home.social

#security-engineering — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #security-engineering, aggregated by home.social.

fetched live
  1. Been spending some time auditing an AI agent framework.

    Not the usual kind of security review — more like: what happens when you map trust boundaries across an architecture where the "user" and the "agent" both have tool access, code execution, and autonomy.

    Going through it systematically. Learning a lot about what makes agent security different — and what stays the same.

    #AI #AISecurity #CyberSecurity #AgentSecurity #AppSec #SecurityEngineering

  2. Been spending some time auditing an AI agent framework.

    Not the usual kind of security review — more like: what happens when you map trust boundaries across an architecture where the "user" and the "agent" both have tool access, code execution, and autonomy.

    Going through it systematically. Learning a lot about what makes agent security different — and what stays the same.

    #AI #AISecurity #CyberSecurity #AgentSecurity #AppSec #SecurityEngineering

  3. Linux Privilege Escalation Cheat Sheet: Techniques and Prevention.

    In this cheat sheet, I break down essential enumeration commands, common escalation paths, and practical techniques every security professional should know.
    denizhalil.com/2025/06/30/linu

    #CyberSecurity #LinuxSecurity #PrivilegeEscalation #Pentesting #RedTeam #BlueTeam #InfoSec #ethicalhacking #SecurityEngineering #itsecurity

  4. Linux Privilege Escalation Cheat Sheet: Techniques and Prevention.

    In this cheat sheet, I break down essential enumeration commands, common escalation paths, and practical techniques every security professional should know.
    denizhalil.com/2025/06/30/linu

    #CyberSecurity #LinuxSecurity #PrivilegeEscalation #Pentesting #RedTeam #BlueTeam #InfoSec #ethicalhacking #SecurityEngineering #itsecurity

  5. UDP Network Monitoring with C++: A Comprehensive Guide

    In this guide, I demonstrate how to build a UDP packet sniffer in C++ using raw sockets, parse packet headers, and extract key data like source/destination IPs and ports.
    denizhalil.com/2025/07/14/udp-

    #CyberSecurity #NetworkMonitoring #PacketSniffer #UDP #Cpp #NetworkSecurity #InfoSec #BlueTeam #RedTeam #InfoSec #securityengineering #denizhalil

  6. UDP Network Monitoring with C++: A Comprehensive Guide

    In this guide, I demonstrate how to build a UDP packet sniffer in C++ using raw sockets, parse packet headers, and extract key data like source/destination IPs and ports.
    denizhalil.com/2025/07/14/udp-

    #CyberSecurity #NetworkMonitoring #PacketSniffer #UDP #Cpp #NetworkSecurity #InfoSec #BlueTeam #RedTeam #InfoSec #securityengineering #denizhalil

  7. Python C2 Server for Red Teaming: A Comprehensive Hands-On Guide

    In this guide, I walk through building a Python-based C2 server, covering its architecture, encrypted communication, and real-world operational workflow.
    denizhalil.com/2025/12/15/pyth

    #CyberSecurity #RedTeam #C2 #commandandcontrol #Python #offensivesecurity #Pentesting #infosec #threatdetection #blueteam #securityengineering #ethicalhacking

  8. Python C2 Server for Red Teaming: A Comprehensive Hands-On Guide

    In this guide, I walk through building a Python-based C2 server, covering its architecture, encrypted communication, and real-world operational workflow.
    denizhalil.com/2025/12/15/pyth

    #CyberSecurity #RedTeam #C2 #commandandcontrol #Python #offensivesecurity #Pentesting #infosec #threatdetection #blueteam #securityengineering #ethicalhacking

  9. SSH Tunneling and Port Forwarding Techniques: A Comprehensive Guide

    In this article, I cover:
    * How SSH tunneling works under the hood
    * Local, remote, and dynamic port forwarding techniques
    * Real-world use cases (databases, internal services, pivoting)
    * Security risks and hardening recommendations

    denizhalil.com/2026/02/02/ssh-

    #CyberSecurity #sshtunneling #portforwarding #NetworkSecurity #Linux #RedTeam #BlueTeam #Pentesting #InfoSec #securityengineering #EthicalHacking #ITSecurity

