment of production AI systems
• Arcanum released a prompt injection taxonomy as a resource for testers, categorizing attack vectors specific to LLM-integrated applications
• Haddix drew on experience from AI CTFs, notably the Bad Words competition run by the Bossy Group, who operate the "Ply the prompter" jailbreak methodology and routinely break frontier models within 24 hours of release
• The CTF context involved getting safety-tuned models to produce prohibited outputs (drug synthesis, explicit content), which maps to the bypass techniques relevant to production assessmentsPractical implications:
The distinction between academic red teaming and production assessment is substantive. In production, the LLM is connected to data stores, APIs, and user-facing interfaces. Attack vectors expand beyond pure prompt engineering to include context manipulation, RAG poisoning, and privilege escalation through the LLM's integrations.
The taxonomy and methodology are positioned as practitioner resources rather than theoretical frameworks, which fills a genuine gap. Most publicly available AI assessment content leans academic.
Haddix has 21+ years in offensive security and transitioned to AI assessments roughly two years ago when existing pentest clients began integrating LLMs into their applications.
🔹 AI_Security #PromptInjection #RedTeam #LLM #Arcanum
-
Ok ya implementé todos los cambios del tema. En par de días implementaré los cambios del código y empezaré a cargar los datos y a probarlos. Necesitaré 2 o 3 beta testers para que me ayuden a solucionar problemas y me den consejos antes d lanzar la beta en vivo. https://learn2hack.today/ #offensivesecurity #redteam #ctf #hackinghistory #learn2hack #mentoring #mentor Si te interesa ser mentor y quieres participar en la beta test, completa el formulario en el enlace del sitio y contáctame en privado
-
Ok ya implementé todos los cambios del tema. En par de días implementaré los cambios del código y empezaré a cargar los datos y a probarlos. Necesitaré 2 o 3 beta testers para que me ayuden a solucionar problemas y me den consejos antes d lanzar la beta en vivo. https://learn2hack.today/ #offensivesecurity #redteam #ctf #hackinghistory #learn2hack #mentoring #mentor Si te interesa ser mentor y quieres participar en la beta test, completa el formulario en el enlace del sitio y contáctame en privado
-
Ok ya implementé todos los cambios del tema. En par de días implementaré los cambios del código y empezaré a cargar los datos y a probarlos. Necesitaré 2 o 3 beta testers para que me ayuden a solucionar problemas y me den consejos antes d lanzar la beta en vivo. https://learn2hack.today/ #offensivesecurity #redteam #ctf #hackinghistory #learn2hack #mentoring #mentor Si te interesa ser mentor y quieres participar en la beta test, completa el formulario en el enlace del sitio y contáctame en privado
-
Ok ya implementé todos los cambios del tema. En par de días implementaré los cambios del código y empezaré a cargar los datos y a probarlos. Necesitaré 2 o 3 beta testers para que me ayuden a solucionar problemas y me den consejos antes d lanzar la beta en vivo. https://learn2hack.today/ #offensivesecurity #redteam #ctf #hackinghistory #learn2hack #mentoring #mentor Si te interesa ser mentor y quieres participar en la beta test, completa el formulario en el enlace del sitio y contáctame en privado
-
HackTheBox. Прохождение Mini Pro Lab Puppet
Вам поручено провести проверку на проникновение в компанию Puppet Inc . Компания не разрешает передачу данных за пределы внутренней сети, поэтому внутри компании был создан сервер управления и контроля ( C2 ), и сотрудник запустил вредоносную программу для имитации успешной атаки с использованием методов социальной инженерии. Puppet — это небольшой сценарий Active Directory , в котором вы начинаете с уже работающего маяка Sliver C2 на внутренней системе. Он предназначен для отработки работы в рамках C2 -инфраструктуры в современной, сложной гибридной среде. Puppet разработан для специалистов по тестированию на проникновение и « красных команд », ищущих быструю и сложную лабораторию с уже настроенной C2 -инфраструктурой для отработки операций C2 . Эта лаборатория « Оператор красной команды уровня I » познакомит игроков со следующими темами: - Перечисление - Перечисление и атаки на Active Directory - Эксплуатация инфраструктуры DevOps - Боковое перемещение - Локальное повышение привилегий - Операции C2
