Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
social.tchncs.de is one of the many independent Mastodon servers you can use to participate in the fediverse.
A friendly server from Germany – which tends to attract techy people, but welcomes everybody. This is one of the oldest Mastodon instances.

Administered by:

Server stats:

3.8K
active users

social.tchncs.de: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

#cloudsecurity

20 posts18 participants0 posts today
Public
Lenin alevski 🕵️💻

New Open-Source Tool Spotlight 🚨🚨🚨

SharPersist is a tool for creating persistence mechanisms on Windows, leveraging C#. It supports methods like registry runs, WMI event subscriptions, and scheduled tasks. Designed for red teams but publicly available. #CyberSecurity #Windows

🔗 Project link on #GitHub 👉 github.com/mandiant/SharPersist

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

Public
Pyrzout :vm:

AutonomyAI Emerges from Stealth with $4M Pre-Seed Funding to Transform Front-End Development with Autonomous AI Agents – Source:hackread.com ciso2ciso.com/autonomyai-emerg #1CyberSecurityNewsPost #CyberSecurityNews #cloudsecurity #cybersecurity #PressRelease #AutonomyAI #Technology #Hackread #AI

autonomyai-emerges-from-stealth-with-$4m-pre-seed-funding-to-transform-front-end-development-with-autonomous-ai-agents-–-source:hackread.com
CISO2CISO.COM & CYBER SECURITY GROUP · AutonomyAI Emerges from Stealth with $4M Pre-Seed Funding to Transform Front-End Development with Autonomous AI Agents – Source:hackread.comSource: hackread.com - Author: Uzair Amir. AutonomyAI, a company focused on enhancing front-end software development for businesses, has announced its
Public
Opalsec :verified:

Grab your beverage of choice ☕, because there's a LOT to recap from the last 24 hours. Check it out here 👉 opalsec.io/daily-news-update-f

There's a lot to digest, so if you're running between meetings or scoffing down a quick lunch before the next - here's the TL;DR on the key points:

🚨 Urgent Ivanti Patch Alert: A critical RCE zero-day is being actively exploited by suspected China-nexus group UNC5221, who are deploying new malware (TRAILBLAZE, BRUSHFIRE).

🌐 Fast Flux is Back in the Spotlight: Five Eyes agencies dropped a joint advisory on the increased use of this evasion technique by sophisticated actors (ransomware gangs, state-sponsored groups). It makes tracking C2s & phishing sites a real headache by rapidly changing IPs/nameservers.

🔗 GitHub Supply Chain Attack Deep Dive: Remember that complex attack targeting Coinbase via GitHub Actions? Unit 42 traced its origin back to a single leaked SpotBugs Personal Access Token from late 2024! A huge reminder about token hygiene, the risks of mutable tags, and those cascading dependency threats. Rotate secrets if you use SpotBugs, Reviewdog, or tj-actions!

🤔 Oracle's Cloud Breach Saga Continues...: Oracle reportedly admitted a breach to customers, framing it as a "legacy" (pre-2017) environment issue, yet, the actor leaked data allegedly from late 2024/2025. The focus on "Oracle Cloud Classic" vs. OCI feels like damage control over transparency. As I put it in the blog, their handling doesn't exactly inspire confidence – trust is earned, folks.

🔄 Rethinking Disaster Recovery in the Ransomware Era: DR is way more than just backups now. With hybrid environments sprawling and ransomware the top threat, recovery is Incident Response (detect, isolate, wipe, reinstall, restore). Homogeneity might simplify recovery, but beware of single points of failure (hello, CrowdStrike outage!).

📡 Mass Scanning Alert: Seeing increased probes against Juniper devices (looking for default 't128' creds - change 'em!) and Palo Alto GlobalProtect portals. Motives are unclear – could be recon, botnet building, or sniffing for vulnerabilities. Keep those edge devices patched and hardened!

🇺🇦 New Malware 'Wrecksteel' Hits Ukraine: CERT-UA warns of a new espionage malware targeting state agencies and critical infrastructure via phishing. Deployed by UAC-0219, Wrecksteel exfiltrates documents and takes screenshots.

⚖️ INC Ransomware Claims State Bar of Texas: The second-largest US bar association confirmed a data breach after INC ransomware listed them on their leak site.

Stay informed, stay vigilant, and let me know your thoughts in the comments! What's catching your eye this week?