  10. SSH Tunneling and Port Forwarding Techniques: A Comprehensive Guide

    In this article, I cover:
    * How SSH tunneling works under the hood
    * Local, remote, and dynamic port forwarding techniques
    * Real-world use cases (databases, internal services, pivoting)
    * Security risks and hardening recommendations

    denizhalil.com/2026/02/02/ssh-

    #CyberSecurity #sshtunneling #portforwarding #NetworkSecurity #Linux #RedTeam #BlueTeam #Pentesting #InfoSec #securityengineering #EthicalHacking #ITSecurity

  11. Most AWS IAM knowledge isn’t learned in tutorials — it’s learned at 3AM during outages.

    From AccessDenied errors to SCP traps and policy misconfigurations, this deep dive reveals real-world IAM troubleshooting strategies used by experienced engineers.

    Read now: shorturl.at/6PmBR

    #AWS #IAM #CloudSecurity #DevOps #SRE #CloudEngineering #AWSTips #SecurityEngineering #tech

  12. Most AWS IAM knowledge isn’t learned in tutorials — it’s learned at 3AM during outages.

    From AccessDenied errors to SCP traps and policy misconfigurations, this deep dive reveals real-world IAM troubleshooting strategies used by experienced engineers.

    Read now: shorturl.at/6PmBR

    #AWS #IAM #CloudSecurity #DevOps #SRE #CloudEngineering #AWSTips #SecurityEngineering #tech

  13. Incident overview: LexisNexis Legal & Professional division.

    Confirmed unauthorized access to limited servers containing mostly legacy data (pre-2020). Data reportedly included:
    • Customer identifiers
    • Business contact information
    • Support tickets, survey IP addresses
    • Account records for agencies and firms

    Company position:
    – Contained incident
    – No SSNs or financial data involved
    – No product/service compromise observed
    – Forensic firm engaged, law enforcement notified

    Legacy data remains a recurring exposure vector:
    Weak segmentation
    Reduced monitoring priority
    Accumulated credential reuse
    Extended retention without operational necessity
    Are your deprecated systems treated as high-risk assets or low-priority archives?

    Source: therecord.media/lexisnexis-say

    Engage below.
    Follow TechNadu for infosec, breach intelligence, and enterprise risk analysis.
    Repost to inform your network.

    #Infosec #DataBreach #LexisNexis #LegacyInfrastructure #CyberIncident #SecurityEngineering #RiskManagement #ThreatModeling #DataProtection #CyberResilience #SecurityNews

  14. Third-party ecosystems are structurally exposed.
    Black Kite’s 2026 report reframes supply chain cyber risk from “weakest link” theory to concentration dynamics.

    Key systemic indicators:
    • 5.28 downstream victims per breach (2025 average)
    • 10-day median detection vs. 73-day median disclosure
    • 53%+ organizations with at least one critical vulnerability
    • 23%+ with corporate credentials exposed

    Top 50 shared vendors:
    – 70% KEV exposure
    – 84% CVSS ≥ 8
    – 62% stealer-log credential presence
    – 52% breach history

    Shared infrastructure nodes are now strategic attack surfaces.
    Security teams must shift toward:
    Dependency mapping
    Concentration analytics
    Active intelligence monitoring
    Exposure propagation modeling
    Is your organization modeling systemic fragility — or auditing in isolation?

    Source: blackkite.com/press-releases/b

    Engage below.
    Follow TechNadu for advanced infosec, vendor risk, and threat intelligence coverage.

    #Infosec #ThirdPartyRisk #VendorSecurity #ThreatIntelligence #CISAKEV #CyberExposure #Ransomware #SupplyChainSecurity #SecurityEngineering #CyberResilience #RiskAnalytics

  15. DDoS targeting sovereign digital infrastructure.
    Roskomnadzor and the Russian Defense Ministry reported a large, multi-vector distributed denial-of-service campaign impacting regulator and telecom monitoring systems.

    Technical considerations:
    • Multi-source botnet traffic
    • Cross-border server origination
    • Targeted state-level digital infrastructure
    • Temporary availability disruption
    No attribution confirmed. No public claim of responsibility.