-
HackTheBox. Прохождение Mini Pro Lab Puppet
Вам поручено провести проверку на проникновение в компанию Puppet Inc . Компания не разрешает передачу данных за пределы внутренней сети, поэтому внутри компании был создан сервер управления и контроля ( C2 ), и сотрудник запустил вредоносную программу для имитации успешной атаки с использованием методов социальной инженерии. Puppet — это небольшой сценарий Active Directory , в котором вы начинаете с уже работающего маяка Sliver C2 на внутренней системе. Он предназначен для отработки работы в рамках C2 -инфраструктуры в современной, сложной гибридной среде. Puppet разработан для специалистов по тестированию на проникновение и « красных команд », ищущих быструю и сложную лабораторию с уже настроенной C2 -инфраструктурой для отработки операций C2 . Эта лаборатория « Оператор красной команды уровня I » познакомит игроков со следующими темами: - Перечисление - Перечисление и атаки на Active Directory - Эксплуатация инфраструктуры DevOps - Боковое перемещение - Локальное повышение привилегий - Операции C2
-
HackTheBox. Прохождение Mini Pro Lab Puppet
Вам поручено провести проверку на проникновение в компанию Puppet Inc . Компания не разрешает передачу данных за пределы внутренней сети, поэтому внутри компании был создан сервер управления и контроля ( C2 ), и сотрудник запустил вредоносную программу для имитации успешной атаки с использованием методов социальной инженерии. Puppet — это небольшой сценарий Active Directory , в котором вы начинаете с уже работающего маяка Sliver C2 на внутренней системе. Он предназначен для отработки работы в рамках C2 -инфраструктуры в современной, сложной гибридной среде. Puppet разработан для специалистов по тестированию на проникновение и « красных команд », ищущих быструю и сложную лабораторию с уже настроенной C2 -инфраструктурой для отработки операций C2 . Эта лаборатория « Оператор красной команды уровня I » познакомит игроков со следующими темами: - Перечисление - Перечисление и атаки на Active Directory - Эксплуатация инфраструктуры DevOps - Боковое перемещение - Локальное повышение привилегий - Операции C2
-
HackTheBox. Прохождение Mini Pro Lab Puppet
Вам поручено провести проверку на проникновение в компанию Puppet Inc . Компания не разрешает передачу данных за пределы внутренней сети, поэтому внутри компании был создан сервер управления и контроля ( C2 ), и сотрудник запустил вредоносную программу для имитации успешной атаки с использованием методов социальной инженерии. Puppet — это небольшой сценарий Active Directory , в котором вы начинаете с уже работающего маяка Sliver C2 на внутренней системе. Он предназначен для отработки работы в рамках C2 -инфраструктуры в современной, сложной гибридной среде. Puppet разработан для специалистов по тестированию на проникновение и « красных команд », ищущих быструю и сложную лабораторию с уже настроенной C2 -инфраструктурой для отработки операций C2 . Эта лаборатория « Оператор красной команды уровня I » познакомит игроков со следующими темами: - Перечисление - Перечисление и атаки на Active Directory - Эксплуатация инфраструктуры DevOps - Боковое перемещение - Локальное повышение привилегий - Операции C2
-
Frameworks para testar IA e benchmark de Cyber Segurança
Quer saber como testar uma IA e descobrir se ela é segura ou utilizável em Cyber Segurança? 🤖🛡️
- Dois focos principais:
• Testar a IA para encontrar vulnerabilidades no modelo (encontrar falhas, prompts que vazam ou comportamentos indesejados).
• Fazer um benchmark para avaliar se essa IA pode ser usada na área de Cyber Segurança — especialmente...#IA #CyberSegurança #RedTeam #Vulnerabilidades #Benchmark #Segurança #MorningCrypto
-
Frameworks para testar IA e benchmark de Cyber Segurança
Quer saber como testar uma IA e descobrir se ela é segura ou utilizável em Cyber Segurança? 🤖🛡️
- Dois focos principais:
• Testar a IA para encontrar vulnerabilidades no modelo (encontrar falhas, prompts que vazam ou comportamentos indesejados).
• Fazer um benchmark para avaliar se essa IA pode ser usada na área de Cyber Segurança — especialmente...#IA #CyberSegurança #RedTeam #Vulnerabilidades #Benchmark #Segurança #MorningCrypto
-
Released v1.3.3. of #Yaralyzer, my surprisingly popular tool for visualizing YARA rule matches with colors (a lot of colors).
