#redteam — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #redteam, aggregated by home.social.
-
🍵 HTB Support Walkthrough 🍵
Learn how to perform:
- LDAP Enumeration
- .NET Reverse Engineering
- Bloodhound Enumeration
- Resource Based Constraint Delegation🎬️Watch it here:
https://www.youtube.com/watch?v=VIgskjoELo0#HTB #HackTheBox #OSCP #Pentesting #EthicalHacking #Cybersecurity #RedTeam #CTF
-
🍵 HTB Support Walkthrough 🍵
Learn how to perform:
- LDAP Enumeration
- .NET Reverse Engineering
- Bloodhound Enumeration
- Resource Based Constraint Delegation🎬️Watch it here:
https://www.youtube.com/watch?v=VIgskjoELo0#HTB #HackTheBox #OSCP #Pentesting #EthicalHacking #Cybersecurity #RedTeam #CTF
-
🍵 HTB Sauna Walkthrough 🍵
Learn how to perform:
- Username Enumeration
- AS-REP Roasting
- BloodHound Enumeration
- DCSync Attack🎬️Watch it here:
https://www.youtube.com/watch?v=WsBBGzcq0nI#HTB #HackTheBox #OSCP #Pentesting #EthicalHacking #Cybersecurity #RedTeam #CTF
-
🍵 HTB Sauna Walkthrough 🍵
Learn how to perform:
- Username Enumeration
- AS-REP Roasting
- BloodHound Enumeration
- DCSync Attack🎬️Watch it here:
https://www.youtube.com/watch?v=WsBBGzcq0nI#HTB #HackTheBox #OSCP #Pentesting #EthicalHacking #Cybersecurity #RedTeam #CTF
-
⚠️ Niveles de Transparencia en OSINT 🔥 https://www.reydes.com/e/Niveles_de_Transparencia_en_OSINT #cybersecurity #hacking #redteam #forensics #dfir #osint -
⚠️ Registrar Todo en OSINT 🔥 https://www.reydes.com/e/Registrar_Todo_en_OSINT #cybersecurity #hacking #redteam #forensics #dfir #osint
-
01net.com: #Cyberattaque #chinoise en cours sur le logiciel populaire #DaemonTools de #Windows : ce logiciel populaire a été #piraté, des milliers d' #ordinateurs #compromis #pirate #hacker #cybersécurité #IPSec #blueteam #redteam www.01net.com/actualites/c...
Cyberattaque chinoise en cours... -
01net.com: #Cyberattaque #chinoise en cours sur le logiciel populaire #DaemonTools de #Windows : ce logiciel populaire a été #piraté, des milliers d' #ordinateurs #compromis #pirate #hacker #cybersécurité #IPSec #blueteam #redteam www.01net.com/actualites/c...
Cyberattaque chinoise en cours... -
01net.com: #Cyberattaque #chinoise en cours sur le logiciel populaire #DaemonTools de #Windows : ce logiciel populaire a été #piraté, des milliers d' #ordinateurs #compromis
-
01net.com: #Cyberattaque #chinoise en cours sur le logiciel populaire #DaemonTools de #Windows : ce logiciel populaire a été #piraté, des milliers d' #ordinateurs #compromis
-
01net.com: #Cyberattaque #chinoise en cours sur le logiciel populaire #DaemonTools de #Windows : ce logiciel populaire a été #piraté, des milliers d' #ordinateurs #compromis
-
01net.com: #Cyberattaque #chinoise en cours sur le logiciel populaire #DaemonTools de #Windows : ce logiciel populaire a été #piraté, des milliers d' #ordinateurs #compromis
-
01net.com: #Cyberattaque #chinoise en cours sur le logiciel populaire #DaemonTools de #Windows : ce logiciel populaire a été #piraté, des milliers d' #ordinateurs #compromis
-
⚠️ Como Documentar en OSINT 🔥 https://www.reydes.com/e/Como_Documentar_en_OSINT #cybersecurity #hacking #redteam #forensics #dfir #osint
-
⚠️ Importancia de las Anotaciones en OSINT (Parte II) 🔥 https://www.reydes.com/e/Importancia_de_las_Anotaciones_en_OSINT_Parte_II #cybersecurity #hacking #redteam #forensics #dfir #osint
-
You need communication resilience and security. Security cannot be black box, platform and operating system needs to be in house. Crypto agility and geostationary routing. I think you need something way better.