Opalsec · Daily News Update: Friday, April 4, 2025 (Australia/Melbourne)Chinese group exploiting Ivanti RCE bug since mid-March to drop web shells; DNS Fast Flux increasingly used by cyber crims & nation-states; GitHub Supply Chain attack traced to leaked Access Token in a CI workflow; Oracle says breach is of legacy system - receipts show otherwise.
#CyberSecurity#InfoSec#ThreatIntel
Public
Lenin alevski 🕵️💻

New Open-Source Tool Spotlight 🚨🚨🚨

Seatbelt is a post-exploitation tool designed for Windows environments. It collects detailed system information to help identify potential privilege escalation paths or misconfigurations. It's lightweight, written in C#, and can be run on live systems without requiring installation.

Used responsibly, tools like this can help secure your environment by simulating attacker tactics. #CyberSecurity #InfoSec

🔗 Project link on #GitHub 👉 github.com/GhostPack/Seatbelt

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

Public
Opalsec :verified:

Staying ahead means staying informed, right? Here's our latest wrap of the day's Cyber News:

🗞️ opalsec.io/daily-news-update-t

If you're short on time, here’s a quick whip-around of the top 3 stories of note:

🕵️‍♂️ Hunters Ransomware Rethink: Is the heat getting too much? Hunters International leadership reportedly told affiliates ransomware is now too "risky," planning a shift to pure data theft/extortion under a "World Leaks" banner. While their current status is murky, this potential pivot away from encryption echoes moves by other groups and highlights how defensive pressures are forcing attacker evolution – something we all need to track.

📧 White House OpSec Woes: Remember that recent White House Signal mishap? Well, now the same National Security Adviser is reportedly facing heat for using personal Gmail for sensitive (if unclassified) government discussions, raising serious OpSec and compliance alarms. It's a potent reminder for us all: even seemingly benign comms on personal platforms can create significant risks, and basic security hygiene is non-negotiable, especially when sensitive info is involved.

📞 Verizon API Call Log Leak: Here’s a worrying find: a simple API flaw in Verizon's Call Filter app exposed the incoming call history of potentially all their wireless customers to each other. Technically, it was a textbook case of broken object-level authorization – the API didn't check if the user's token matched the phone number whose logs were requested in a header. This highlights the critical need for robust API authorization checks and the significant privacy impact even call metadata can have.

Have a read of the full newsletter, and sign up to get all the details straight to your inbox each day:

📨 opalsec.io/daily-news-update-t

Opalsec · Daily News Update: Thursday, April 3, 2025 (Australia/Melbourne)Hunters International's transition to Data Extortion model could indicate the "impose cost" offensive targeting Ransomware is paying off. Trump Administration uses commercial email for sensitive military discussions. Verizon API flaw allowed unrestricted access to customer call history.
#CyberSecurity#InfoSec#ThreatIntel
Public *
Lenin alevski 🕵️💻

How is a clean, legitimate program helping hackers steal data from Ukraine? 🕵️🇺🇦

Researchers at Cisco Talos have uncovered an ongoing spear-phishing campaign by the Russia-linked group Gamaredon, also known as Armageddon or ACTINIUM. Active since November 2024, the attacks specifically target Ukrainian users with lures tied to military activity, such as troop-related documents.

The group distributes phishing emails that include ZIP archives or links to them. Inside those ZIPs are malicious shortcut (LNK) files made to look like Office documents. Once opened, these LNKs execute obfuscated PowerShell scripts that download a second-stage payload—Remcos RAT—using geo-fenced servers located in Russia and Germany. These servers often only respond to IP addresses originating from Ukraine, returning HTTP 403 errors to others.

Delivery of the Remcos malware follows a DLL sideloading technique. A notable example includes the use of "TivoDiag.exe," a legitimate executable bundled with a malicious DLL named "mindclient.dll." When the clean executable runs, it inadvertently loads and executes the malicious DLL, which decrypts and launches the Remcos backdoor hidden in the same ZIP file. This method helps bypass basic antivirus detection.

Remcos gives remote attackers full control over infected machines. Its use, combined with selective geo-targeting and deceptive file naming, points to a focused cyber-espionage effort against Ukrainian entities.

Talos provided indicators of compromise and detection rules to help defenders spot this activity. While Gamaredon has long relied on custom tools, their adoption of commercially available backdoors like Remcos reflects a shift toward more flexible, quickly deployable payloads suited for fast-moving espionage operations.