1. --export-png images lets you export images of the analysis
2. almost all command line options (including multi argument ones like --yara-rules-dir) can be permanently set via environment variables or .yaralyzer file
3. couple of small bug fixes and debugging related command line options
You can try it on the web here: https://yaratoolkit.securitybreak.io/
(I didn't build this website, Thomas Roccia from Microsoft just integrated Yaralyzer into his existing site)- Github: https://github.com/michelcrypt4d4mus/yaralyzer
- Pypi: https://pypi.org/project/yaralyzer/
- on macOS you can also get it with #Homebrew by installing Pdfalyzer: brew install pdfalyzer#ascii #asciiArt #blueteam #cybersecurity #detectionEngineering #DFIR #forensics #FOSS #GPL #hacking #infosec #KaliLinux #maldoc #malware #malwareAnalysis #malwareDetection #openSource #pypi #python #redteam #reverseEngineering #reversing #Threatassessment #threathunting #YARA #YARArule #YARArules
-
Released v1.3.3. of #Yaralyzer, my surprisingly popular tool for visualizing YARA rule matches with colors (a lot of colors).
1. --export-png images lets you export images of the analysis
2. almost all command line options (including multi argument ones like --yara-rules-dir) can be permanently set via environment variables or .yaralyzer file
3. couple of small bug fixes and debugging related command line options
You can try it on the web here: https://yaratoolkit.securitybreak.io/
(I didn't build this website, Thomas Roccia from Microsoft just integrated Yaralyzer into his existing site)- Github: https://github.com/michelcrypt4d4mus/yaralyzer
- Pypi: https://pypi.org/project/yaralyzer/
- on macOS you can also get it with #Homebrew by installing Pdfalyzer: brew install pdfalyzer#ascii #asciiArt #blueteam #cybersecurity #detectionEngineering #DFIR #forensics #FOSS #GPL #hacking #infosec #KaliLinux #maldoc #malware #malwareAnalysis #malwareDetection #openSource #pypi #python #redteam #reverseEngineering #reversing #Threatassessment #threathunting #YARA #YARArule #YARArules
-
Released v1.3.3. of #Yaralyzer, my surprisingly popular tool for visualizing YARA rule matches with colors (a lot of colors).
1. --export-png images lets you export images of the analysis
2. almost all command line options (including multi argument ones like --yara-rules-dir) can be permanently set via environment variables or .yaralyzer file
3. couple of small bug fixes and debugging related command line options
You can try it on the web here: https://yaratoolkit.securitybreak.io/
(I didn't build this website, Thomas Roccia from Microsoft just integrated Yaralyzer into his existing site)- Github: https://github.com/michelcrypt4d4mus/yaralyzer
- Pypi: https://pypi.org/project/yaralyzer/
- on macOS you can also get it with #Homebrew by installing Pdfalyzer: brew install pdfalyzer#ascii #asciiArt #blueteam #cybersecurity #detectionEngineering #DFIR #forensics #FOSS #GPL #hacking #infosec #KaliLinux #maldoc #malware #malwareAnalysis #malwareDetection #openSource #pypi #python #redteam #reverseEngineering #reversing #Threatassessment #threathunting #YARA #YARArule #YARArules
-
Released v1.3.3. of #Yaralyzer, my surprisingly popular tool for visualizing YARA rule matches with colors (a lot of colors).
1. --export-png images lets you export images of the analysis
2. almost all command line options (including multi argument ones like --yara-rules-dir) can be permanently set via environment variables or .yaralyzer file
3. couple of small bug fixes and debugging related command line options
You can try it on the web here: https://yaratoolkit.securitybreak.io/
(I didn't build this website, Thomas Roccia from Microsoft just integrated Yaralyzer into his existing site)- Github: https://github.com/michelcrypt4d4mus/yaralyzer
- Pypi: https://pypi.org/project/yaralyzer/
- on macOS you can also get it with #Homebrew by installing Pdfalyzer: brew install pdfalyzer#ascii #asciiArt #blueteam #cybersecurity #detectionEngineering #DFIR #forensics #FOSS #GPL #hacking #infosec #KaliLinux #maldoc #malware #malwareAnalysis #malwareDetection #openSource #pypi #python #redteam #reverseEngineering #reversing #Threatassessment #threathunting #YARA #YARArule #YARArules
-
Released v1.3.3. of #Yaralyzer, my surprisingly popular tool for visualizing YARA rule matches with colors (a lot of colors).