#comsec #opsec #resilience #redteam #satcom #dfir #outofband #preparedness -
Linux Privilege Escalation Cheat Sheet: Techniques and Prevention.
In this cheat sheet, I break down essential enumeration commands, common escalation paths, and practical techniques every security professional should know.
https://denizhalil.com/2025/06/30/linux-privilege-escalation-cheat-sheet/#CyberSecurity #LinuxSecurity #PrivilegeEscalation #Pentesting #RedTeam #BlueTeam #InfoSec #ethicalhacking #SecurityEngineering #itsecurity
-
New blog post!
This time I talk about my new favorite evasive shellcode loader, Charon. I give a brief overview about what it does, how it works and which techniques it uses.
Also a brief addendum for enjoyers of bloated Implants such as Sliver.
https://ti-kallisti.com/general/ms/descending-into-hades.html
#InfoSec #Malware #Shellcode #RedTeam #RedTeaming #Pentesting #Charon #Sliver #Merlin #Mythic
-
🍵 HTB Sau Walkthrough 🍵
Learn how to:
- Perform SSRF in request-baskets
- Exploit Command Injection in Maltrail🎬️Watch it here:
https://www.youtube.com/watch?v=wNkrm_PSsQU#HTB #HackTheBox #OSCP #Pentesting #EthicalHacking #Cybersecurity #RedTeam #CTF
-
UDP Network Monitoring with C++: A Comprehensive Guide
In this guide, I demonstrate how to build a UDP packet sniffer in C++ using raw sockets, parse packet headers, and extract key data like source/destination IPs and ports.
https://denizhalil.com/2025/07/14/udp-network-monitoring-cpp-packet-sniffer/#CyberSecurity #NetworkMonitoring #PacketSniffer #UDP #Cpp #NetworkSecurity #InfoSec #BlueTeam #RedTeam #InfoSec #securityengineering #denizhalil
-
UDP Network Monitoring with C++: A Comprehensive Guide
In this guide, I demonstrate how to build a UDP packet sniffer in C++ using raw sockets, parse packet headers, and extract key data like source/destination IPs and ports.
https://denizhalil.com/2025/07/14/udp-network-monitoring-cpp-packet-sniffer/#CyberSecurity #NetworkMonitoring #PacketSniffer #UDP #Cpp #NetworkSecurity #InfoSec #BlueTeam #RedTeam #InfoSec #securityengineering #denizhalil
-
UDP Network Monitoring with C++: A Comprehensive Guide
In this guide, I demonstrate how to build a UDP packet sniffer in C++ using raw sockets, parse packet headers, and extract key data like source/destination IPs and ports.
https://denizhalil.com/2025/07/14/udp-network-monitoring-cpp-packet-sniffer/#CyberSecurity #NetworkMonitoring #PacketSniffer #UDP #Cpp #NetworkSecurity #InfoSec #BlueTeam #RedTeam #InfoSec #securityengineering #denizhalil
-
🚨 Most people think red teaming is about exploits.
It’s not.
The most effective attacks today don’t start with vulnerabilities —
they start with **trust**.Modern environments are cloud-heavy, identity-driven, and full of SaaS integrations. In these systems, attackers don’t always need to “break in.”
They move quietly through:
• Over-permissioned identities
• Weak approval workflows
• Misconfigured cloud roles
• OAuth tokens and API access
• Human behavior under pressure
• Business processes no one questionsThis is what I’ve been studying and calling the **Quiet Kill Chain** —
a sequence of legitimate-looking actions that, when chained together, become an attack path.No loud exploits.
No obvious malware.
Just normal activity… used the wrong way.## What changes at an advanced level?
You stop asking:
“What exploit should I use?”And start asking:
• Where does this system trust too easily?
• Which action would look completely normal?
• What would defenders ignore?
