New Open-Source Tool Spotlight

GOAD (Game of Active Directory) by Orange-Cyberdefense is a lab for pentesting Active Directory environments. With multiple configurations like GOAD-Mini and SCCM labs, it helps security professionals practice AD attack techniques. Caution: Designed for isolated lab use only. #ActiveDirectory #Cybersecurity

Project link on #GitHub https://github.com/Orange-Cyberdefense/GOAD

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

Why did nearly 24,000 IP addresses suddenly start probing Palo Alto GlobalProtect gateways?

Between March 17 and March 26, 2025, cybersecurity analysts observed a significant increase in login scanning activity targeting Palo Alto Networks PAN-OS GlobalProtect portals. At its peak, almost 24,000 unique IPs were involved, with daily traffic holding steady at around 20,000 before tapering off. Only a small subset—154 IPs—has been flagged as actively malicious, but the scale of the scanning suggests a broader reconnaissance effort.

GreyNoise, which tracks this kind of behavior, notes that such scanning often precedes attempts to exploit known or newly disclosed vulnerabilities. In fact, similar spikes in the past have aligned with new zero-days being revealed within weeks afterward. This pattern may indicate attackers are preparing for more targeted campaigns by first identifying unpatched or outdated systems that are exposed on the internet.

The geographic distribution offers further clues. Most of the scanning originated from North America and parts of Europe, while the targets were primarily in the U.S., U.K., Ireland, Russia, and Singapore. The focus appears to be on internet-facing instances, especially those that haven't been properly hardened or maintained.

Administrators running GlobalProtect should verify that their systems are up to date and consider implementing stricter access controls, such as multi-factor authentication and IP allowlists. Given the timing and scope, ignoring this kind of reconnaissance activity increases the risk of being caught in future exploitation campaigns.

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

New Open-Source Tool Spotlight

Mapping your threat-hunting workflows to the MITRE ATT&CK framework? Check out olafhartong's ThreatHunting Splunk app. With 130+ reports and dashboards, it simplifies hunting while integrating Sysmon data for deep insights. Requires tuning for best results. #ThreatHunting #MITREATTACK

Project link on #GitHub https://github.com/olafhartong/ThreatHunting

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

How do you trick someone into installing malware without triggering alarms?

North Korea’s Lazarus group is doing it using a method called ClickFix, blending social engineering with targeted job scams to infect victims — and steal cryptocurrency. According to security firm Sekoia, this latest campaign, dubbed *ClickFake Interview*, impersonates legitimate crypto firms like Coinbase, Kraken, or Robinhood. Victims are contacted via social media and invited to fake job interviews hosted on cloned websites.

The process looks legitimate: candidates fill out forms, answer questions, and are asked to record an introduction video. But when they try to enable their webcam, a fake error kicks off the attack. The page tells them to fix the issue by downloading a driver or copying and running command-line code — that's the ClickFix technique. It exploits the victim’s unfamiliarity with system-level actions, especially among non-technical professionals in centralized finance (CeFi).

Based on the victim's operating system (identified via their browser’s User-Agent), the attackers deploy different payloads. On macOS, a bash script downloads "FrostyFerret," a password stealer, followed by "GolangGhost," a backdoor. On Windows, a VBScript fetches GolangGhost via NodeJS. This implant gives Lazarus remote control over the target’s machine, allowing data exfiltration, including sensitive browser information.

While earlier Lazarus campaigns had targeted developers, this one specifically aims at individuals with weaker technical defenses. Meanwhile, other threat actors are also adopting ClickFix — for example, distributing Qakbot through LinkedIn-based scams.

Sekoia has released detection rules and indicators of compromise (IOCs) to help defenders identify and counter the campaign. The broader concern is this: ClickFix sidesteps traditional safeguards not with technical brute force, but by using trust as the primary weapon.