    For security architects:
    - Are traditional volumetric defenses sufficient against complex multi-vector campaigns?
    - How should national agencies design redundancy against sustained L3/L7 hybrid floods?
    - What role does geopolitical signaling play in non-destructive cyber operations?

    Engage below.
    Follow TechNadu for threat intelligence, DDoS analysis, and cyber operations reporting.
    Repost to elevate discussion in the security community.

    #Infosec #DDoSDefense #ThreatIntel #NetworkSecurity #CyberOperations #GeopoliticalRisk #DigitalInfrastructure #SecurityEngineering #CyberResilience #BotnetActivity #GlobalThreats

  16. Incident Summary:
    Victim: Wynn Resorts
    Threat Actor: ShinyHunters
    Impact: Employee data accessed
    Claim: 800k+ PII records
    Alleged vector: Oracle PeopleSoft environment

    Operational notes:
    • Incident response + external experts engaged
    • Leak site entry removed
    • Credit monitoring deployed

    ShinyHunters TTPs historically include:
    – Vishing against SSO
    – OAuth token abuse
    – Device code phishing targeting Entra / identity ecosystems
    – SaaS data exfiltration
    Identity is the pivot point.

    Source: bleepingcomputer.com/news/secu

    Follow us for tactical threat briefings.
    Share detection or IAM hardening insights below.
    #Infosec #ThreatIntel #IdentitySecurity #SSO #MFA #ShinyHunters #CyberExtortion #DataProtection #IAM #SOC #BlueTeam #SecurityEngineering

  17. Security Advisory Summary:
    SolarWinds Serv-U 15.5.4 patches four critical vulnerabilities:
    • CVE-2025-40538 – Broken access control → system admin creation + root RCE
    • Two type confusion flaws → root code execution
    • One IDOR vulnerability → elevated execution

    Attack prerequisites:
    High-privileged access required. Exploitation likely via credential compromise or chained privilege escalation.

    Exposure landscape:
    12K+ internet-facing instances observed (Shodan)
    File transfer platforms remain ransomware-favored entry vectors

    Historical context:
    Prior Serv-U CVEs exploited by ransomware groups and state-aligned actors.

    Immediate actions:
    - Patch to 15.5.4
    - Audit privileged accounts
    - Review FTP/SFTP exposure
    - Monitor for anomalous admin creation

    Source: bleepingcomputer.com/news/secu

    Follow us for tactical advisories and vulnerability intelligence.

    Comment with your detection or hardening recommendations.

    #Infosec #SolarWinds #ThreatIntel #CVE2025 #RCE #PrivilegeEscalation #BlueTeam #SecurityEngineering #AttackSurface #ZeroTrust

  18. The sentencing of Oleksandr Didenko highlights the operational mechanics of North Korea’s IT worker revenue scheme.

    TTPs included:
    • Identity theft & resale infrastructure
    • U.S.-based laptop farms
    • Remote access tooling
    • Money transmitter accounts
    • Tax filings under stolen identities
    The Federal Bureau of Investigation linked the activity to broader nation-state revenue generation.
    The United Nations estimates up to $600M annually generated via embedded IT workers.
    Technical mitigation questions:
    - Device attestation + hardware-bound identity?
    - Continuous behavioral authentication?
    - Payroll anomaly detection?
    - Zero-trust for remote contractors?

    Drop your technical countermeasures below.

    Source: therecord.media/north-korea-la

    Follow Technadu for advanced cyber threat reporting.

    #ThreatModeling #InsiderThreat #NorthKorea #IdentityManagement #ZeroTrust #RemoteAccessSecurity #CyberCounterintelligence #FraudDetection #Infosec #SecurityEngineering #RiskManagement #CyberIntelligence

  19. 🦎 What if your network could heal like a living organism?
    Traditional DR is reactive. Autonomous Continuity is the next leap. In Episode 2, we discuss Target Morphology (Policy-as-Code) and the TOTE loop (Test, Operate, Exit) to shrink RTOs from hours to minutes.
    It’s time to move from "firefighting" to "resilience engineering." Build systems that want to be secure.
    🎧 Listen: open.spotify.com/episode/7bBRp
    #CyberSecurity #AgenticAI #Resilience #DevSecOps #InfoSec #SecurityEngineering

