EyeWitness Cheatsheet Offensive Purpose: Efficient way to gather info about web services & their hosting infrastructure. Automates taking screenshots for quick & easy review. The post EyeWitness Cheatsheet appeared first on Black Hills Information Security, Inc..

Originally from: BHIS: EyeWitness Cheatsheet ( :-{ı▓ #BlackHillsInfoSec #Pentesting #cyberresearch

Think before you Click(Fix): Analyzing the ClickFix social engineering technique The ClickFix social engineering technique has been growing in popularity, with campaigns targeting thousands of enterprise and end-user devices daily. This technique exploits users’ tendency to resolve technical issues by tricking them into running malicious commands. These commands, in turn, deliver payloads that ultimately lead to information theft and exfiltration. The post Think before you Click(Fix): Analyzing the ClickFix social engineering technique appeared first on Microsoft Security Blog.

Originally from: MS Threat Intel: Think before you Click(Fix): Analyzing the ClickFix social engineering technique ( :-{ı▓ #CTI #cybersecurity #cyberresearch

Week 41 – 2025 Inside the Salesloft-Drift Breach: What It Means for SaaS & Identity Security In this session, Permiso’s CTO will cover:– How attackers moved from GitHub → AWS → Salesforce using stolen OAuth tokens.– Why this “all-machine” attack is a wake-up call for SaaS supply chains and NHIs.– Practical steps to detect and contain similar threats in […]

Originally from: This Week in 4n6: Week 41 – 2025 ( :-{ı▓ #dfir #incidentresponse #cyberresearch

Hashcat Cheatsheet Hashcat is a powerful tool for recovering lost passwords, and, thanks to GPU acceleration, it’s one of the fastest. It works by rapidly trying different password guesses to determine the original password from its scrambled (hashed) version. The post Hashcat Cheatsheet appeared first on Black Hills Information Security, Inc..

Originally from: BHIS: Hashcat Cheatsheet ( :-{ı▓ #BlackHillsInfoSec #Pentesting #cyberresearch

The Golden Scale: Bling Libra and the Evolving Extortion Economy Scattered Lapsus$ Hunters: Organizations, be aware of the effort of this cybercriminal alliance as they target retail and hospitality for extortion. The post The Golden Scale: Bling Libra and the Evolving Extortion Economy appeared first on Unit 42.

Originally from: Unit 42: The Golden Scale: Bling Libra and the Evolving Extortion Economy ( :-{ı▓ #unit42 #threathunting #cyberresearch

Storm-0501’s evolving techniques lead to cloud-based ransomware Financially motivated threat actor Storm-0501 has continuously evolved their campaigns to achieve sharpened focus on cloud-based tactics, techniques, and procedures (TTPs). While the threat actor has been known for targeting hybrid cloud environments, their primary objective has shifted from deploying on-premises endpoint ransomware to using cloud-based ransomware tactics. The post Storm-0501’s evolving techniques lead to cloud-based ransomware appeared first on Microsoft Security Blog.

Originally from: MS Threat Intel: Storm-0501’s evolving techniques lead to cloud-based ransomware ( :-{ı▓ #CTI #cybersecurity #cyberresearch

Wireshark Cheatsheet Wireshark is an incredible tool used to read and analyze network traffic coming in and out of an endpoint. Additionally, it can load previously captured traffic to assist with troubleshooting network issues or analyze malicious traffic to help determine what a threat actor is doing on your network. The post Wireshark Cheatsheet appeared first on Black Hills Information Security, Inc..

Originally from: BHIS: Wireshark Cheatsheet ( :-{ı▓ #BlackHillsInfoSec #Pentesting #cyberresearch

When AI Remembers Too Much – Persistent Behaviors in Agents’ Memory Indirect prompt injection can poison long-term AI agent memory, allowing injected instructions to persist and potentially exfiltrate conversation history. The post When AI Remembers Too Much – Persistent Behaviors in Agents’ Memory appeared first on Unit 42.

Originally from: Unit 42: When AI Remembers Too Much – Persistent Behaviors in Agents’ Memory ( :-{ı▓ #unit42 #threathunting #cyberresearch

Investigating targeted “payroll pirate” attacks affecting US universities Microsoft Threat Intelligence has identified a financially motivated threat actor that we track as Storm-2657 compromising employee accounts to gain unauthorized access to employee profiles and divert salary payments to attacker-controlled accounts, attacks that have been dubbed “payroll pirate”. The post Investigating targeted “payroll pirate” attacks affecting US universities appeared first on Microsoft Security Blog.

Originally from: MS Threat Intel: Investigating targeted “payroll pirate” attacks affecting US universities ( :-{ı▓ #CTI #cybersecurity #cyberresearch

Getting Started with AI Hacking Part 2: Prompt Injection In Part 2, we’re diving headfirst into one of the most critical attack surfaces in the LLM ecosystem - Prompt Injection: The AI version of talking your way past the bouncer. The post Getting Started with AI Hacking Part 2: Prompt Injection appeared first on Black Hills Information Security, Inc..

