What is SNMP Security and Exploitation: A Comprehensive Guide
In this article, I cover how SNMP exploitation works, common vulnerabilities, and how to properly secure it.
https://denizhalil.com/2026/01/21/snmp-security-exploitation-guide
#CyberSecurity #SNMP #NetworkSecurity #InfoSec #InfrastructureSecurity #BlueTeam #RedTeam #Pentesting #ITSecurity #SecurityEngineering #DenizHalil
What is Web Cache Poisoning Attack and Defense: A Comprehensive Guide
In this article, I explain how the attack works, common vectors, and practical prevention technique
https://denizhalil.com/2026/01/26/web-cache-poisoning-attacks-prevention-guide/
#CyberSecurity #WebSecurity #CachePoisoning #AppSec #OWASP #InfoSec #Pentesting #RedTeam #BlueTeam #HTTP
π₯ Just Announced: Another Must-See Session at BSides Luxembourg!
π€π₯ π§ππ ππππ‘π§π¦ π’π ππππ’π¦: ππ ππ₯ππ©ππ‘ π πππͺππ₯π πππ‘ππ₯ππ§ππ’π‘ β Arad Donenfeld βοΈπ₯
What happens when AI doesnβt just assist malware developmentβbut fully owns it?
This talk explores a system where AI agents autonomously generate malware from start to finish. From prompt engineering and model orchestration to automated build-and-fix loops, it reveals how AI can produce diverse, evasive malware samples that challenge traditional detection. As models evolve, so does the scale, speed, and unpredictability of offensive tooling.
Arad Donenfeld is an attacks and exploits developer at SafeBreach with a strong background in security research, malware development, and offensive tooling. His work focuses on building and testing real-world attack techniques to improve detection and defense strategies.
π
Conference Dates: 6β8 May 2026 | 09:00β18:00
π 14, Porte de France, Esch-sur-Alzette, Luxembourg
ποΈ Tickets: https://2026.bsides.lu/tickets/
π Schedule Link: https://pretalx.com/bsidesluxembourg-2026/schedule/
#BSidesLuxembourg2026 #AISecurity #Malware #RedTeam #CyberSecurity #AI #ThreatResearch
A searchable beacon object file collection.
SSH Tunneling and Port Forwarding Techniques: A Comprehensive Guide
In this article, I cover:
* How SSH tunneling works under the hood
* Local, remote, and dynamic port forwarding techniques
* Real-world use cases (databases, internal services, pivoting)
* Security risks and hardening recommendations
https://denizhalil.com/2026/02/02/ssh-tunneling-port-forwarding-guide/
#CyberSecurity #sshtunneling #portforwarding #NetworkSecurity #Linux #RedTeam #BlueTeam #Pentesting #InfoSec #securityengineering #EthicalHacking #ITSecurity
Another talk announcement for BSides Luxembourg!
π€π ππ ππ‘π ππ₯π¬π£π§π’ππ₯ππ£ππ¬ ππ’π₯ ππ©ππ¦ππ©π π πππͺππ₯π β zhassulan zhussupov aka @cocomelonckz π§¬π₯
Modern malware doesnβt just hideβit adapts.
This talk explores how AI and advanced cryptography are reshaping offensive tradecraft, enabling malware to rewrite itself, adapt to environments, and evade behavioral detection. From polymorphic code to stealthy encryption techniques, this is the next evolution of βthinkingβ malware.
zhassulan zhussupov aka @cocomelonckz is a cybersecurity researcher, author, and speaker known for deep expertise in malware development, reverse engineering, and offensive security, with multiple published works and global conference talks.
π
Conference Dates: 6β8 May 2026 | 09:00β18:00
π 14, Porte de France, Esch-sur-Alzette, Luxembourg
ποΈ Tickets: https://2026.bsides.lu/tickets/
π Schedule Link: https://pretalx.com/bsidesluxembourg-2026/schedule/
#BSidesLuxembourg2026 #AISecurity #Malware #Cryptography #RedTeam #CyberSecurity
Weaponize signed .NET ClickOnce applications for initial access by hijacking a dependency DLL via AppDomainManager injection and loading a C# port of ProxyBlob Agent.
Subdomain Takeover Vulnerabilities and Prevention
In this article, I cover:
* How subdomain takeover vulnerabilities occur
* Real-world exploitation scenarios
Reconnaissance and detection techniques
* Practical prevention and DNS hygiene strategies
https://denizhalil.com/2026/02/16/subdomain-takeover-vulnerabilities-prevention/
#CyberSecurity #SubdomainTakeover #DNS #AttackSurface #BugBounty #RedTeam #BlueTeam #InfoSec #CloudSecurity #WebSecurity #EthicalHacking
A .NET 8 toolkit for creating and analysing Windows Shell Link (.lnk) files. Includes a command-line builder (LnkMeMaybe) and a graphical editor (LnkUi).
π¨ Introducing the AI Security Village at BSides Luxembourg 2026! π¨
π§ π€ ππ π¦πππ¨π₯ππ§π¬ π©ππππππ β π§ππππ‘ππππ π§π₯πππ‘ππ‘π & ππ π£πππ ππ‘π§ππ§ππ’π‘ (2-Day Deep Dive) β π£ππ₯π§π π¦ππ¨πππ & π‘ππππ₯ππ¨π‘ π₯πππππ£ππππ βοΈπ₯
π§πππ¦ ππ¦π‘βπ§ ππ¨π¦π§ ππ‘π’π§πππ₯ π§π₯πππ. π§πππ¦ ππ¦ πͺπππ₯π π§πππ’π₯π¬ π πππ§π¦ πππ‘ππ¦-π’π‘ ππ π¦πππ¨π₯ππ§π¬.
The AI Security Village brings a full 2-day immersive technical experience, diving deep into real-world implementation of AI security. From adversarial machine learning to securing agentic systems and LLM architectures, this village is designed for practitioners who want to go beyond concepts and actually build, break, and secure AI systems.
Expect intensive, hands-on sessions, practical techniques, and real-world scenarios covering how modern AI systems are attackedβand how to defend them effectively.
Parth Shukla is a Senior Security Researcher specializing in AI Security and Adversarial Machine Learning. With a strong offensive security background, his work focuses on securing agentic systems and LLM architectures, bridging the gap between traditional AppSec and emerging AI-driven risks.
Nagarjun Rallapalli is involved in advancing AI security initiatives and contributes to building and testing secure AI systems.
π
Conference Dates: 6β8 May 2026 | 09:00β18:00
π 14, Porte de France, Esch-sur-Alzette, Luxembourg
ποΈ Tickets: https://2026.bsides.lu/tickets/
π
Schedule Link: https://pretalx.com/bsidesluxembourg-2026/schedule/
#BSidesLuxembourg2026 #AISecurityVillage #AISecurity #AdversarialAI #LLMSecurity #CyberSecurity #RedTeam #AI
halil deniz
BSidesLuxembourg
r1cksec