  20. What if your network wanted to be secure? 🧵 In Episode 1 of "The Morphogenetic SOC," we’re using Michael Levin’s TAME framework to redefine cyber defense. How do you control a system? Level 1: Rewire hardware. Level 2: Modify setpoints. Level 3: Reward behavior. Level 4: Persuade with reasons. Which level is your WAF? #CyberSecurity #AI #zeroknowledge #multiplepartycompute #TAME #evolutionaryalgorithms #agentic #SOC #securityengineering open.spotify.com/episode/4Pamg

  21. This multi-stage Windows attack chain highlights how modern campaigns increasingly avoid exploits in favor of social engineering, cloud-hosted payloads, OS trust assumptions, and layered persistence.

    The abuse of Defender configuration, Security Center trust models, and legitimate services underscores the importance of behavioral monitoring over signature-based detection.

    Early-stage visibility appears critical - once recovery and security controls are disabled, response options narrow quickly.

    Source: fortinet.com/blog/threat-resea

    Thoughts welcome. Follow @technadu for neutral, practitioner-focused cybersecurity reporting.

    #ThreatHunting #EDR #WindowsDefense #MalwareResearch #CyberOperations #SecurityEngineering

  22. Beyond the surface of a steel door lies a world of precision engineering. From internal reinforcements to blast-resistant cores. Ever wondered what makes a security door virtually impenetrable?

    We’re peeling back the steel layers to show you.

    vocal.media/stories/the-hidden
    #SecurityEngineering #SteelDoors #PhysicalSecurity #Architecture #BuildingDefense

  23. Beyond the surface of a steel door lies a world of precision engineering. From internal reinforcements to blast-resistant cores. Ever wondered what makes a security door virtually impenetrable?

    We’re peeling back the steel layers to show you.

    vocal.media/stories/the-hidden
    #SecurityEngineering #SteelDoors #PhysicalSecurity #Architecture #BuildingDefense

  24. Analysis of VolkLocker ransomware reveals a critical implementation flaw where encryption master keys are hard-coded and stored locally in plaintext, enabling free decryption.

    Despite employing AES-256-GCM and exhibiting common ransomware behaviors, the design oversight significantly undermines its extortion model. The case illustrates how technical maturity varies widely across ransomware-as-a-service ecosystems.

    What defensive lessons should teams take from flawed ransomware implementations like this?

    Source: thehackernews.com/2025/12/volk

    Engage in the discussion and follow TechNadu for objective infosec coverage.

    #InfoSec #Ransomware #MalwareAnalysis #ThreatResearch #CyberDefense #SecurityEngineering #TechNadu

  25. A newly uncovered issue in Microsoft Teams allows attackers to bypass Defender for Office 365 protections by inviting users into attacker-controlled guest tenants.

    Because security policies apply from the host tenant, malicious links and files can slip through unscanned - especially when attackers use minimal or trial tenants lacking security tools.
    Are default-enabled guest features creating unnecessary risk?

    Source: cybersecuritynews.com/microsof

    Share your thoughts and follow us for more analysis.

    #infosec #MicrosoftTeams #cloudsecurity #phishing #malware #ZeroTrust #securityengineering

  26. OpenAI confirmed that limited API-user data was exposed through a breach at its previous analytics provider, Mixpanel. The dataset included names, emails, coarse location, user/organization IDs, and technical metadata — but no chats, passwords, API keys, or payment data.

    Researchers noted that sending identifiable data to analytics tools isn’t aligned with typical security best practices.

    What’s your view on data minimization in analytics pipelines?

    Source: cybernews.com/security/openai-

    Share your thoughts - and follow us for more updates.

    #InfoSec #CyberSecurity #DataPrivacy #OpenAI #Mixpanel #APISecurity #DataBreach #VendorSecurity #ThreatIntel #SecurityEngineering #TechNews

  27. OpenAI confirmed that limited API-user data was exposed through a breach at its previous analytics provider, Mixpanel. The dataset included names, emails, coarse location, user/organization IDs, and technical metadata — but no chats, passwords, API keys, or payment data.

    Researchers noted that sending identifiable data to analytics tools isn’t aligned with typical security best practices.

    What’s your view on data minimization in analytics pipelines?

