mastouille.fr est l'un des nombreux serveurs Mastodon indépendants que vous pouvez utiliser pour participer au fédiverse.
Mastouille est une instance Mastodon durable, ouverte, et hébergée en France.

Administré par :

Statistiques du serveur :

582
comptes actifs

#purpleteam

1 message1 participant0 message aujourd’hui

New Open-Source Tool Spotlight 🚨🚨🚨

Scrapling is redefining Python web scraping. Adaptive, stealthy, and fast, it can bypass anti-bot measures while auto-tracking changes in website structure. A standout: 4.5x faster than AutoScraper for text-based extractions. #Python #WebScraping

🔗 Project link on #GitHub 👉 github.com/D4Vinci/Scrapling

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

Only $100 to reach our goal on the food drive. $130 raised so for. If anyone can please 🙏🏻 help me get through this week on feeding my rescues. It will mean a lot to me.Retweet to support a small rescue Every $10, $25 or $50 $100 counts Donate 👉 paypal.com/donate/?hosted_butt
#rescuedog #photography #Fujifilm #park
#dogsofmastodon #dog #dogs #Hunde
#Cockerspaniel #spaniel
#Spanielsofmastondon #dogsofpixelfed #GuteNacht #AgeSagtGuteNacht #GoodNight
#PurpleTeam #Security #tfr #Tor #TransRights

New Open-Source Tool Spotlight 🚨🚨🚨

MarkItDown by Microsoft is a Python tool designed to convert PDFs, office docs (Word, Excel, PowerPoint), images, audio, and even YouTube videos into Markdown. Perfect for LLMs like GPT-4 that handle Markdown natively. Requires Python 3.10+ and supports plugins. #Python #Markdown

🔗 Project link on #GitHub 👉 github.com/microsoft/markitdown

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

New Open-Source Tool Spotlight 🚨🚨🚨

gVisor: a user-space application kernel designed for container isolation. It mimics a Linux kernel interface while being written in Go for memory safety, running in user space. Ideal for sandboxing workloads in Docker or Kubernetes. #Containers #Sandbox

🔗 Project link on #GitHub 👉 github.com/google/gvisor

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

New Open-Source Tool Spotlight 🚨🚨🚨

Kubernetes History Inspector (KHI) is an agentless log viewer built for visualizing Kubernetes audit logs. Its timeline-based log analysis and resource relationship diagrams simplify cluster troubleshooting—no complex setups or commands required. #Kubernetes #Observability

🔗 Project link on #GitHub 👉 github.com/GoogleCloudPlatform

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

CALL FOR PAPERS CLOSES IN 5 DAYS!

Adversary Village CFP for @defcon 33 will be closing on 5th June 2025!
If you’re interested in sharing your work, ideas, or research, make sure to submit your proposal before the deadline. Don’t miss this opportunity to be a part of Adversary Village this year.
Submit your talk or workshop today: adversaryvillage.org/call-for-
#AdversaryVillage #CallForPapers #AdversarySimulation #PurpleTeam #DEFCON33

New Open-Source Tool Spotlight 🚨🚨🚨

Living Off the Land (LOL) techniques exploit legitimate tools for malicious purposes. This GitHub repo curates an impressive list of methods and resources attackers use across endpoints, cloud services, and more. Great for defenders seeking to enhance detection strategies. #Cybersecurity #Infosec

🔗 Project link on #GitHub 👉 github.com/danzek/awesome-lol-

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

CALL FOR PAPERS OPEN for Adversary Village at DEFCON Hacking Conference 2025!