Originally from: BHIS: Getting Started with AI Hacking Part 2: Prompt Injection ( :-{ı▓ #BlackHillsInfoSec #Pentesting #cyberresearch

Responding to Cloud Incidents A Step-by-Step Guide from the 2025 Unit 42 Global Incident Response Report Cloud breaches are rising. This step-by-step guide from Unit 42 shows how to investigate, contain and recover from cloud-based attacks. The post Responding to Cloud Incidents A Step-by-Step Guide from the 2025 Unit 42 Global Incident Response Report appeared first on Unit 42.

Originally from: Unit 42: Responding to Cloud Incidents A Step-by-Step Guide from the 2025 Unit 42 Global Incident Response Report ( :-{ı▓ #unit42 #threathunting #cyberresearch

NPM Supply Chain Attack, Fake Europol Bounty, and Operation Secure Threat actors’ actions can have far-reaching consequences, from a “trolling” message stirring up journalists and researchers, to a phishing email and few lines of code affecting thousands of developer machines.  In this Leaky Weekly recap, we cover three cybercrime stories: Tune in as host and security researcher Nick Ascoli covers these stories below at Spotify, […] The post NPM Supply Chain Attack, Fake Europol Bounty, and Operation Secure appeared first on Flare | Threat Exposure Management | Cyber Threat Intel.

Originally from: Flare: NPM Supply Chain Attack, Fake Europol Bounty, and Operation Secure ( :-{ı▓ #flare #CTI #cyberresearch

A taxonomy of Mac stealers: Distinguishing Atomic, Odyssey, and Poseidon  Set sail with us as we compare and contrast three of the biggest players in the macOS stealer ecosystem: Atomic, Poseidon, and Odyssey

Originally from: Red Canary: A taxonomy of Mac stealers: Distinguishing Atomic, Odyssey, and Poseidon  ( :-{ı▓ #threatintel #redcanary #cyberresearch

Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability Storm-1175, a financially motivated actor known for deploying Medusa ransomware and exploiting public-facing applications for initial access, was observed exploiting the deserialization vulnerability in GoAnywhere MFT's License Servlet, tracked as CVE-2025-10035. We are publishing this blog post to increase awareness of this threat and to share end-to-end protection coverage details across Microsoft Defender. The post Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability appeared first on Microsoft Security Blog.

Originally from: MS Threat Intel: Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability ( :-{ı▓ #CTI #cybersecurity #cyberresearch

Skimming Credentials with Azure's Front Door WAF A Web Application Firewall (WAF) is a powerful thing. It inspects all traffic that traverses it, seeing everything that is submitted to a page. EVERYTHING. Figure 1 - Behold the Power of WAF Today we’ll demonstrate how…

Originally from: TrustedSec: Skimming Credentials with Azure's Front Door WAF ( :-{ı▓ #trustedsec #pentesting #cyberresearch

Impacket Cheatsheet Impacket is an extremely useful tool for post exploitation. It is a collection of Python scripts that provides low-level programmatic access to the packets and for some protocols, such as DCOM, Kerberos, SMB1, and MSRPC, the protocol implementation itself. The post Impacket Cheatsheet appeared first on Black Hills Information Security, Inc..

Originally from: BHIS: Impacket Cheatsheet ( :-{ı▓ #BlackHillsInfoSec #Pentesting #cyberresearch

The ClickFix Factory: First Exposure of IUAM ClickFix Generator Unit 42 discovers ClickFix phishing kits, commoditizing social engineering. This kit presents a lowered barrier for inexperienced cybercriminals. The post The ClickFix Factory: First Exposure of IUAM ClickFix Generator appeared first on Unit 42.

Originally from: Unit 42: The ClickFix Factory: First Exposure of IUAM ClickFix Generator ( :-{ı▓ #unit42 #threathunting #cyberresearch

Disrupting threats targeting Microsoft Teams Threat actors seek to abuse Microsoft Teams features and capabilities across the attack chain, underscoring the importance for defenders to proactively monitor, detect, and respond effectively. In this blog, we recommend countermeasures and optimal controls across identity, endpoints, data apps, and network layers to help strengthen protection for enterprise Teams users. The post Disrupting threats targeting Microsoft Teams appeared first on Microsoft Security Blog.

Originally from: MS Threat Intel: Disrupting threats targeting Microsoft Teams ( :-{ı▓ #CTI #cybersecurity #cyberresearch

Week 31 – 2025 Download Permiso’s CISO Guide to Detecting & Preventing Identity Attacks. The guide breaks down:– The top identity-based attack vectors across SaaS, PaaS, IaaS, and IdPs– Real-world breach examples from Okta, Snowflake, Cloudflare, and others– How adversaries exploit non-human identities and abuse MFA gaps– What CISOs must do to align identity with their broader security strategyAnd More Sponsored […]

Originally from: This Week in 4n6: Week 31 – 2025 ( :-{ı▓ #dfir #incidentresponse #cyberresearch

Burp Suite Cheatsheet Burp Suite is an intercepting HTTP proxy that can also scan a web-based service for vulnerabilities. A tool like this is indispensable for testing web applications. Burp Suite is written in Java and comes bundled with a JVM, so it works on any operating system you're likely to use. The post Burp Suite Cheatsheet appeared first on Black Hills Information Security, Inc..