    Source: cybernews.com/security/openai-

    Share your thoughts - and follow us for more updates.

    #InfoSec #CyberSecurity #DataPrivacy #OpenAI #Mixpanel #APISecurity #DataBreach #VendorSecurity #ThreatIntel #SecurityEngineering #TechNews

  28. New blog post live for my Sentinel Saturday series! :1000: :apartyblobcat:
    Read the blog 👉 marshsecurity.org/sentinel-sat

    In this post, I explore the power of using Microsoft Sentinel Tasks as part of your automation workflows.

    Most teams aren’t getting the full #value out of Tasks in Microsoft Sentinel. Are you? When you combine Sentinel Tasks with automation, they become a game-changer.

    - Auto-create tasks when automation fails (so nothing slips through the cracks)
    - Auto-complete tasks when automation succeeds
    - Use tasks to verify automation outcomes
    - Build engineering feedback loops and automation #QA

    Read the blog 👉 marshsecurity.org/sentinel-sat

    #MicrosoftSentinel #SentinelAutomation #CyberSecurity #SOCAutomation
    #CloudSecurity #AzureSecurity #SIEM #SecOps #Automation #InfoSec
    #CyberSecurityCommunity #BlueTeam #ThreatDetection #SecurityEngineering #SecurityOperations

  29. A Canon Hall of Fame classic by Dr. Ross Anderson continues to prove its significance in modern security practices.

    Our most recent #Newsletter covers an Infosecurity Magazine article that aligns with many points from two recent canon-reviewed books, as well as an old favorite, 𝘚𝘦𝘤𝘶𝘳𝘪𝘵𝘺 𝘌𝘯𝘨𝘪𝘯𝘦𝘦𝘳𝘪𝘯𝘨.

    While Ron Woerner’s Canon review was of the 2008 2nd edition, Dr. Anderson has since released a 3rd edition just a few years ago.

    📰 cybercanon.substack.com/p/nove

    🛍️ If interested in purchasing the latest edition and supporting the Canon, please consider using this affiliate link: amzn.to/47NiFa4

    #CybersecurityBooks #SecurityEngineering

  30. A Canon Hall of Fame classic by Dr. Ross Anderson continues to prove its significance in modern security practices.

    Our most recent #Newsletter covers an Infosecurity Magazine article that aligns with many points from two recent canon-reviewed books, as well as an old favorite, 𝘚𝘦𝘤𝘶𝘳𝘪𝘵𝘺 𝘌𝘯𝘨𝘪𝘯𝘦𝘦𝘳𝘪𝘯𝘨.

    While Ron Woerner’s Canon review was of the 2008 2nd edition, Dr. Anderson has since released a 3rd edition just a few years ago.

    📰 cybercanon.substack.com/p/nove

    🛍️ If interested in purchasing the latest edition and supporting the Canon, please consider using this affiliate link: amzn.to/47NiFa4

    #CybersecurityBooks #SecurityEngineering

  31. Hello #InfoSec community!

    I'm James (JMo), a Institute of Data x Michigan Tech Cybersecurity Bootcamp grad who built an open-source security scanner as part of my capstone project.

    **JMo Security** orchestrates 11 tools (Trivy, Semgrep, TruffleHog, ZAP, Falco) with:
    ✅ Multi-target scanning (repos, containers, IaC, web apps, GitLab, K8s)
    ✅ Auto-compliance mapping (OWASP, CWE, NIST, PCI DSS, CIS, ATT&CK)
    ✅ Unified reporting (dashboard, SARIF, JSON)

    **Quick start:**
    pip install jmo-security jmotools wizard

    📖 Docs: docs.jmotools.com
    🐙 GitHub: github.com/jimmy058910/jmo-sec

    **Actively seeking #DevSecOps / #AppSec roles!** DMs open for opportunities or technical feedback.

    What security tools are you using in your workflows?

    #CyberSecurity #OpenSource #Python #SecurityEngineering #JobSearch

  32. Prompt injections are still a problem – August 2025 edition

    Independent AI researcher Johann Rehberger (previously) has had an absurdly busy August. Under the heading The Month of AI Bugs he has been publishing one report per day across an array of different tools, all of which are vulnerable to various classic prompt injection problems. This is a fantastic and horrifying demonstration of how widespread and dangerous these vulnerabilities still are, almost three years after we first started talking about them.