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

New Open-Source Tool Spotlight

Scopify is a Python-based recon tool for pentesters, leveraging `netify.ai` to analyze CDNs, hosting, and SaaS infra of target companies. Optional OpenAI integration adds AI-guided insights for deeper testing. Built by @Jhaddix & Arcanum-Sec. #CyberSecurity #BugBounty

Project link on #GitHub https://github.com/Arcanum-Sec/Scopify

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

How many unauthenticated file transfer servers are still exposed online in 2025?

A critical flaw in CrushFTP, tracked as CVE-2025-2825, is being actively exploited in the wild. The vulnerability affects versions 10.0.0 through 10.8.3 and version 11.0.0, and it allows remote attackers to bypass authentication entirely using specially crafted HTTP or HTTPS requests. Public proof-of-concept code is already circulating, lowering the barrier for exploitation.

Shadowserver, a nonprofit security watchdog, reported that over 1,500 vulnerable instances remain online as of March 30, 2025. Just two days earlier, around 1,800 instances were detected, with more than half located in the U.S. These numbers suggest that many organizations haven't taken mitigation steps despite clear warnings.

The CrushFTP team has urged users to either patch immediately or, if an update isn't feasible, isolate installations using a DMZ configuration. This can reduce the attack surface but is not a long-term fix.

This type of vulnerability is particularly concerning because unauthenticated access to managed file transfer software often leads to sensitive data exposure or ransomware deployment. Groups like Cl0p have historically targeted platforms like MOVEit, Accellion FTA, and GoAnywhere MFT using similar flaws. In January, Cl0p claimed responsibility for exploiting Cleo file transfer software to breach dozens of companies.

CrushFTP's CVE-2025-2825 carries a CVSS score of 9.8. That reflects the ease of exploitation and the potential impact of compromise. For systems handling regulated or confidential data, the urgency is not optional—patching is essential.

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

New Open-Source Tool Spotlight

Mandiant's `capa` analyzes executable files to pinpoint their capabilities. From detecting HTTP communications to identifying persistence mechanisms, it helps analysts assess malware functionality quickly. Supports PE, ELF, .NET, shellcode, and sandbox reports. #malwareanalysis #cybersecurity

Project link on #GitHub https://github.com/fireeye/capa

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

How can a simple SQL command open the door to full system takeover and cryptocurrency mining?

A recent cloud attack campaign is exploiting misconfigured PostgreSQL servers, using legitimate database functionality to run malicious code on compromised systems. The operation, tracked by Wiz under the name JINX-0126, has targeted more than 1,500 exposed PostgreSQL instances so far. It builds on an earlier wave of attacks identified in mid-2024, but now includes more advanced evasion techniques.

At the core is the misuse of PostgreSQL's `COPY ... FROM PROGRAM` command. This command, intended for importing data, is leveraged to execute arbitrary shell commands directly on the host. Once inside, the attacker runs a Base64-decoded shell script that removes rival miners and installs a binary called PG_CORE.

A critical piece of this attack is an obfuscated Golang binary named *postmaster*. It mimics PostgreSQL’s real process, helping it blend in. It also sets up persistence through cron jobs, creates new privileged roles, and writes a binary named *cpu_hu* to disk.

That binary fetches and launches the XMRig cryptocurrency miner—without leaving files behind. This uses Linux's `memfd_create`, a technique that loads executables directly into memory to bypass detection tools that scan disk activity.

Each infected system is assigned a unique worker identity and connected to one of three Monero wallets controlled by the attacker. With about 550 active miners tied to each wallet, the impact spans at least 1,500 machines.

The broader issue is clear: many PostgreSQL services remain poorly secured with weak or default credentials. Combined with powerful features like programmatic file imports, they become easy targets for attackers looking to monetize unauthorized access without raising alarms.