We are back in Vegas this year, and we are calling on all hackers, adversary simulation specialists, researchers and offensive security minded folks to bring their best to the stage. The selected talks will be hosted in the DEF CON Creator stage, and the workshops will be hosted in the Adversary Village stage.
CFP Closes on: June 5, 2025
Event Dates: August 7-10 | Las Vegas Convention Center
Submit your proposals here: adversaryvillage.org/call-for-
We are a community-driven village focused on hands-on, technical content. No vendor pitches. Just pure adversarial research. We are looking for your amazing research and content for DEF CON this year!
@defcon
#AdversaryVillage #CallForPapers #AdversarySimulation #PurpleTeam

New Open-Source Tool Spotlight 🚨🚨🚨

Google's GRR (GRR Rapid Response) is an open-source framework for remote live forensics and incident response. It allows security teams to investigate systems at scale without interrupting operations. Used for data collection, analysis, and hunting. #CyberSecurity #DFIR

🔗 Project link on #GitHub 👉 github.com/google/grr

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

How can a DNS mail record be used to trick you into giving up your login credentials? 📨😕

Researchers at Infoblox have identified a phishing-as-a-service (PhaaS) platform called Morphing Meerkat that’s been quietly operating for over five years. What makes it notable is its use of DNS MX (Mail Exchange) records in ways rarely reported before. Instead of the usual static phishing page setups, Morphing Meerkat queries the victim’s email provider’s MX record—using DNS-over-HTTPS via Google or Cloudflare—to tailor the phishing page dynamically. This means victims are shown spoofed login interfaces that mimic the exact service they use, complete with matching branding and pre-filled email fields.

The platform supports more than 114 brand templates and uses obfuscated JavaScript to evade detection. It also includes built-in translation capabilities based on browser profile or geolocation, making the fake login pages appear native to the user's language. Earlier versions began in 2020 targeting just five email services (Gmail, Outlook, Yahoo, AOL, Office 365). By mid-2023, they could generate phishing pages dynamically using MX records and now operate in over a dozen languages.

Morphing Meerkat campaigns rely on a set of centralized email servers, primarily hosted by UK ISP iomart and US-based HostPapa, indicating a coordinated infrastructure rather than a loose network of attackers. The phishing emails often impersonate trusted services—banks, shipping companies, etc.—and are distributed using compromised WordPress sites, open redirects from platforms like Google’s DoubleClick, and embedded links in shortened URLs.

Once a user submits credentials, the system may display a fake “Invalid Password” error to lure them into re-entering data, after which they are redirected to the real login page. This not only reduces suspicion but also increases the chance of capturing correct credentials. Stolen data is sent back via AJAX, PHP scripts, or Telegram bots, sometimes with evidence removed in real-time.

This operation shows a deep understanding of modern security blind spots—including how content delivery and DNS infrastructure can be turned against end users.

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

Are your WhatsApp messages really secure? 🤔📱

A recent spear-phishing campaign by the Russian group "Star Blizzard" reveals new vulnerabilities. Microsoft researchers uncovered that this Advanced Persistent Threat (APT) group, known for targeting NATO nations and Eastern Europe since 2015, has shifted its focus to WhatsApp accounts.

Here’s how it works: Star Blizzard starts by sending an email impersonating a U.S. government official, inviting targets to join a WhatsApp group supporting Ukrainian NGOs. The email includes a deliberately broken QR code, prompting potential victims to reply for clarification. Once engaged, a second email is sent with a malicious link disguised as legitimate — a Safe Links-wrapped shortened URL. Clicking the link leads to a webpage hosting a QR code supposedly meant for WhatsApp group access.

But here’s the catch — scanning the QR code doesn’t just add users to the group. Instead, it grants attackers access to the victim's WhatsApp account via WhatsApp Web’s linking mechanism. This allows the hackers to exfiltrate private messages and sensitive data using browser plugins designed for exporting chat histories.

This campaign, which ran until November 2024, highlights Star Blizzard's evolution in tactics. Their approach combines familiar social engineering techniques with a specific focus on WhatsApp’s account-linking feature, underlining the persistence of their operations. Targets have included government officials, journalists, and think tanks, particularly in regions tied to NATO or ongoing Eastern European conflicts.

Microsoft has shared indicators of compromise (IoCs) and urges sectors at risk to remain cautious when handling external emails, especially those containing links or QR codes.

