Alfie Champion's Avatar

Alfie Champion

@ajpc500.bsky.social

Founder @ delivr.to | Threat Detection @ GitHub | Previously MWR

136 Followers  |  185 Following  |  4 Posts  |  Joined: 14.11.2024  |  1.6178

Latest posts by ajpc500.bsky.social on Bluesky


๐Ÿ’œ๐Ÿ’œ๐Ÿ’œ

23.09.2025 16:32 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
delivr.toโ€™s Top 10 Payloads (July โ€˜25): FileFix, Zip Smuggling and QRLJacking The fifth iteration of the delivr.to Top 10, including FileFix, Zip Smuggling and QRLJacking

It's here.

The latest iteration of our Top 10 includes the most important developments in initial access tradecraft; from macOS targeting of ClickFix, to Zip Smuggling, to QRLJacking.

Blog:

14.07.2025 08:00 โ€” ๐Ÿ‘ 1    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Practical Purple Teaming This practical introduction to collaborative security testing, or โ€œpurple teaming,โ€ is a hands-on, lab-based guide to key methodologies for cybersecurity practitioners in any field.

With a process that began two and a half years ago, I'm very excited to announce that I've written a book with @nostarchpress.bsky.social! ๐ŸŽ‰

"Practical Purple Teaming" tells you all you need to know to get started with collaborative offensive testing.

nostarch.com/purple-teaming

13.03.2025 09:43 โ€” ๐Ÿ‘ 2    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Home | delivr.to Bringing purple teaming to email. Emulate the latest offensive techniques to measure your stack's effectiveness, track improvement, and quantify the threats that can reach your users.

โš ๏ธ CVE-2025-21298 - A vuln in Windows could enable remote code execution via a crafted RTF file, just by the user previewing the file in Outlook

๐Ÿ›ก๏ธ We've added a POC to delivr.to to test deliverability: delivr.to/?id=d22c9632...

๐Ÿ” Detect RTFs with our Sublime rule: sublime.security/feeds/delivr...

22.01.2025 16:10 โ€” ๐Ÿ‘ 1    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

Twice a year we take a deep dive into the latest, notable tradecraft that has caught our attention in the world of phishing and initial access over the past six months. From Pastejacking, to image-less QR codes, to zip concatenation.

๐Ÿ“š Read our new Top 10: blog.delivr.to/delivr-tos-t...

19.12.2024 09:00 โ€” ๐Ÿ‘ 2    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 1
Blue Team Con 2025. Training + Conference. September 4-7. Fairmont Chicago. www.blueteamcon.com

Blue Team Con 2025. Training + Conference. September 4-7. Fairmont Chicago. www.blueteamcon.com

24.11.2024 06:55 โ€” ๐Ÿ‘ 26    ๐Ÿ” 13    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 4
Preview
The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access In early February 2022, notably just ahead of the Russian invasion of Ukraine, Volexity made a discovery that led to one of the most fascinating and complex incident investigations Volexity had ever w...

@volexity.comโ€™s latest blog post describes in detail how a Russian APT used a new attack technique, the โ€œNearest Neighbor Attackโ€, to leverage Wi-Fi networks in close proximity to the intended target while the attacker was halfway around the world.ย 
ย 
Read more here: www.volexity.com/blog/2024/11...

22.11.2024 14:58 โ€” ๐Ÿ‘ 81    ๐Ÿ” 41    ๐Ÿ’ฌ 2    ๐Ÿ“Œ 13

I made a Detection Engineering starter pack, will be adding more as more folks jump over to bluesky! go.bsky.app/HenXJUR

18.11.2024 15:37 โ€” ๐Ÿ‘ 125    ๐Ÿ” 55    ๐Ÿ’ฌ 8    ๐Ÿ“Œ 3

New place, same content from delivr.to ๐Ÿฆ‹๐Ÿ˜

This is a really simple, but effective, initial access technique for evading mail filtering and delivering blocked file types (the original sample straight-up delivers an EXE ๐Ÿ‘€). Great research from Perception Point!

15.11.2024 10:10 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

hey hey! ๐Ÿ‘‹

14.11.2024 23:30 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

@ajpc500 is following 20 prominent accounts