Transform LDAP filters, BaseDNs, attribute lists, and attribute entries using composable middleware chains. Zero dependencies. Works as a library or CLI tool.

https://github.com/j0hnZ3RA/ldapx-py

#infosec #cybersecurity #redteam #pentest #opensource

What is NetBIOS and SMB Exploitation Techniques: A Practical Guide

In this article, I cover key exploitation techniques, real-world attack scenarios, and how to secure these services effectively.

https://denizhalil.com/2026/01/15/netbios-smb-exploitation-techniques-guide/

#CyberSecurity #SMB #NetBIOS #NetworkSecurity #ActiveDirectory #RedTeam #BlueTeam #Pentesting #InfoSec #WindowsSecurity #EthicalHacking #ITSecurity #DenizHalil

Another talk announcement for BSides Luxembourg!

🔥🤖 𝗢𝗛 𝗦𝗛𝗜𝗧 𝗜 𝗔𝗖𝗖𝗜𝗗𝗘𝗡𝗧𝗔𝗟𝗟𝗬 𝗕𝗥𝗘𝗔𝗖𝗛𝗘𝗗 𝗔𝗡 𝗢𝗥𝗚𝗔𝗡𝗜𝗭𝗔𝗧𝗜𝗢𝗡 (𝗢𝗥 𝗠𝗔𝗡𝗬) 𝗨𝗦𝗜𝗡𝗚 𝗔𝗜 – Panagiotis Fiskilis 💥

What starts as a harmless search can spiral into a multi-organization data breach—especially when AI gets involved.

This talk dives into real-world research showing how AI can be weaponized for OSINT, enabling large-scale data discovery, spear phishing campaigns, and even manipulation of AI systems themselves. From injecting malicious context into models to scaling attacks via APIs and agent workflows, this session explores how adversaries can turn AI into a powerful offensive tool—and how defenders can detect and respond.

Expect a true purple team perspective, blending attacker techniques with defensive insights, including OPSEC considerations and strategies to identify malicious AI-driven activities before they escalate.

Panagiotis Fiskilis is a Senior Red Team Operator at NVISO, specializing in API hacking, Active Directory exploitation, and malware development. With multiple industry certifications (OSCP, OSWE, CRTO, eWPT and more), he brings hands-on offensive expertise combined with a strong research-driven mindset.

📅 Conference Dates: 6–8 May 2026 | 09:00–18:00
📍 14, Porte de France, Esch-sur-Alzette, Luxembourg
🎟️ Tickets: https://2026.bsides.lu/tickets/
📅 Schedule Link: https://pretalx.com/bsidesluxembourg-2026/schedule/
👉 Browse sessions, track talks in real time, and plan your schedule on Hacker Tracker: https://hackertracker.app/schedule?conf=BSIDESLUX2026

#BSidesLuxembourg2026 #AISecurity #RedTeam #OSINT #CyberSecurity #AI #ThreatIntelligence #PurpleTeam

What is SNMP Security and Exploitation: A Comprehensive Guide

In this article, I cover how SNMP exploitation works, common vulnerabilities, and how to properly secure it.
https://denizhalil.com/2026/01/21/snmp-security-exploitation-guide

#CyberSecurity #SNMP #NetworkSecurity #InfoSec #InfrastructureSecurity #BlueTeam #RedTeam #Pentesting #ITSecurity #SecurityEngineering #DenizHalil

What is Web Cache Poisoning Attack and Defense: A Comprehensive Guide

In this article, I explain how the attack works, common vectors, and practical prevention technique
https://denizhalil.com/2026/01/26/web-cache-poisoning-attacks-prevention-guide/

#CyberSecurity #WebSecurity #CachePoisoning #AppSec #OWASP #InfoSec #Pentesting #RedTeam #BlueTeam #HTTP

🔥 Just Announced: Another Must-See Session at BSides Luxembourg!

🤖💥 𝗧𝗛𝗘 𝗔𝗚𝗘𝗡𝗧𝗦 𝗢𝗙 𝗖𝗛𝗔𝗢𝗦: 𝗔𝗜 𝗗𝗥𝗜𝗩𝗘𝗡 𝗠𝗔𝗟𝗪𝗔𝗥𝗘 𝗚𝗘𝗡𝗘𝗥𝗔𝗧𝗜𝗢𝗡 – Arad Donenfeld ⚙️🔥

What happens when AI doesn’t just assist malware development—but fully owns it?

This talk explores a system where AI agents autonomously generate malware from start to finish. From prompt engineering and model orchestration to automated build-and-fix loops, it reveals how AI can produce diverse, evasive malware samples that challenge traditional detection. As models evolve, so does the scale, speed, and unpredictability of offensive tooling.

Arad Donenfeld is an attacks and exploits developer at SafeBreach with a strong background in security research, malware development, and offensive tooling. His work focuses on building and testing real-world attack techniques to improve detection and defense strategies.

📅 Conference Dates: 6–8 May 2026 | 09:00–18:00
📍 14, Porte de France, Esch-sur-Alzette, Luxembourg
🎟️ Tickets: https://2026.bsides.lu/tickets/

📅 Schedule Link: https://pretalx.com/bsidesluxembourg-2026/schedule/

#BSidesLuxembourg2026 #AISecurity #Malware #RedTeam #CyberSecurity #AI #ThreatResearch

A searchable beacon object file collection.

https://chryzsh.github.io/awesome-bof/site

#infosec #cybersecurity #redteam #pentest

SSH Tunneling and Port Forwarding Techniques: A Comprehensive Guide

In this article, I cover:
* How SSH tunneling works under the hood
* Local, remote, and dynamic port forwarding techniques
* Real-world use cases (databases, internal services, pivoting)
* Security risks and hardening recommendations

https://denizhalil.com/2026/02/02/ssh-tunneling-port-forwarding-guide/

#CyberSecurity #sshtunneling #portforwarding #NetworkSecurity #Linux #RedTeam #BlueTeam #Pentesting #InfoSec #securityengineering #EthicalHacking #ITSecurity

Another talk announcement for BSides Luxembourg!

🤖🔐 𝗔𝗜 𝗔𝗡𝗗 𝗖𝗥𝗬𝗣𝗧𝗢𝗚𝗥𝗔𝗣𝗛𝗬 𝗙𝗢𝗥 𝗘𝗩𝗔𝗦𝗜𝗩𝗘 𝗠𝗔𝗟𝗪𝗔𝗥𝗘 – zhassulan zhussupov aka @cocomelonckz 🧬🔥

Modern malware doesn’t just hide—it adapts.

This talk explores how AI and advanced cryptography are reshaping offensive tradecraft, enabling malware to rewrite itself, adapt to environments, and evade behavioral detection. From polymorphic code to stealthy encryption techniques, this is the next evolution of “thinking” malware.

zhassulan zhussupov aka @cocomelonckz is a cybersecurity researcher, author, and speaker known for deep expertise in malware development, reverse engineering, and offensive security, with multiple published works and global conference talks.

📅 Conference Dates: 6–8 May 2026 | 09:00–18:00
📍 14, Porte de France, Esch-sur-Alzette, Luxembourg
🎟️ Tickets: https://2026.bsides.lu/tickets/

📅 Schedule Link: https://pretalx.com/bsidesluxembourg-2026/schedule/

#BSidesLuxembourg2026 #AISecurity #Malware #Cryptography #RedTeam #CyberSecurity

Weaponize signed .NET ClickOnce applications for initial access by hijacking a dependency DLL via AppDomainManager injection and loading a C# port of ProxyBlob Agent.

https://github.com/dazzyddos/ClickOnceBlobber

#infosec #cybersecurity #redteam #pentest