1. --export-png images lets you export images of the analysis
2. almost all command line options (including multi argument ones like --yara-rules-dir) can be permanently set via environment variables or .yaralyzer file
3. couple of small bug fixes and debugging related command line options
You can try it on the web here: https://yaratoolkit.securitybreak.io/
(I didn't build this website, Thomas Roccia from Microsoft just integrated Yaralyzer into his existing site)- Github: https://github.com/michelcrypt4d4mus/yaralyzer
- Pypi: https://pypi.org/project/yaralyzer/
- on macOS you can also get it with #Homebrew by installing Pdfalyzer: brew install pdfalyzer#ascii #asciiArt #blueteam #cybersecurity #detectionEngineering #DFIR #forensics #FOSS #GPL #hacking #infosec #KaliLinux #maldoc #malware #malwareAnalysis #malwareDetection #openSource #pypi #python #redteam #reverseEngineering #reversing #Threatassessment #threathunting #YARA #YARArule #YARArules
-
forgetting to change web admin credentials during red v blue event and just getting absolutely blasted for 5 hours straight
tl;dr: I choked CCDC quals, AMA
-
forgetting to change web admin credentials during red v blue event and just getting absolutely blasted for 5 hours straight
tl;dr: I choked CCDC quals, AMA
-
forgetting to change web admin credentials during red v blue event and just getting absolutely blasted for 5 hours straight
tl;dr: I choked CCDC quals, AMA
-
CW: meta
-
Linux Privilege Escalation Cheat Sheet: Techniques and Prevention.
In this cheat sheet, I break down essential enumeration commands, common escalation paths, and practical techniques every security professional should know.
https://denizhalil.com/2025/06/30/linux-privilege-escalation-cheat-sheet/#CyberSecurity #LinuxSecurity #PrivilegeEscalation #Pentesting #RedTeam #BlueTeam #InfoSec #ethicalhacking #SecurityEngineering #itsecurity
-
UDP Network Monitoring with C++: A Comprehensive Guide
In this guide, I demonstrate how to build a UDP packet sniffer in C++ using raw sockets, parse packet headers, and extract key data like source/destination IPs and ports.
https://denizhalil.com/2025/07/14/udp-network-monitoring-cpp-packet-sniffer/#CyberSecurity #NetworkMonitoring #PacketSniffer #UDP #Cpp #NetworkSecurity #InfoSec #BlueTeam #RedTeam #InfoSec #securityengineering #denizhalil
-
Spoofing Packets with Scapy: A Comprehensive Guide
In this article, I cover how packet spoofing works with Scapy, practical use cases, and key security implications.
https://denizhalil.com/2025/07/22/spoofing-packets-with-scapy-a-comprehensive-guide/#CyberSecurity #Scapy #PacketSpoofing #NetworkSecurity #Python #EthicalHacking #RedTeam #BlueTeam #Pentesting #InfoSec #SecurityEngineering #denizhalil
-
Cybersecurity Interview Questions and Answer Tips
In this article, I cover the most common cybersecurity interview questions and how to approach them effectively.
https://denizhalil.com/2025/12/08/cybersecurity-interview-questions-2025/
#CyberSecurity #InfoSec #CyberSecurityCareer #InterviewPrep #SOC #RedTeam #BlueTeam #ITSecurity #CareerDevelopment #EthicalHacking #SecurityEngineering #denizhalil
-
Python C2 Server for Red Teaming: A Comprehensive Hands-On Guide
In this guide, I walk through building a Python-based C2 server, covering its architecture, encrypted communication, and real-world operational workflow.
https://denizhalil.com/2025/12/15/python-c2-server-red-teaming-guide/#CyberSecurity #RedTeam #C2 #commandandcontrol #Python #offensivesecurity #Pentesting #infosec #threatdetection #blueteam #securityengineering #ethicalhacking
-
What is SNMP Security and Exploitation: A Comprehensive Guide
In this article, I cover how SNMP exploitation works, common vulnerabilities, and how to properly secure it.
https://denizhalil.com/2026/01/21/snmp-security-exploitation-guide#CyberSecurity #SNMP #NetworkSecurity #InfoSec #InfrastructureSecurity #BlueTeam #RedTeam #Pentesting #ITSecurity #SecurityEngineering #DenizHalil
-
SSH Tunneling and Port Forwarding Techniques: A Comprehensive Guide
In this article, I cover:
* How SSH tunneling works under the hood
* Local, remote, and dynamic port forwarding techniques
* Real-world use cases (databases, internal services, pivoting)
* Security risks and hardening recommendationshttps://denizhalil.com/2026/02/02/ssh-tunneling-port-forwarding-guide/
#CyberSecurity #sshtunneling #portforwarding #NetworkSecurity #Linux #RedTeam #BlueTeam #Pentesting #InfoSec #securityengineering #EthicalHacking #ITSecurity
-
Day 1 of posting to social media until I get an offensive security research job
First, I’m going to start with what I know – Windows. I need to recreate what I had access to at Microsoft, so that starts by setting up a dev environment and finding a copy of Windows System Internals, perhaps the greatest resource for learning Windows out there. My expertise is in Windows and virtualization, so I’m going to make sure I master those areas.