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

Can a simple double-click jeopardize your online security? 🖱️💻

Security researchers have uncovered a new vulnerability class called "DoubleClickjacking," which takes traditional clickjacking tactics a step further. Unlike the usual single-click manipulation, this technique exploits the timing between two clicks to compromise accounts and sensitive data. It bypasses established protections like X-Frame-Options headers and SameSite cookie policies—tools many websites rely on for security.

Here’s how it works: An attacker sets up a deceptive website that prompts users to double-click on an element, such as a CAPTCHA-like dialog box. During this sequence, the attacker uses JavaScript to redirect the second click to malicious actions, like approving unauthorized access to sensitive resources (e.g., OAuth applications). Meanwhile, the attacker-controlled tab closes, leaving no trace of the underlying exploit.

Why is this so effective? Most existing web defenses are designed to guard against forced single clicks but don’t account for subtleties in double-click behavior. This makes DoubleClickjacking a sophisticated way to bypass frameworks like Content Security Policy (CSP) and common browser-level safeguards.

To mitigate such risks, experts suggest implementing client-side restrictions, like disabling critical buttons unless users interact with specific gestures or keys—solutions already adopted by companies like Dropbox. However, long-term fixes may require browser vendors to introduce new standards, analogous to X-Frame-Options, tailored to handle double-click vulnerabilities.

This development follows another similar attack from the same researcher, Paulos Yibelo, who had demonstrated "gesture-jacking" last year. That variant exploited key presses or mouse gestures to achieve unwanted actions on sites like Coinbase and Yahoo! Through such techniques, attackers manipulate user trust and interaction patterns in increasingly creative ways.

The bottom line? As threat actors refine these tricks, both users and developers must stay alert to evolving attack vectors.

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

How does a stolen API key open the door to a major cybersecurity breach? 🤔🔑

The U.S. Treasury Department has revealed it suffered a significant cybersecurity breach, tracing the root cause back to a stolen API key belonging to its third-party software service provider, BeyondTrust. This breach, attributed to suspected Chinese state-sponsored attackers, exposed certain unclassified documents and allowed unauthorized remote access to departmental computers.

The incident began on December 8, 2024, when BeyondTrust informed the Treasury that threat actors had obtained an API key used to secure their cloud-based service. This service facilitated remote technical support for Treasury Departmental Offices (DO) end users. With the compromised key, attackers bypassed security measures to access Treasury user workstations and internal files.

BeyondTrust disclosed that these attackers exploited the API key to reset application passwords within their Remote Support system. Although BeyondTrust revoked the key, suspended impacted instances, and offered alternatives, the damage underscores how vulnerabilities in third-party systems can ripple into government networks. The company is still investigating how the key was originally obtained.

Additionally, BeyondTrust identified two related vulnerabilities, one classified as critical with a CVSS score of 9.8 (CVE-2024-12356). CISA has listed this flaw in its Known Exploited Vulnerabilities catalog due to ongoing exploitation in the wild.

While the Treasury confirmed the BeyondTrust service has been taken offline and there’s no evidence of ongoing access, this breach highlights the risks posed by supply-chain attacks, particularly when they involve privileged access tools. It also serves as a reminder of the importance of rigorous third-party vendor assessments and proactive vulnerability management strategies.

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

How does a fake job interview lead to a global cybersecurity threat? 🕵️‍♂️💻

North Korean hackers are intensifying efforts to exploit unsuspecting job seekers through the "Contagious Interview" campaign, which has recently introduced a new malware named OtterCookie. This operation involves posing as recruiters to lure individuals into downloading malicious software under the guise of a job interview process.

One key method is distributing malware-laden videoconferencing apps or npm packages hosted on platforms like GitHub or official registries. These tools pave the way for deploying other malware like BeaverTail and InvisibleFerret. Notably, BeaverTail now uses Python scripts, collectively referred to as CivetQ, to enhance its modular approach for stealing sensitive information.

