DirtRonin12h ago

Been working on something for a while and finally put it out there, a public security challenge against a threshold cryptography system I built for my own infrastructure.

Four servers, four countries, four hosting providers. The group signing key was generated distributedly (Pedersen DKG), no single server holds the full secret. I literally can't extract it myself. The challenge is to forge a valid FROST Ed25519 signature against today's published challenge string.

What makes it different from a typical CTF:

→ It's not a weekend event. It runs 24/7 for 90 days. The servers are real production boxes running real software (Nextcloud, Gitea, a team API, Grafana). Not docker containers with planted vulns.

→ Post-quantum hybrid. The audit chain carries ML-DSA-44 signatures alongside the FROST threshold sigs, with a downgrade-detection flag baked into the signed payload. Stripping the PQ signature invalidates the classical one.

→ There's a spiking neural network watching the cluster. 258 neurons with STDP learning and four neuromodulators (dopamine, noradrenaline, acetylcholine, serotonin). It processes DAG events, network metrics, and system telemetry as spike trains. A local LLM reads the brain's internal state every five minutes and reports what it observes. Currently it says the cluster is calm. I want to see what it says when someone's actually poking around.

The detection layer is consensus-based. Cross-peer Merkle verification, honey ports, file canaries, DNS sentinels — but quarantine requires multiple observers to agree before acting. One node can't panic the cluster on its own.

I've already broken it myself twice during deployment. Rolled a binary update and got cascade-quarantined by my own Merkle checker. Tripped a file canary rotating honeypot credentials. Those incidents are published. The system catches real mistakes.

Five tiers from foothold to crown jewel. No cash bounty, just your name on the board, CVE attribution, and write-up rights. Safe harbour under disclose.io terms.

https://hyveguard.com

#infosec #security #cryptography #thresholdcrypto #ctf #FROST #postquantum #pentest #redteam #hacking #spikingneuralnetwork #neuromorphic

@eff @mttaggart @GossiTheDog @briankrebs @lcamtuf

HyveGuard — break the threshold

A guy with no engineering background and an AI built a server-mesh defence system. Bifrost is open. Come break it.

halil deniz16h ago

What are Pass-the-Hash and Pass-the-Ticket Attacks: A Comprehensive Guide

In this article, I cover how these attacks work, their differences, and how to detect and mitigate them.
https://denizhalil.com/2026/01/05/pass-the-hash-pass-the-ticket-attacks-guide/

#cybersecurity #ActiveDirectory #PassTheHash #PassTheTicket #credentialaccess #RedTeam #BlueTeam #Pentesting #InfoSec #WindowsSecurity #EthicalHacking #ITSecurity #denizhalil

DirtRonin1d ago

HyveGuardrd public security challenge

Built a consensus-gated server defence with AI. FROST threshold crypto, Merkle verification, MPC rotation, post-quantum hybrid, honey tripwires, DAG audit.

Four servers, four jurisdictions. Eight mechanisms. One key that exists nowhere.

hyveguard.com

#infosec #ctf #security #cryptography #pentesting #hacking #bugbounty #redteam #netsec #thresholdcrypto #postquantum #ed25519 #zerotrust #threatresearch

hackers-arise.official2d ago

For those of you who want to learn #Powershell but weren’t sure how to approach it, we’ve created a series with more articles on the way. Helpful for both #redteam and #blueteam

You can start with Part 1 covering the basics:
https://hackers-arise.com/powershell-for-hackers-part-1-the-basics/
#cybersecurity #digitalArt

PowerShell for Hackers, Part 1: The Basics – Hackers Arise

Alonso Caballero / ReYDeS2d ago
⚠️ Métodos Seguros de Transacción en la DarkWeb 🔥 https://www.reydes.com/e/Metodos_Seguros_de_Transaccion_en_la_DarkWeb #cybersecurity #hacking #redteam #forensics #dfir #osint
Tim (Wadhwa-)Brown 3d ago

I don't spend nearly enough time breaking into people's switching stacks from first principles. I have been spoilt by weak passwords, SNMP, telnet and the like.

#hardhacks, #reverse, #engineering, #redteam

r1cksec3d ago

Fritter is a heavily modified fork of TheWover and Odzhan's Donut shellcode generator. It generates position-independent shellcode for in-memory execution of VBScript, JScript, EXE, DLL, and .NET assemblies, but with a heavy focus on evasion and signature resistance.

https://github.com/0xROOTPLS/Fritter

#infosec #cybersecurity #redteam #pentest

GitHub - 0xROOTPLS/Fritter

Contribute to 0xROOTPLS/Fritter development by creating an account on GitHub.

GitHub
Alonso Caballero / ReYDeS3d ago
⚠️ Mantener la Privacidad en la Dark Web 🔥 https://www.reydes.com/e/Mantener_la_Privacidad_en_la_Dark_Web #cybersecurity #hacking #redteam #forensics #dfir #osint
Alonso Caballero / ReYDeS4d ago
🧑‍💻 ¿Qué es la Dark Web? 🔥 https://www.reydes.com/e/Que_es_la_Dark_Web #cybersecurity #hacking #redteam #forensics #dfir #osint
r1cksec4d ago

Lightweight binary that joins a device to a Tailscale network and exposes a local SOCKS5 proxy. Designed for red team operations and ephemeral access into restricted environments using Tailscale’s embedded client (tsnet). Zero config, no daemon, no persistence - just a fast way in.

https://github.com/Yeeb1/SockTail

#infosec #cybersecurity #redteam #pentest

GitHub - Yeeb1/SockTail: Lightweight binary that joins a device to a Tailscale network and exposes a local SOCKS5 proxy. Designed for red team operations and ephemeral access into restricted environments using Tailscale’s embedded client (tsnet). Zero config, no daemon, no persistence - just a fast way in.

Lightweight binary that joins a device to a Tailscale network and exposes a local SOCKS5 proxy. Designed for red team operations and ephemeral access into restricted environments using Tailscale’s ...

GitHub