Your private AWS VPC isn’t as safe as you think. ☁️🔓

We just released the full recording of our live workshop from Infosecurity Europe 2025.

In this session, our CEO Adrian Furtună and Product Manager Dragoş Sandu bypass the "safety" of a private network to compromise a mock healthcare infrastructure ("SynaptiCare") live on stage.

The attack chain:

1️⃣ Tunneling: Using a VPN Agent to breach the private IP range.
2️⃣ RCE: Escaping a Redis sandbox to get root access.
3️⃣ Exfiltration: Bypassing Next.js auth to dump .env keys.
4️⃣ Compliance: Automating the fix for SOC 2 evidence.

It’s a practical look at automating vulnerability validation behind firewalls.

📺 Watch the full demo here: https://pentest-tools.com/events/infosecurity-europe-2025

#Infosec #RedTeam #CloudSecurity #Pentesting #SOC2 #AWS #InfosecurityEurope

A good post about different conditional access bypasses for Microsoft Entra🕵️‍♂️

https://cloudbrothers.info/en/conditional-access-bypasses/

#infosec #cybersecurity #redteam #pentest #cloud #entra #azure

How does RAPTOR make AI-driven security smarter? 🦖🤖

RAPTOR fuses Claude Code with advanced tools like Semgrep, CodeQL, and AFL to create an autonomous security agent. It scans code, fuzzes binaries, analyzes vulnerabilities, and even generates patches or exploits—all while orchestrating defensive and offensive workflows. #CyberSecurity #AI

🔗 Project link on #GitHub 👉 https://github.com/gadievron/raptor

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

— ✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

I love websites or systems that have a max password length for user account.

It tells me that the password field in the system is a fixed value. That the system may be hashing the password and the hash algorithm has a max input length. The backend API could have input constraints. That the backend IDP is probably older and could potentially be vulnerable attacks.

So much info may be inferred from the password constraints.

Same goes for passwords that do not allow certain special characters to prevent SQL Injection attacks.

#passwords #redteam

You can learn a new tool in an afternoon. Building an adversarial mindset takes a lifetime. 🧠

We asked the #InfoSec community which books actually shaped their careers. If you're looking for a deep dive this winter, start with these essentials:

📕 The Web Application Hacker's Handbook (The foundational "why") 📘 Red Team Development and Operations (Strategy over tactics) 📗 Social Engineering: The Science of Human Hacking (The human element)

Get the full curated list of 70+ titles here: https://pentest-tools.com/blog/hacking-books-recommendations

What’s the one book you recommend to every junior pentester?

#ethicalhacking #redteam #books #cybersecurity #learning

OpSec for Sensitive Browsing: A 2025 Analysis

When accessing high-risk domains, standard HTTPS is insufficient against traffic analysis and ISP-level metadata retention. Coupled with the rise of mandatory facial recognition and ID verification for adult content access, the attack surface for personal data leakage has expanded.

We reviewed the top VPN solutions based on:

- Perfect Forward Secrecy & AES-256-GCM / ChaCha20 implementations.
- Ram-Only Architecture: Ensuring data is wiped upon reboot.
- Jurisdictional Risks: 14-Eyes compliance vs. offshore privacy.
- DNS/WebRTC Leak Protection: Verifying the "kill switch" efficacy under load.

Don't trust; verify. Ensure your tunnel is secure.

Read the technical breakdown: https://www.technadu.com/best-free-vpn-for-porn/336565/

Follow for more SecOps and Privacy tools.

#OpSec #InfoSec #Cryptography #PrivacyTools #Anonymity #RedTeam

How to extract access tokens from Office desktop applications like Microsoft Teams🕵️‍♂️

https://blog.randorisec.fr/ms-teams-access-tokens

#infosec #cybersecurity #pentest #redteam #azure #cloud

Ever wished for a tool that simplifies endpoint discovery? 🔍✨

Hakrawler is a blazingly fast web crawler built with Go, ideal for pentesting and reconnaissance. It extracts URLs, assets, and JavaScript files effortlessly, and its command-line options—like proxy support, JSON output, or subdomain crawling—offer flexibility for advanced workflows. Combine it with tools like Haktrails for robust OSINT.

#cybersecurity #pentesting #opensource

🔗 Project link on #GitHub 👉 https://github.com/hakluke/hakrawler

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

— ✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

Example code on how to use a custom dll during dll hijack on Narrator.exe as a persistence. The dll hijack is for %windir%\system32\speech_onecore\engines\tts\msttsloc_onecoreenus.dll🕵️‍♂️

https://github.com/api0cradle/Narrator-dll

#infosec #cybersecurity #pentest #redteam #windows #persistence