OtterCookie, first detected in September 2024, is a JavaScript-based malware that communicates with command-and-control (C2) servers using the Socket.IO library. Once activated, it can execute shell commands to steal files, clipboard content, and, more critically, cryptocurrency wallet keys. A newer version, spotted just last month, builds upon its predecessor by tweaking how it steals crypto wallet keys—integrating this directly into its code rather than relying on remote commands.

The attackers' persistence in updating their tools while keeping their infection strategy intact underscores the effectiveness of their operations. These activities share similarities with other North Korean campaigns but stand distinct from larger efforts like "Operation Dream Job."

Beyond malware advancements, this campaign ties into broader illicit schemes. Recent sanctions by South Korea’s Ministry of Foreign Affairs highlight how North Korea sends IT workers abroad to secure funds for its nuclear and missile programs. Sanctioned entities like the 313th General Bureau exemplify how these cyber operations stretch globally, undermining international security by funneling stolen resources into military projects.

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

📰 Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware 🐞

The Lazarus Group, a North Korean-linked cyber threat actor, has conducted a sophisticated attack targeting nuclear-related organizations. Employing a revamped infection chain, the group deployed a modular backdoor dubbed CookiePlus during these attacks, which occurred in January 2024 as part of the long-running Operation Dream Job campaign, also known as NukeSped.

Operation Dream Job, active since at least 2020, exploits social engineering tactics by presenting enticing job opportunities to targets, often in sectors like defense, aerospace, or cryptocurrency. These deceptive lures are used to distribute malware, with recent efforts focusing on trojanized remote tools like TightVNC and UltraVNC. The attackers disguised malicious VNC utilities under names such as "AmazonVNC.exe" and bundled them with harmful payloads to compromise systems.

Kaspersky's analysis highlights that the infection chain begins with distributing archives containing trojanized software. For instance, a malicious DLL called "vnclang.dll" is used to load MISTPEN—a backdoor capable of deploying advanced payloads like RollMid and LPEClient. Additionally, a newer malware module, CookiePlus, was identified. Delivered via tools like Charamel Loader and ServiceChanger, CookiePlus functions as a downloader to retrieve encrypted and encoded payloads from command-and-control (C2) servers. It can gather system data and execute shellcodes while evading detection.

CookiePlus appears to evolve from earlier malware like MISTPEN, sharing notable behavioral similarities. Its design reflects the Lazarus Group’s ongoing efforts to enhance their modular malware frameworks and tactics to bypass countermeasures. For example, CookiePlus is disguised as legitimate software, such as Notepad++ plugins or leveraging frameworks like DirectX-Wrappers.

Lazarus Group’s broader activities extend beyond espionage. According to Chainalysis, North Korean-affiliated threat actors stole $1.34 billion in cryptocurrency in 2024 across 47 hacks, nearly doubling the previous year’s figures. This escalation includes major breaches, such as a $305 million theft from the DMM Bitcoin exchange in Japan. The increasing frequency and scale of these attacks underline the group’s growing capabilities in both monetary theft and cyber-espionage operations.

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

Featuring MITRE Engenuity Center for Threat-Informed Defense, a long-term community partner!
Many thanks to Jonathan Baker and CTID for continuing their support to #AdversaryVillage at @defcon 32 as well.
More info: ctid.io

adversaryvillage.org/adversary and defcon.org/html/defcon-32/dc-3

Join Adversary Village Discord server: adversaryvillage.org/discord
#AdversarySimulation #PurpleTeam #Tradecraft #Tactics #AdversaryEmulation #CTID #MITREEngenuity #ThreatInformedDefense #MITRE

Has anyone worked somewhere where your CTI, Hunt, Red/Blue/Purple teams all worked together? I have a unique opportunity to start building this out but I'm struggling designing a way in which we can all collaborate.
I've shared some examples before that gathered interest but I'm trying to go beyond the "informational" stage and turn it into something actionable so we aren't just building a central knowledge base.
#ThreatIntel #RedTeam #PurpleTeam #BlueTeam #ThreatHunting #Infosec