Next, I don’t think I want to grind coding exercises, but I do need to shake the rust off my coding skills. I think I’m going to start with some HackTheBox challenges and find some CTFs to participate in.
Finally, my long overdue goal: learn Rust. I’m not sure if this will help immediately, as I could choose to improve my knowledge of Python. But Rust was getting more and more popular in the areas of Windows I was tasked with protecting, so I need to learn what all the fuss is about with regards to memory safety.
If anyone is on a similar journey, let’s hold each other accountable in the comments! I will be sure to document any write-ups at blog.maxrenke.com (work in progress).#OffensiveSecurity #CyberSecurity #WindowsInternals #HackTheBox #CTF #EthicalHacking #RedTeam #BlueTeam #RustLang #PythonProgramming #DevEnvironment #InfoSec #CyberCareer #SecurityResearch #MemorySafety #CyberCommunity #JobSearch #TechJourney #SecurityEngineering #Pentesting #LearningEveryDay
-
🚨 Most people think red teaming is about exploits.
It’s not.
The most effective attacks today don’t start with vulnerabilities —
they start with **trust**.Modern environments are cloud-heavy, identity-driven, and full of SaaS integrations. In these systems, attackers don’t always need to “break in.”
They move quietly through:
• Over-permissioned identities
• Weak approval workflows
• Misconfigured cloud roles
• OAuth tokens and API access
• Human behavior under pressure
• Business processes no one questionsThis is what I’ve been studying and calling the **Quiet Kill Chain** —
a sequence of legitimate-looking actions that, when chained together, become an attack path.No loud exploits.
No obvious malware.
Just normal activity… used the wrong way.## What changes at an advanced level?
You stop asking:
“What exploit should I use?”And start asking:
• Where does this system trust too easily?
• Which action would look completely normal?
• What would defenders ignore?
• How can I blend into business operations?Because the strongest intrusion today is not the one that is invisible.
It’s the one that looks **legitimate**.
## My takeaway
Offensive security is shifting from breaking systems
to understanding them deeply enough to move inside them unnoticed.I’ve written a full deep-dive on this concept here 👇
Curious to hear your thoughts —
Is detection today ready for this level of subtlety?#CyberSecurity #RedTeam #OffensiveSecurity #ThreatIntel #CloudSecurity #IdentitySecurity #EthicalHacking #BlackCipher
-
NoSQL Injection Attacks: MongoDB, CouchDB, and More – NoSQL injection
In this article, I cover how NoSQL injection works, common attack vectors, and practical mitigation techniques.
https://denizhalil.com/2025/12/23/nosql-injection-attacks-mongodb-couchdb/#CyberSecurity #NoSQL #MongoDB #CouchDB #WebSecurity #AppSec #Injection #InfoSec #Pentesting #RedTeam #BlueTeam #securecoding
-
⚠️ Niveles de Transparencia en OSINT 🔥 https://www.reydes.com/e/Niveles_de_Transparencia_en_OSINT #cybersecurity #hacking #redteam #forensics #dfir #osint -
⚠️ Registrar Todo en OSINT 🔥 https://www.reydes.com/e/Registrar_Todo_en_OSINT #cybersecurity #hacking #redteam #forensics #dfir #osint -
⚠️ Como Documentar en OSINT 🔥 https://www.reydes.com/e/Como_Documentar_en_OSINT #cybersecurity #hacking #redteam #forensics #dfir #osint -
⚠️ Importancia de las Anotaciones en OSINT (Parte II) 🔥 https://www.reydes.com/e/Importancia_de_las_Anotaciones_en_OSINT_Parte_II #cybersecurity #hacking #redteam #forensics #dfir #osint -
You need communication resilience and security. Security cannot be black box, platform and operating system needs to be in house. Crypto agility and geostationary routing. I think you need something way better.