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

New Open-Source Tool Spotlight

"Threat-Informed Defense" isn't just a buzzword. The Center for Threat-Informed Defense bridges MITRE ATT&CK with actionable tools like Adversary Emulation Plans and the Attack Workbench, empowering defenders to stay ahead of real-world TTPs. #CyberDefense #MITREATTACK

Want to map security controls to adversary behavior? Check out Mappings Explorer by the Center for Threat-Informed Defense. It aligns your defense strategy directly with the MITRE ATT&CK framework. Precision matters. #ThreatIntelligence #Cybersecurity

Attack Flow helps you visualize how attackers chain techniques into full-scale operations. An indispensable tool for understanding and mitigating attack sequences. Powered by the Center for Threat-Informed Defense. #SOCtools #ThreatModeling

TRAM leverages automation to map CTI reports directly to MITRE ATT&CK tactics and techniques. Less manual work, more actionable insights. Open-source ingenuity at its best. #CyberThreats #MITREATTACK

Building effective cyber analytics requires depth; "Summiting the Pyramid" delivers frameworks to challenge adversary evasion strategies. A research-backed way to harden defenses. #CyberAnalytics #ThreatHunting

Project link on #GitHub https://github.com/center-for-threat-informed-defense

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

What does it take to shut down flight operations in a modern airport?

At Kuala Lumpur International Airport, a $10 million ransomware attack on March 23 did just that—crippling key systems like check-in counters and digital flight boards for hours. While Malaysia Airports Holdings Berhad insisted that flight operations continued, travelers reported significant disruptions. Prime Minister Anwar Ibrahim later confirmed the severity of the attack and said the government refused to pay the ransom.

The breach is part of a broader pattern: critical infrastructure worldwide is increasingly being targeted. Airports, regulated by slow-moving bureaucracies, often lag in cybersecurity readiness. According to Sophos, two-thirds of operators in sectors like energy and transportation faced ransomware incidents last year. Nearly half of these were due to exploited vulnerabilities, and data encryption occurred in 80% of such incidents.

In KLIA’s case, the attack had enough reach to force manual workarounds—photos showed whiteboards replacing digital flight displays. The broader implication is clear: even partial system compromise can interrupt essential logistics and passenger services.

Malaysia is not alone. In 2023, Indonesia’s government saw more than 160 agencies hit by ransomware, and similar malware campaigns extended across Southeast Asia. The KLIA incident highlights how ransomware is no longer about just locking files—it’s about seizing operational control.

Cybersecurity experts argue that focusing only on the final “ransomware” payload misses early signs like lateral movement inside networks or initial access via unpatched systems. Recovery speed and preemptive detection will be central to future resilience. For now, the KLIA breach has exposed just how unprepared many infrastructure providers remain.

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

New Open-Source Tool Spotlight

The ThreatHunter-Playbook on GitHub is a robust resource for threat detection. It integrates MITRE ATT&CK with Jupyter notebooks to share detection techniques and enable testing on pre-recorded datasets. Perfect for security researchers streamlining hunting workflows. #ThreatHunting #CyberSecurity

Project link on #GitHub https://github.com/OTRF/ThreatHunter-Playbook

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

New Open-Source Tool Spotlight

Google's GRR (GRR Rapid Response) is an open-source framework for remote live forensics and incident response. It allows security teams to investigate systems at scale without interrupting operations. Used for data collection, analysis, and hunting. #CyberSecurity #DFIR

Project link on #GitHub https://github.com/google/grr

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

New Open-Source Tool Spotlight

SecLists is a powerful resource for security testing. It consolidates usernames, passwords, payloads, sensitive patterns, and more into one repository. Essential for pen testers and bug hunters. #CyberSecurity #PenTesting

Project link on #GitHub https://github.com/danielmiessler/SecLists

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

New Open-Source Tool Spotlight

Active Directory Certificate Services (AD CS) can be a goldmine if misconfigured. Tools like Certipy simplify enumeration and abuse, leveraging techniques like Shadow Credentials, Golden Certificates, and domain escalation paths (ESC1-ESC11). #CyberSecurity #RedTeam