Originally from: BHIS: Burp Suite Cheatsheet ( :-{ı▓ #BlackHillsInfoSec #Pentesting #cyberresearch

Threat Brief: Salesloft Drift Integration Used To Compromise Salesforce Instances This Threat Brief discusses observations on a campaign leveraging Salesloft Drift integration to exfiltrate data via compromised OAuth credentials. The post Threat Brief: Salesloft Drift Integration Used To Compromise Salesforce Instances appeared first on Unit 42.

Originally from: Unit 42: Threat Brief: Salesloft Drift Integration Used To Compromise Salesforce Instances ( :-{ı▓ #unit42 #threathunting #cyberresearch

Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability Storm-1175, a financially motivated actor known for deploying Medusa ransomware and exploiting public-facing applications for initial access, was observed exploiting the deserialization vulnerability in GoAnywhere MFT's License Servlet, tracked as CVE-2025-10035. We are publishing this blog post to increase awareness of this threat and to share end-to-end protection coverage details across Microsoft Defender. The post Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability appeared first on Microsoft Security Blog.

Originally from: MS Threat Intel: Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability ( :-{ı▓ #CTI #cybersecurity #cyberresearch

Week 32 – 2025 Download Permiso’s CISO Guide to Detecting & Preventing Identity Attacks. The guide breaks down:– The top identity-based attack vectors across SaaS, PaaS, IaaS, and IdPs– Real-world breach examples from Okta, Snowflake, Cloudflare, and others– How adversaries exploit non-human identities and abuse MFA gaps– What CISOs must do to align identity with their broader security strategyAnd More Sponsored […]

Originally from: This Week in 4n6: Week 32 – 2025 ( :-{ı▓ #dfir #incidentresponse #cyberresearch

PCI P2PE vs. E2EE – Scoping it Out Many payment processors sell “End-to-End Encryption” (E2EE) payment terminals with slick marketing that describes how well the solution protects payment card data. While encryption is an effective tool for protecting…

Originally from: TrustedSec: PCI P2PE vs. E2EE – Scoping it Out ( :-{ı▓ #trustedsec #pentesting #cyberresearch

GraphRunner Cheatsheet GraphRunner is a collection of post-exploitation PowerShell modules for interacting with the Microsoft Graph API. It provides modules for enumeration, exfiltration, persistence, and more! The post GraphRunner Cheatsheet appeared first on Black Hills Information Security, Inc..

Originally from: BHIS: GraphRunner Cheatsheet ( :-{ı▓ #BlackHillsInfoSec #Pentesting #cyberresearch

Why Threat Intelligence: A Conversation With Unit 42 Interns Discover what it’s like to be a Threat Intelligence intern at Unit 42, from diving into research to tackling real-world cyber threats. The post Why Threat Intelligence: A Conversation With Unit 42 Interns appeared first on Unit 42.

Originally from: Unit 42: Why Threat Intelligence: A Conversation With Unit 42 Interns ( :-{ı▓ #unit42 #threathunting #cyberresearch

Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats Microsoft Threat Intelligence has uncovered a cyberespionage campaign by the Russian state actor we track as Secret Blizzard that has been ongoing since at least 2024, targeting embassies in Moscow using an adversary-in-the-middle (AiTM) position to deploy their custom ApolloShadow malware. The post Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats appeared first on Microsoft Security Blog.

Originally from: MS Threat Intel: Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats ( :-{ı▓ #CTI #cybersecurity #cyberresearch

Week 33 – 2025 Download Permiso’s CISO Guide to Detecting & Preventing Identity Attacks. The guide breaks down:– The top identity-based attack vectors across SaaS, PaaS, IaaS, and IdPs– Real-world breach examples from Okta, Snowflake, Cloudflare, and others– How adversaries exploit non-human identities and abuse MFA gaps– What CISOs must do to align identity with their broader security strategyAnd More Sponsored […]

Originally from: This Week in 4n6: Week 33 – 2025 ( :-{ı▓ #dfir #incidentresponse #cyberresearch

Week 40 – 2025 Inside the Salesloft-Drift Breach: What It Means for SaaS & Identity Security In this session, Permiso’s CTO will cover:– How attackers moved from GitHub → AWS → Salesforce using stolen OAuth tokens.– Why this “all-machine” attack is a wake-up call for SaaS supply chains and NHIs.– Practical steps to detect and contain similar threats in […]

Originally from: This Week in 4n6: Week 40 – 2025 ( :-{ı▓ #dfir #incidentresponse #cyberresearch

CredMaster Cheatsheet CredMaster is a tool that facilitates password guessing attacks against common targets. It is designed with evasion and anti-detection capabilities and uses AWS APIs to rotate IP addresses for each guess. The post CredMaster Cheatsheet appeared first on Black Hills Information Security, Inc..

Originally from: BHIS: CredMaster Cheatsheet ( :-{ı▓ #BlackHillsInfoSec #Pentesting #cyberresearch