• How can I blend into business operations?Because the strongest intrusion today is not the one that is invisible.
It’s the one that looks **legitimate**.
## My takeaway
Offensive security is shifting from breaking systems
to understanding them deeply enough to move inside them unnoticed.I’ve written a full deep-dive on this concept here 👇
Curious to hear your thoughts —
Is detection today ready for this level of subtlety?#CyberSecurity #RedTeam #OffensiveSecurity #ThreatIntel #CloudSecurity #IdentitySecurity #EthicalHacking #BlackCipher
-
Spoofing Packets with Scapy: A Comprehensive Guide
In this article, I cover how packet spoofing works with Scapy, practical use cases, and key security implications.
https://denizhalil.com/2025/07/22/spoofing-packets-with-scapy-a-comprehensive-guide/#CyberSecurity #Scapy #PacketSpoofing #NetworkSecurity #Python #EthicalHacking #RedTeam #BlueTeam #Pentesting #InfoSec #SecurityEngineering #denizhalil
-
Cybersecurity Interview Questions and Answer Tips
In this article, I cover the most common cybersecurity interview questions and how to approach them effectively.
https://denizhalil.com/2025/12/08/cybersecurity-interview-questions-2025/
#CyberSecurity #InfoSec #CyberSecurityCareer #InterviewPrep #SOC #RedTeam #BlueTeam #ITSecurity #CareerDevelopment #EthicalHacking #SecurityEngineering #denizhalil
-
Python C2 Server for Red Teaming: A Comprehensive Hands-On Guide
In this guide, I walk through building a Python-based C2 server, covering its architecture, encrypted communication, and real-world operational workflow.
https://denizhalil.com/2025/12/15/python-c2-server-red-teaming-guide/#CyberSecurity #RedTeam #C2 #commandandcontrol #Python #offensivesecurity #Pentesting #infosec #threatdetection #blueteam #securityengineering #ethicalhacking
-
NoSQL Injection Attacks: MongoDB, CouchDB, and More – NoSQL injection
In this article, I cover how NoSQL injection works, common attack vectors, and practical mitigation techniques.
https://denizhalil.com/2025/12/23/nosql-injection-attacks-mongodb-couchdb/#CyberSecurity #NoSQL #MongoDB #CouchDB #WebSecurity #AppSec #Injection #InfoSec #Pentesting #RedTeam #BlueTeam #securecoding
-
What are Pass-the-Hash and Pass-the-Ticket Attacks: A Comprehensive Guide
In this article, I cover how these attacks work, their differences, and how to detect and mitigate them.
https://denizhalil.com/2026/01/05/pass-the-hash-pass-the-ticket-attacks-guide/#cybersecurity #ActiveDirectory #PassTheHash #PassTheTicket #credentialaccess #RedTeam #BlueTeam #Pentesting #InfoSec #WindowsSecurity #EthicalHacking #ITSecurity #denizhalil
-
What are Pass-the-Hash and Pass-the-Ticket Attacks: A Comprehensive Guide
In this article, I cover how these attacks work, their differences, and how to detect and mitigate them.
https://denizhalil.com/2026/01/05/pass-the-hash-pass-the-ticket-attacks-guide/#cybersecurity #ActiveDirectory #PassTheHash #PassTheTicket #credentialaccess #RedTeam #BlueTeam #Pentesting #InfoSec #WindowsSecurity #EthicalHacking #ITSecurity #denizhalil
-
What is NetBIOS and SMB Exploitation Techniques: A Practical Guide
In this article, I cover key exploitation techniques, real-world attack scenarios, and how to secure these services effectively.
https://denizhalil.com/2026/01/15/netbios-smb-exploitation-techniques-guide/
#CyberSecurity #SMB #NetBIOS #NetworkSecurity #ActiveDirectory #RedTeam #BlueTeam #Pentesting #InfoSec #WindowsSecurity #EthicalHacking #ITSecurity #DenizHalil
-
What is NetBIOS and SMB Exploitation Techniques: A Practical Guide
In this article, I cover key exploitation techniques, real-world attack scenarios, and how to secure these services effectively.