Certipy's `shadow` command exemplifies ADCS weaknesses. By manipulating `msDS-KeyCredentialLink`, you can take over accounts via PKINIT. It's seamless but devastating for privilege escalation. #Pentesting #ActiveDirectory

Golden Certificates mimic Golden Tickets but target ADCS. Using a compromised CA private key, an attacker can forge certs for domain controllers or users. Certipy automates this process—caution with CA backups. #InfoSec #PKI

Project link on #GitHub https://github.com/ly4k/Certipy

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

New Open-Source Tool Spotlight

Detecting where your domains are hosted just got easier. Cloud Detective maps subdomains to cloud providers like AWS, Azure, and GCP using DNS analysis and `WhatWeb`. False positives? Minimal, but worth verifying tech stacks manually. #CloudComputing #CyberSecurity

Project link on #GitHub https://github.com/Slayer0x/Cloud-Detective

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

New Open-Source Tool Spotlight

PentestGPT combines the power of GPT-4 with penetration testing workflows. It goes beyond simple prompts, maintaining "test status awareness" for context-heavy tasks. Supports easy-to-medium HackTheBox machines and local LLMs like GPT4ALL. #CyberSecurity #AI

Project link on #GitHub https://github.com/GreyDGL/PentestGPT

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

How much damage can a printer driver vulnerability really cause?

A lot, if you're looking at CVE-2025-1268—a critical code execution flaw rated 9.4 on the CVSS scale, recently discovered by Microsoft’s MORSE (Offensive Research and Security Engineering) team. The bug affects a wide range of Canon printer drivers used in production printers, office multifunction devices, and smaller laser printers.

The vulnerability stems from an out-of-bounds memory issue in how certain Canon drivers handle EMF recoding—specifically in Generic Plus PCL6, UFR II, LIPS4, LIPSXL, and PS driver families. If a malicious application feeds it a crafted print job, this could lead to remote code execution or disrupt printing altogether.

What makes this more concerning is the attack surface: these printers are commonly deployed across enterprise and small business environments. If exploited, an attacker could run arbitrary code with the same privileges as the print process—often SYSTEM-level on Windows systems. That's not just a printer glitch; it's a potential network breach vector.

Canon has acknowledged the issue and plans to release updated drivers across regional websites. The company also warned about other vulnerabilities involving buffer overflows, which could allow for similar attacks or Denial-of-Service if the device is exposed directly to the Internet.

In short, unpatched printer drivers are more than an inconvenience—they're a legitimate security risk. If you're running Canon hardware, it may be time to review your driver versions and update where needed.

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

New Open-Source Tool Spotlight

Want a Windows VM tailored for malware analysis and reverse engineering? FLARE-VM automates setup with Chocolatey and Boxstarter, offering a curated toolbox. Just meet the requirements: Win10+, PowerShell5+, 60GB+ disk. Ideal for secure sandboxing. #ReverseEngineering #MalwareAnalysis

Project link on #GitHub https://github.com/fireeye/flare-vm

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

New Open-Source Tool Spotlight

Invoke-Obfuscation is a PowerShell framework for generating heavily obfuscated scripts. It simulates attacker techniques, allowing defenders to test detection systems against syntax manipulation in versions 2.0+. A valuable tool for Blue Teams refining PowerShell monitoring. #PowerShell #CyberSecurity

Project link on #GitHub https://github.com/danielbohannon/Invoke-Obfuscation

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

New Open-Source Tool Spotlight

The Adversary Emulation Library by the Center for Threat-Informed Defense is a robust resource for assessing cyber defenses. It provides detailed emulation plans inspired by real-world threat actor TTPs, such as APT29 and FIN7, aligning with ATT&CK. Ideal for red teams aiming to refine security measures. #cybersecurity #redteam

Project link on #GitHub https://github.com/center-for-threat-informed-defense/adversary_emulation_library

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking