r1cksecThis cheatsheet maps common impacket workflows to their modern alternatives
Tobias ScheibleSelbst die beste IT-Sicherheitsarchitektur nützt wenig, wenn jemand einfach ein manipuliertes Ladekabel einsteckt. Genau dieses Problem war mein Antrieb für „𝗛𝗮𝗰𝗸𝗶𝗻𝗴 𝗛𝗮𝗿𝗱𝘄𝗮𝗿𝗲”, eine Übersetzung meines deutschsprachigen Buches „𝗛𝗮𝗿𝗱𝘄𝗮𝗿𝗲 & 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆”. In der Cybersicherheit konzentrieren wir uns stark auf Netzwerke und Software, aber der physische Angriffsvektor wird oft fatal unterschätzt.
In meinem neuen englischsprachigen 𝗕𝘂𝗰𝗵 zeige ich euch praktisch und detailliert, wie diese Angriffe funktionieren und wie man sich davor schützt. 🧰
Egal, ob ihr im Red Team seid und euer Arsenal erweitern wollt oder im Blue Team arbeitet und diese Vektoren verstehen müsst – dieses englischsprachige Buch liefert euch die Praxis. 🛠️
#RedTeam #BlueTeam #KeystrokeInjection #SDR #InfoSec #CyberSecurity #Hard
Nick StocksWe Let an AI Attack Our Security Pipeline. Here's What 412 Attacks Taught Us.
We built an autonomous red-team loop that invents evasion techniques, tests them against our DLP and content safety scanners, then builds the defense. It has generated 328 adversarial patterns and defended against 84 CVE and OWASP vectors. It runs three phases: CVE regression, false positive validation, and creative attack generation.
We Let an AI Attack Our Security Pipeline. Here's What 412 Attacks Taught Us.
We built an autonomous red-team loop that invents evasion techniques, tests them against our DLP and content safety scanners, then builds the defense. It has generated 328 adversarial patterns and defended against 84 CVE and OWASP vectors. It runs three phases: CVE regression, false positive validation, and creative attack generation.
Nick StocksWe Let an AI Attack Our Security Pipeline. Here's What 412 Attacks Taught Us.
We built an autonomous red-team loop that invents evasion techniques, tests them against our DLP and content safety scanners, then builds the defense. It has generated 328 adversarial patterns and defended against 84 CVE and OWASP vectors. It runs three phases: CVE regression, false positive validation, and creative attack generation.
We Let an AI Attack Our Security Pipeline. Here's What 412 Attacks Taught Us.
We built an autonomous red-team loop that invents evasion techniques, tests them against our DLP and content safety scanners, then builds the defense. It has generated 328 adversarial patterns and defended against 84 CVE and OWASP vectors. It runs three phases: CVE regression, false positive validation, and creative attack generation.
We Let an AI Attack Our Security Pipeline. Here's What 412 Attacks Taught Us.
We built an autonomous red-team loop that invents evasion techniques, tests them against our DLP and content safety scanners, then builds the defense. It has generated 328 adversarial patterns and defended against 84 CVE and OWASP vectors. It runs three phases: CVE regression, false positive validation, and creative attack generation.
We Let an AI Attack Our Security Pipeline. Here's What 412 Attacks Taught Us.
We built an autonomous red-team loop that invents evasion techniques, tests them against our DLP and content safety scanners, then builds the defense. It has generated 328 adversarial patterns and defended against 84 CVE and OWASP vectors. It runs three phases: CVE regression, false positive validation, and creative attack generation.
We Let an AI Attack Our Security Pipeline. Here's What 412 Attacks Taught Us.
We built an autonomous red-team loop that invents evasion techniques, tests them against our DLP and content safety scanners, then builds the defense. It has generated 328 adversarial patterns and defended against 84 CVE and OWASP vectors. It runs three phases: CVE regression, false positive validation, and creative attack generation.
We Let an AI Attack Our Security Pipeline. Here's What 412 Attacks Taught Us.
We built an autonomous red-team loop that invents evasion techniques, tests them against our DLP and content safety scanners, then builds the defense. It has generated 328 adversarial patterns and defended against 84 CVE and OWASP vectors. It runs three phases: CVE regression, false positive validation, and creative attack generation.
We Let an AI Attack Our Security Pipeline. Here's What 389 Attacks Taught Us.
We built an autonomous red-team loop that invents evasion techniques, tests them against our DLP and content safety scanners, then builds the defense. It has generated 389 adversarial patterns and defended against 78 CVE vectors. It runs three phases: CVE regression, false positive validation, and creative attack generation.
We Let an AI Attack Our Security Pipeline. Here's What 412 Attacks Taught Us.
We built an autonomous red-team loop that invents evasion techniques, tests them against our DLP and content safety scanners, then builds the defense. It has generated 328 adversarial patterns and defended against 84 CVE and OWASP vectors. It runs three phases: CVE regression, false positive validation, and creative attack generation.
We Let an AI Attack Our Security Pipeline. Here's What 389 Attacks Taught Us.
We built an autonomous red-team loop that invents evasion techniques, tests them against our DLP and content safety scanners, then builds the defense. It has generated 389 adversarial patterns and defended against 78 CVE vectors. It runs three phases: CVE regression, false positive validation, and creative attack generation.
We Let an AI Attack Our Security Pipeline. Here's What 412 Attacks Taught Us.
We built an autonomous red-team loop that invents evasion techniques, tests them against our DLP and content safety scanners, then builds the defense. It has generated 328 adversarial patterns and defended against 84 CVE and OWASP vectors. It runs three phases: CVE regression, false positive validation, and creative attack generation.
LLM security testing framework for detecting prompt injection, jailbreaks, and adversarial attacks — 190+ probes, 28 providers, single Go binary
KL3FT3ZInternal redteam, 8h, no tools except one exploit.
Result: VP account, full AD control. SOC: 0 alerts.
https://github.com/toxy4ny/semetsky---VP
Why it matters: PXE-boot Linux, unmonitored, unpatched since 2023.
CVE-2025-32463 → bash_history with plaintext creds → RDP hop →
custom AD delegation. All "legitimate" actions, no SOC triggers.
What's your "Yuri Semetsky" story? (obfuscated, of course)
GitHub - toxy4ny/semetsky---VP: How Yuri Semetsky Became a Vice President of Kingdom-Bank. Or why the most dangerous weapon isn't an exploit, but the conviction that "we have everything under control"
How Yuri Semetsky Became a Vice President of Kingdom-Bank. Or why the most dangerous weapon isn't an exploit, but the conviction that "we have everything under control" - toxy4ny/seme...