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

Public
Lenin alevski 🕵️💻

New Open-Source Tool Spotlight 🚨🚨🚨

Loki is an open-source malware scanner designed for threat detection. It uses YARA rules, IOC pattern matching, and file system anomaly detection to identify malicious files and artifacts. Ideal for quick triage, not full AV replacement. #malware #cybersecurity

🔗 Project link on #GitHub 👉 github.com/Neo23x0/Loki

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

Public *
Lenin alevski 🕵️💻

New Open-Source Tool Spotlight 🚨🚨🚨

GhidraMCP is an Model Context Protocol server for allowing LLMs to autonomously reverse engineer applications. It exposes numerous tools from core Ghidra functionality to MCP clients.

#ReverseEngineering #Ghidra

🔗 Project link on #GitHub 👉 lnkd.in/gRUrYpMx

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

Public
Pyrzout :vm:

Happy 21st Birthday, Gmail! Google’s Present to Enterprise Gmail Users: End-to-End Encryption – Source: www.techrepublic.com ciso2ciso.com/happy-21st-birth #rssfeedpostgeneratorecho #SecurityonTechRepublic #SecurityTechRepublic #CyberSecurityNews #CloudSecurity #Cybersecurity #Encryption #Security #Google #Gmail #News

happy-21st-birthday,-gmail!-google’s-present-to-enterprise-gmail-users:-end-to-end-encryption-–-source:-wwwtechrepublic.com
CISO2CISO.COM & CYBER SECURITY GROUP · Happy 21st Birthday, Gmail! Google’s Present to Enterprise Gmail Users: End-to-End Encryption – Source: www.techrepublic.comSource: www.techrepublic.com - Author: Fiona Jackson Image: Google All enterprise users of Gmail can now easily apply end-to-end encryption to their em
Public *
Lenin alevski 🕵️💻

How can a DNS mail record be used to trick you into giving up your login credentials? 📨😕

Researchers at Infoblox have identified a phishing-as-a-service (PhaaS) platform called Morphing Meerkat that’s been quietly operating for over five years. What makes it notable is its use of DNS MX (Mail Exchange) records in ways rarely reported before. Instead of the usual static phishing page setups, Morphing Meerkat queries the victim’s email provider’s MX record—using DNS-over-HTTPS via Google or Cloudflare—to tailor the phishing page dynamically. This means victims are shown spoofed login interfaces that mimic the exact service they use, complete with matching branding and pre-filled email fields.

The platform supports more than 114 brand templates and uses obfuscated JavaScript to evade detection. It also includes built-in translation capabilities based on browser profile or geolocation, making the fake login pages appear native to the user's language. Earlier versions began in 2020 targeting just five email services (Gmail, Outlook, Yahoo, AOL, Office 365). By mid-2023, they could generate phishing pages dynamically using MX records and now operate in over a dozen languages.

Morphing Meerkat campaigns rely on a set of centralized email servers, primarily hosted by UK ISP iomart and US-based HostPapa, indicating a coordinated infrastructure rather than a loose network of attackers. The phishing emails often impersonate trusted services—banks, shipping companies, etc.—and are distributed using compromised WordPress sites, open redirects from platforms like Google’s DoubleClick, and embedded links in shortened URLs.

Once a user submits credentials, the system may display a fake “Invalid Password” error to lure them into re-entering data, after which they are redirected to the real login page. This not only reduces suspicion but also increases the chance of capturing correct credentials. Stolen data is sent back via AJAX, PHP scripts, or Telegram bots, sometimes with evidence removed in real-time.

This operation shows a deep understanding of modern security blind spots—including how content delivery and DNS infrastructure can be turned against end users.

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

Public
Lenin alevski 🕵️💻

New Open-Source Tool Spotlight 🚨🚨🚨

TheHive is an open-source incident response platform designed to help teams investigate and manage cybersecurity incidents efficiently. It integrates with tools like MISP for threat intelligence sharing and supports automation through APIs. #CyberSecurity #IncidentResponse

🔗 Project link on #GitHub 👉 github.com/TheHive-Project/The

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

Public
TechnoTenshi :verified_trans: :Fire_Lesbian:

Oracle accused of downplaying a breach impacting its Oracle Classic SaaS platform. Leaked data and internal recordings suggest unauthorized access to systems handling customer data, despite public denials. Incident highlights growing concerns over transparency.

doublepulsar.com/oracle-attemp

DoublePulsar · Oracle attempt to hide serious cybersecurity incident from customers in Oracle SaaS serviceBy Kevin Beaumont
#CyberSecurity#CloudSecurity#Oracle
Public
Paco Hope #resist

Some of my colleagues at #AWS have created an open-source serverless #AI assisted #threatmodel solution. You upload architecture diagrams to it, and it uses Claude Sonnet via Amazon Bedrock to analyze it.

