𝗝𝘂𝘀𝘁 𝗹𝗮𝘂𝗻𝗰𝗵𝗲𝗱 𝗮𝘄𝗲𝘀𝗼𝗺𝗲-𝗱𝗳𝗶𝗿-𝘀𝗸𝗶𝗹𝗹𝘀 𝘄𝗶𝘁𝗵 @fr0gger_ ! Designed to save time during investigations and everyday DFIR tasks Thomas has built an excellent malware triage skill, and I’ve added a couple of timeline analysis skills to help you get started. Feel free to contribute and use these skills to save a ton of time, like we already do. github.com/tsale/awesome-dfi… Learn about skills: - developers.openai.com/codex/… - support.claude.com/en/articl…

DO NOT hire a pentesting firm until you've done this... This was a great conversation for 2 reasons: 1, we talk about why your organization might actually not be ready for a pentest and 2, we talk about stuff to do before a pentest so when you do have a pentest, you get more out of it. Appreciate all the regular, new and occasional listeners! 🙏 offsec.blog/episode-143-stop…

Let me tell you how much of a BIG DEAL this is!!!!!!! Black Hat is the top 5 and one of the most respected/prestigious cybersecurity conferences in the world!!!!!!!!!!!!!!!! Truly miracles happen, truly God answers prayers, and truly God is good. Thank you @sisinerd

We launched CyBlack SOC Academy last year, and we are proud to share that we have recorded 18 jobs so far. Application for the next cohort is now open.
As part of the selection process, CyBlack will host a Pre-Entry Pitch on August 9th, 2025, live on X. This is the first stage of getting into the Academy. If you know any aspiring SOC Analyst who will be interested in this life-changing opportunity, kindly share with them. twitter.com/i/spaces/1yNGaLZ…

If you missed the session this morning: youtube.com/watch?v=-XSzRexD…

Please help repost and like when you see this🙏

Cybersecurity is broad. Before you start thinking “ethical hacker” or “SOC analyst,” pause. The real first step? Understanding the domains, the core areas of cybersecurity that guide everything from career paths to certifications. Let’s break them down 🧵

Got my write-up published on a DevSecOps page...LFG! 💪🏽🔥

🚨Bad news for defenders, good news for red teamers: Linkable token identifiers in Entra ID are useful only in an AiTM scenario. Doesn't even cover Device Code Phishing. Blog soon. #ThreatHunting #DetectionEngineering #redteam

Scheduled Task Persistence via SharpPersist Cobalt Strike. Runs a Base64-encoded PowerShell payload Executes hourly via Task Scheduler (schtask) Delivered fully in-memory through Beacon Tool: SharpPersist Method: Scheduled Task Payload: Encoded PowerShell #redteam

Added a new tool to: powershellforhackers.com/too… ⚠️Please Use Responsibly⚠️ You can use this to instantly generate an obfuscated reverse shell in powershell that i have personally used to beat EVERY single EDR out there right now. I've added some pretty cool stuff to my website but this is one of my favorite additions. 🛑 Disclaimer: This tool is for educational and authorized security testing only. Misuse could be illegal. Don’t be dumb. Shoutout to the only ones that were actually able to stop it, using something called "ring fencing" @ThreatLocker This is not a sponsored post, just a fan of them #Edr_Is_Not_Enough

Everyone knows certutil.exe. But certreq.exe? Native to Windows Signed by Microsoft HTTP POST support Can exfil small files Originally for certs. It wasn’t designed for exfiltration… but it works especially for small files. lolbas-project.github.io/lol…

Decrypting Edge Browser Passwords Modern Edge/Chrome encrypt saved logins with AES-GCM. Step 1: Extract AES key from the Local State file Step 2: Use DPAPI to decrypt the key Step 3: Use that key to decrypt credentials from the SQLite blob Boom, plaintext passwords. 👊🏾

🔷 Want to learn real Windows forensics? Join our live walkthrough of a real-world compromise see what a structured forensic process actually looks like. 👉 Register free: bluecapesecurity.com/free-li… #DFIR #DigitalForensics #SOCAnalyst #BlueTeam

Okta chained with Azure with auto MFA subscription for Okta and frame-buster bypass to perform Bitb ! Evilginx is really nice to setup custom phishing campaign whatever the environment is... Phishlet available here : github.com/OtterHacker/OktaG…

Hi @hackSultan . My name is Samuel. A cybersecurity enthusiast specialized in Application Security Engineering and Penetration Testing across Web, API and Mobile applications. I recently built

Really need a role for real. If you've an opening or your organization is hiring, please just reach out. So tired of this rat race.

Become a contributor at XINTRA @XintraOrg 🔎 We're looking for RED and BLUE team contributors 🔴Red Team – Emulate real APT groups 🔵Blue Team – Investigate & respond to emulations What you get: - Challenging, realistic emulations - Hack & forensicate vendor devices - Creative control over your scenario - Small, supportive, and collaborative team - Full credit for your work & payment Your work will be featured in labs used by government and enterprise teams. Apply here docs.google.com/forms/d/e/1F…