    Johann’s published research in August so far covers ChatGPT, Codex, Anthropic MCPs, Cursor, Amp, Devin, OpenHands, Claude Code, GitHub Copilot and Google Jules. There’s still half the month left!

    The Summer of Johann: prompt injections as far as the eye can see

    Previously:

    https://gurupanguji.com/2025/06/15/prompt-injection-continues-to-be-a-major-vector-of-attack-for-llms/?utm_source=rss&utm_medium=rss&utm_campaign=prompt-injection-continues-to-be-a-major-vector-of-attack-for-llms

    https://gurupanguji.com/2025/04/23/notes-on-llms/

    https://gurupanguji.com/2025/08/06/trust-in-the-world-of-ai/

    #ai #engineering #llms #model #promptInjection #security #securityEngineering #software

  33. 🔐SSH and shell-free
    🧱Immutable by default
    🔁Trusted Boot out of the box

    Because we believe security starts at the foundation. Here's what makes Talos Linux different.

    🔗 siderolabs.com/blog/mastering-

    #Kubernetes #TalosLinux #DevSecOps #CloudNative #SecurityEngineering

  34. This hands-on guide shows how to build secure, scalable data pipelines using open source tools like Filebeat, Logstash, Kafka, and Ansible.

    Learn to collect, transform, enrich, and centralize security telemetry from Windows, Linux, and network sources. A practical resource for anyone supporting detection, forensics, or incident response.

    nostarch.com/data-engineering-

    #securityengineering #blueTeam #loganalysis #opensource

  35. 📣 We’re expanding.

    To reach more of the #Fediverse and engage with #AI, #Privacy, and #Security voices outside the infosec world, you can now also find us at:
    👉 @confsec

    Same mission. Same stance:
    🔐 Provable privacy
    🚫 No visibility, no retention
    ✅ Built for compliance, AI, and trust

    #CyberSecurity #AIPrivacy #PrivateAI #LLM #SecurityEngineering #DataPrivacy

  36. Automation made us fast.
    AI agents might make us fearless—or reckless.
    In this deep-dive opinion piece, we explore how DevSecOps evolves when autonomous AI joins the team.
    What gets better? What gets worse? Let’s talk.

    #DevSecOps #AI #Automation #SecurityEngineering #TechLeadership #AIInSecurity

    webdad.eu/2025/06/18/devsecops

  37. From scanning ports to structuring security programs that meet real-world demands, this book helps practitioners level up from technical know-how to strategic capability.

    It bridges foundational knowledge with practical security leadership. Designed for those who build, defend, and explain security every day

    nostarch.com/foundationsinfosec

    #infosec #cybersecurity #securityengineering #nmap #SOC2 #compliance #devops #securityculture

  38. Day 1 of posting to social media until I get an offensive security research job

    First, I’m going to start with what I know – Windows. I need to recreate what I had access to at Microsoft, so that starts by setting up a dev environment and finding a copy of Windows System Internals, perhaps the greatest resource for learning Windows out there. My expertise is in Windows and virtualization, so I’m going to make sure I master those areas.

    Next, I don’t think I want to grind coding exercises, but I do need to shake the rust off my coding skills. I think I’m going to start with some HackTheBox challenges and find some CTFs to participate in.

    Finally, my long overdue goal: learn Rust. I’m not sure if this will help immediately, as I could choose to improve my knowledge of Python. But Rust was getting more and more popular in the areas of Windows I was tasked with protecting, so I need to learn what all the fuss is about with regards to memory safety.

    If anyone is on a similar journey, let’s hold each other accountable in the comments! I will be sure to document any write-ups at blog.maxrenke.com (work in progress).

    #OffensiveSecurity #CyberSecurity #WindowsInternals #HackTheBox #CTF #EthicalHacking #RedTeam #BlueTeam #RustLang #PythonProgramming #DevEnvironment #InfoSec #CyberCareer #SecurityResearch #MemorySafety #CyberCommunity #JobSearch #TechJourney #SecurityEngineering #Pentesting #LearningEveryDay