I'm not too impressed with the threats it comes up with. But I am very impressed with the amount of typing it saves. Given nothing more than a picture and about 2 minutes of computation, it spits out a very good list of what is depicted in the diagram and the flows between them. To the extent that the diagram is accurate/well-labeled, this solution seems to do a very good job writing out what is depicted.

I deployed this "Threat Designer" app. Then I took the architecture image from this blog post and dropped that picture into it. The image analysis produced some of the list of things you see attached.

This is a specialized, context-aware kind of OCR. I was impressed at boundaries, flows, and assets pulled from a graphic. Could save a lot of typing time. I was not impressed with the threats it identifies. Having said that, it did identify a handful of things I hadn't thought of before, like EventBridge event injection. But the majority of the threats are low value.

I suspect this app is not cheap to run. So caveat deployor.
#cloud #cloudsecurity #appsec #threatmodeling

A typical AWS serverless architecture from the blog that I linked to. It shows a very large box representing an AWS account, and bunch of smaller boxes containing icons, with each box representing a capability (like file upload, users and authentication, etc). Inside each of those boxes are some icons representing services, like Lambda, IAM, Cognito, S3, etc.
An screen capture of a list of things in a web browser. The table header is labeled "Flows" and it lists flows like the following: End users authenticate through web browsers or mobile devices via Amplify and CloudFront to Cognito User Pools, potentially using External Identity Provider integration. Source: End Users, Target: Cognito User Pools Authenticated users make API requests through CloudFront and API Gateway to access backend services. Source: End Users. Target: API Gateway API Gateway routes authenticated requests to appropriate Lambda functions for processing. Source: API Gateway. Target: Lambda Functions
An screen capture of a list of things in a web browser. The table header is labeled "Assets" and it lists things like the following: End Users: Users that access the application through web browsers or mobile devices, interacting with the frontend interfaces External Identity Provider: Third-party authentication service integrated with Cognito for user authentication and authorization API Gateway: Manages all API requests, acts as the primary entry point for backend services, controls access to Lambda functions and business logic
A screenshot of a table in a web page. The header is labeled "Trust Boundary" and it contains items like: Public-to-private network boundary separating internet users from AWS cloud resources. Source: End Users. Target: CloudFront Distribution Authentication boundary validating user identity before allowing access to backend resources. Source: End Users. Target: Cognito User Pools External authentication service integration boundary. Source: Cognito User Pools. Target: External Identity Provider
#ai#threatmodel
Public
0x40k

AWS & Security – feels like a whole different beast sometimes, right? 😅 Lots of folks assume cloud automatically equals secure. Honestly? Think again! As a pentester, I see some pretty wild stuff out there.

Now, don't get me wrong, AWS provides a solid foundation. It’s what *you* build on top, though, that often gets dicey. We're talking S3 buckets left wide open? IAM permissions looking like total chaos? And yeah, those dreaded data leaks? 🙈

SSRF, IDOR, unpatched systems… the list just goes on. Sure, security tools can help flag things, but let's be real, nothing beats a skilled human actually digging in! Those automated scans? They're definitely nice to have, a good first step even, but they just don't replace a proper, hands-on pentest. 😉 Trust me, I've cracked way too many supposedly "secure" clouds… 😈

So, how are *you* locking down your AWS environments? What are your biggest headaches or pain points when it comes to cloud security? Let me know below! 👇

#AWS#CloudSecurity#Pentesting
Public
Brian Greenberg

🎯 Free Cybersecurity Webcasts from SANS — Now Open for Registration!

SANS Institute has released its latest schedule of free, expert-led webcasts throughout 2025. Topics span the most critical areas of cybersecurity today:

🔹 Microsoft Defender for Cloud – Best practices & insights
🔹 ICS Security & Management of Change – Resilience and risk
🔹 Threat Intelligence & SOC Trends – Based on global survey data
🔹 Multicloud & GenAI Security – How organizations are adapting
🔹 Attack Surface Management – Stay ahead of hacker tactics

📅 Flexible live or on-demand viewing
🏆 Earn CPE credits
💡 Stay current on the latest in cyber

This is a great opportunity for pros at all levels to grow their skills and stay sharp in a fast-evolving field.

#CyberSecurity #SANS #ProfessionalDevelopment #FreeTraining #ThreatIntel #SOC #CloudSecurity
@sans_isc
@sans_isc@mastodon.social

view.email.sans.org/?qs=69e042

ExploreLive feeds
About