https://denizhalil.com/2026/01/15/netbios-smb-exploitation-techniques-guide/
#CyberSecurity #SMB #NetBIOS #NetworkSecurity #ActiveDirectory #RedTeam #BlueTeam #Pentesting #InfoSec #WindowsSecurity #EthicalHacking #ITSecurity #DenizHalil
-
What is NetBIOS and SMB Exploitation Techniques: A Practical Guide
In this article, I cover key exploitation techniques, real-world attack scenarios, and how to secure these services effectively.
https://denizhalil.com/2026/01/15/netbios-smb-exploitation-techniques-guide/
#CyberSecurity #SMB #NetBIOS #NetworkSecurity #ActiveDirectory #RedTeam #BlueTeam #Pentesting #InfoSec #WindowsSecurity #EthicalHacking #ITSecurity #DenizHalil
-
What is SNMP Security and Exploitation: A Comprehensive Guide
In this article, I cover how SNMP exploitation works, common vulnerabilities, and how to properly secure it.
https://denizhalil.com/2026/01/21/snmp-security-exploitation-guide#CyberSecurity #SNMP #NetworkSecurity #InfoSec #InfrastructureSecurity #BlueTeam #RedTeam #Pentesting #ITSecurity #SecurityEngineering #DenizHalil
-
SSH Tunneling and Port Forwarding Techniques: A Comprehensive Guide
In this article, I cover:
* How SSH tunneling works under the hood
* Local, remote, and dynamic port forwarding techniques
* Real-world use cases (databases, internal services, pivoting)
* Security risks and hardening recommendationshttps://denizhalil.com/2026/02/02/ssh-tunneling-port-forwarding-guide/
#CyberSecurity #sshtunneling #portforwarding #NetworkSecurity #Linux #RedTeam #BlueTeam #Pentesting #InfoSec #securityengineering #EthicalHacking #ITSecurity
-
Subdomain Takeover Vulnerabilities and Prevention
In this article, I cover:
* How subdomain takeover vulnerabilities occur
* Real-world exploitation scenarios
Reconnaissance and detection techniques
* Practical prevention and DNS hygiene strategieshttps://denizhalil.com/2026/02/16/subdomain-takeover-vulnerabilities-prevention/
#CyberSecurity #SubdomainTakeover #DNS #AttackSurface #BugBounty #RedTeam #BlueTeam #InfoSec #CloudSecurity #WebSecurity #EthicalHacking
-
Subdomain Takeover Vulnerabilities and Prevention
In this article, I cover:
* How subdomain takeover vulnerabilities occur
* Real-world exploitation scenarios
Reconnaissance and detection techniques
* Practical prevention and DNS hygiene strategieshttps://denizhalil.com/2026/02/16/subdomain-takeover-vulnerabilities-prevention/
#CyberSecurity #SubdomainTakeover #DNS #AttackSurface #BugBounty #RedTeam #BlueTeam #InfoSec #CloudSecurity #WebSecurity #EthicalHacking
-
Subdomain Takeover Vulnerabilities and Prevention
In this article, I cover:
* How subdomain takeover vulnerabilities occur
* Real-world exploitation scenarios
Reconnaissance and detection techniques
* Practical prevention and DNS hygiene strategieshttps://denizhalil.com/2026/02/16/subdomain-takeover-vulnerabilities-prevention/
#CyberSecurity #SubdomainTakeover #DNS #AttackSurface #BugBounty #RedTeam #BlueTeam #InfoSec #CloudSecurity #WebSecurity #EthicalHacking
-
What is DCSync Attack and Mimikatz Usage in Active Directory
One of the most critical attacks in Active Directory environments, DCSync, allows attackers to impersonate a Domain Controller and extract password hashes through replication abuse.
#CyberSecurity #ActiveDirectory #DCSync #RedTeam #BlueTeam #InfoSec #Pentesting #SOC #ThreatDetection #WindowsSecurity #EthicalHacking #ITSecurity #NetworkSecurity #SecurityOperations #DenizHalil
https://denizhalil.com/2026/03/27/dcsync-attack-active-directory-guide/
-
What is DCSync Attack and Mimikatz Usage in Active Directory
One of the most critical attacks in Active Directory environments, DCSync, allows attackers to impersonate a Domain Controller and extract password hashes through replication abuse.