#comsec #opsec #resilience #redteam #satcom #dfir #outofband #preparedness -
What is NetBIOS and SMB Exploitation Techniques: A Practical Guide
In this article, I cover key exploitation techniques, real-world attack scenarios, and how to secure these services effectively.
https://denizhalil.com/2026/01/15/netbios-smb-exploitation-techniques-guide/
#CyberSecurity #SMB #NetBIOS #NetworkSecurity #ActiveDirectory #RedTeam #BlueTeam #Pentesting #InfoSec #WindowsSecurity #EthicalHacking #ITSecurity #DenizHalil
-
CW: Urgently seeking work, please boost 🙏
Good day netizens. Blue has returned after 10 years in tech, once again on the job hunt. I have worked a variety of roles from hands-on computer repair to NOC tech to Sys admin and more. In that time, I have accrued several certifications including the #Swimlane Certified #SOAR Administrator, #CompTIA #Network+, #Security+, #Pentest+, #CertifiedNetworkVulnerabilityProfessional, and #CASP+. I'm currently looking for #remotework for anywhere in the #US . I'm targeting #cybersecurity roles, since that is what I am passionate about and my certifications are focused in, but I am also open to other IT roles such as software engineer, dev ops, etc. I'm a #transgender woman trying to provide for her #LGBTQIA family and any pay would greatly help us make ends meet as we try to survive in this refuge state where the cost of living is so much higher than back home. Boosts and sharing is welcome, thanks for your time and help. #getfedihired #breakingintoinfosec #infosec #informationtechnology #sysadmin #netadmin #redteam #pentest
-
A friend of mine got red teamed at work once. She left her workstation unlocked during the lunch break, and when she came back there as a slideshow in full screen saying "Your computer was hacked, don't touch anything and call the phone number below". Has something like this ever happened to you?
-
🍵 HTB Support Walkthrough 🍵
Learn how to perform:
- LDAP Enumeration
- .NET Reverse Engineering
- Bloodhound Enumeration
- Resource Based Constraint Delegation🎬️Watch it here:
https://www.youtube.com/watch?v=VIgskjoELo0#HTB #HackTheBox #OSCP #Pentesting #EthicalHacking #Cybersecurity #RedTeam #CTF
-
🍵 HTB Support Walkthrough 🍵
Learn how to perform:
- LDAP Enumeration
- .NET Reverse Engineering
- Bloodhound Enumeration
- Resource Based Constraint Delegation🎬️Watch it here:
https://www.youtube.com/watch?v=VIgskjoELo0#HTB #HackTheBox #OSCP #Pentesting #EthicalHacking #Cybersecurity #RedTeam #CTF
-
🍵 HTB Sauna Walkthrough 🍵
Learn how to perform:
- Username Enumeration
- AS-REP Roasting
- BloodHound Enumeration
- DCSync Attack🎬️Watch it here:
https://www.youtube.com/watch?v=WsBBGzcq0nI#HTB #HackTheBox #OSCP #Pentesting #EthicalHacking #Cybersecurity #RedTeam #CTF
-
🍵 HTB Sauna Walkthrough 🍵
Learn how to perform:
- Username Enumeration
- AS-REP Roasting
- BloodHound Enumeration
- DCSync Attack🎬️Watch it here:
https://www.youtube.com/watch?v=WsBBGzcq0nI#HTB #HackTheBox #OSCP #Pentesting #EthicalHacking #Cybersecurity #RedTeam #CTF
-
🍵 HTB Sau Walkthrough 🍵
Learn how to:
- Perform SSRF in request-baskets
- Exploit Command Injection in Maltrail🎬️Watch it here:
https://www.youtube.com/watch?v=wNkrm_PSsQU#HTB #HackTheBox #OSCP #Pentesting #EthicalHacking #Cybersecurity #RedTeam #CTF
-
Just uploaded my IOCs/content on my repo for #bslv2024!
-
UDP Network Monitoring with C++: A Comprehensive Guide
In this guide, I demonstrate how to build a UDP packet sniffer in C++ using raw sockets, parse packet headers, and extract key data like source/destination IPs and ports.
https://denizhalil.com/2025/07/14/udp-network-monitoring-cpp-packet-sniffer/#CyberSecurity #NetworkMonitoring #PacketSniffer #UDP #Cpp #NetworkSecurity #InfoSec #BlueTeam #RedTeam #InfoSec #securityengineering #denizhalil