#CyberSecurity #ActiveDirectory #DCSync #RedTeam #BlueTeam #InfoSec #Pentesting #SOC #ThreatDetection #WindowsSecurity #EthicalHacking #ITSecurity #NetworkSecurity #SecurityOperations #DenizHalil
https://denizhalil.com/2026/03/27/dcsync-attack-active-directory-guide/
-
Released v1.3.3. of #Yaralyzer, my surprisingly popular tool for visualizing YARA rule matches with colors (a lot of colors).
1. --export-png images lets you export images of the analysis
2. almost all command line options (including multi argument ones like --yara-rules-dir) can be permanently set via environment variables or .yaralyzer file
3. couple of small bug fixes and debugging related command line options
You can try it on the web here: https://yaratoolkit.securitybreak.io/
(I didn't build this website, Thomas Roccia from Microsoft just integrated Yaralyzer into his existing site)- Github: https://github.com/michelcrypt4d4mus/yaralyzer
- Pypi: https://pypi.org/project/yaralyzer/
- on macOS you can also get it with #Homebrew by installing Pdfalyzer: brew install pdfalyzer#ascii #asciiArt #blueteam #cybersecurity #detectionEngineering #DFIR #forensics #FOSS #GPL #hacking #infosec #KaliLinux #maldoc #malware #malwareAnalysis #malwareDetection #openSource #pypi #python #redteam #reverseEngineering #reversing #Threatassessment #threathunting #YARA #YARArule #YARArules
-
Released v1.3.3. of #Yaralyzer, my surprisingly popular tool for visualizing YARA rule matches with colors (a lot of colors).
1. --export-png images lets you export images of the analysis
2. almost all command line options (including multi argument ones like --yara-rules-dir) can be permanently set via environment variables or .yaralyzer file
3. couple of small bug fixes and debugging related command line options
You can try it on the web here: https://yaratoolkit.securitybreak.io/
(I didn't build this website, Thomas Roccia from Microsoft just integrated Yaralyzer into his existing site)- Github: https://github.com/michelcrypt4d4mus/yaralyzer
- Pypi: https://pypi.org/project/yaralyzer/
- on macOS you can also get it with #Homebrew by installing Pdfalyzer: brew install pdfalyzer#ascii #asciiArt #blueteam #cybersecurity #detectionEngineering #DFIR #forensics #FOSS #GPL #hacking #infosec #KaliLinux #maldoc #malware #malwareAnalysis #malwareDetection #openSource #pypi #python #redteam #reverseEngineering #reversing #Threatassessment #threathunting #YARA #YARArule #YARArules
-
Released v1.3.3. of #Yaralyzer, my surprisingly popular tool for visualizing YARA rule matches with colors (a lot of colors).
1. --export-png images lets you export images of the analysis
2. almost all command line options (including multi argument ones like --yara-rules-dir) can be permanently set via environment variables or .yaralyzer file
3. couple of small bug fixes and debugging related command line options
You can try it on the web here: https://yaratoolkit.securitybreak.io/
(I didn't build this website, Thomas Roccia from Microsoft just integrated Yaralyzer into his existing site)- Github: https://github.com/michelcrypt4d4mus/yaralyzer
- Pypi: https://pypi.org/project/yaralyzer/
- on macOS you can also get it with #Homebrew by installing Pdfalyzer: brew install pdfalyzer#ascii #asciiArt #blueteam #cybersecurity #detectionEngineering #DFIR #forensics #FOSS #GPL #hacking #infosec #KaliLinux #maldoc #malware #malwareAnalysis #malwareDetection #openSource #pypi #python #redteam #reverseEngineering #reversing #Threatassessment #threathunting #YARA #YARArule #YARArules
-
Released v1.3.3. of #Yaralyzer, my surprisingly popular tool for visualizing YARA rule matches with colors (a lot of colors).
1. --export-png images lets you export images of the analysis
2. almost all command line options (including multi argument ones like --yara-rules-dir) can be permanently set via environment variables or .yaralyzer file
3. couple of small bug fixes and debugging related command line options
You can try it on the web here: https://yaratoolkit.securitybreak.io/
(I didn't build this website, Thomas Roccia from Microsoft just integrated Yaralyzer into his existing site)- Github: https://github.com/michelcrypt4d4mus/yaralyzer
- Pypi: https://pypi.org/project/yaralyzer/
- on macOS you can also get it with #Homebrew by installing Pdfalyzer: brew install pdfalyzer#ascii #asciiArt #blueteam #cybersecurity #detectionEngineering #DFIR #forensics #FOSS #GPL #hacking #infosec #KaliLinux #maldoc #malware #malwareAnalysis #malwareDetection #openSource #pypi #python #redteam #reverseEngineering #reversing #Threatassessment #threathunting #YARA #YARArule #YARArules
-
Released v1.3.3. of #Yaralyzer, my surprisingly popular tool for visualizing YARA rule matches with colors (a lot of colors).
1. --export-png images lets you export images of the analysis
2. almost all command line options (including multi argument ones like --yara-rules-dir) can be permanently set via environment variables or .yaralyzer file
3. couple of small bug fixes and debugging related command line options
You can try it on the web here: https://yaratoolkit.securitybreak.io/
(I didn't build this website, Thomas Roccia from Microsoft just integrated Yaralyzer into his existing site)- Github: https://github.com/michelcrypt4d4mus/yaralyzer
- Pypi: https://pypi.org/project/yaralyzer/
- on macOS you can also get it with #Homebrew by installing Pdfalyzer: brew install pdfalyzer#ascii #asciiArt #blueteam #cybersecurity #detectionEngineering #DFIR #forensics #FOSS #GPL #hacking #infosec #KaliLinux #maldoc #malware #malwareAnalysis #malwareDetection #openSource #pypi #python #redteam #reverseEngineering #reversing #Threatassessment #threathunting #YARA #YARArule #YARArules
-
Frameworks para testar IA e benchmark de Cyber Segurança
Quer saber como testar uma IA e descobrir se ela é segura ou utilizável em Cyber Segurança? 🤖🛡️
- Dois focos principais:
• Testar a IA para encontrar vulnerabilidades no modelo (encontrar falhas, prompts que vazam ou comportamentos indesejados).
• Fazer um benchmark para avaliar se essa IA pode ser usada na área de Cyber Segurança — especialmente...#IA #CyberSegurança #RedTeam #Vulnerabilidades #Benchmark #Segurança #MorningCrypto
-
Frameworks para testar IA e benchmark de Cyber Segurança
Quer saber como testar uma IA e descobrir se ela é segura ou utilizável em Cyber Segurança? 🤖🛡️
- Dois focos principais:
• Testar a IA para encontrar vulnerabilidades no modelo (encontrar falhas, prompts que vazam ou comportamentos indesejados).
• Fazer um benchmark para avaliar se essa IA pode ser usada na área de Cyber Segurança — especialmente...#IA #CyberSegurança #RedTeam #Vulnerabilidades #Benchmark #Segurança #MorningCrypto
-
A friend of mine got red teamed at work once. She left her workstation unlocked during the lunch break, and when she came back there as a slideshow in full screen saying "Your computer was hacked, don't touch anything and call the phone number below". Has something like this ever happened to you?
-
Everyone's making final updates for the initial release of @owasp Amass v5!
Register and join our workshop at @defcon for additional details: https://lu.ma/hf83v61c
#security #infosec #redteam #recon #osint #attacksurface @defconowasp
-
Everyone's making final updates for the initial release of @owasp Amass v5!
Register and join our workshop at @defcon for additional details: https://lu.ma/hf83v61c
#security #infosec #redteam #recon #osint #attacksurface @defconowasp
-
Everyone's making final updates for the initial release of @owasp Amass v5!
Register and join our workshop at @defcon for additional details: https://lu.ma/hf83v61c
#security #infosec #redteam #recon #osint #attacksurface @defconowasp