THE BUG HUNTERS METHODOLOGY LIVE
https://tbhmlive.com/ Jason Haddix TBHM Live – Course Info I am thrilled to introduce you to The Bug Hunter’s Methodology LIVE, my masterclass designed for aspiring and seasoned offensive security professionals, including web application security testers, red teamers, and bug bounty hunters. The Bug Hunter’s Methodology (TBHM) is a two-day, paid, virtual training that aims to…
PWNAGOTCHI: DEEP REINFORCEMENT LEARNING FOR WIFI PWNING!
Project Site Pwnagotchi is an A2C-based “AI” powered by bettercap and running on a Raspberry Pi Zero W that learns from its surrounding WiFi environment in order to maximize the crackable WPA key material it captures (either through passive sniffing or by performing deauthentication and association attacks). This material is collected on disk as PCAP files containing any form of handshake supported by hashcat,…
Automating C2 Infrastructure with Terraform, Nebula, Caddy and Cobalt Strike
Read Article The ability to quickly build out a C2 infrastructure within a few minutes, including all the set up and tear down logic included would be a great asset for any offensive security group or operator. In this post, I will show exactly how to build a fully automated functional C2 infrastructure using Terraform, Nebula, Caddy and Cobalt Strike….
Detection 101: Top Detections for Email Phishing and BEC
Read Article Phishing Detections: Starting the DIR Process Email phishing and BEC attacks both rely on email communication, so an email security tool is integral to protecting your environment. However, while an email security tool plays a central role in detecting phishing attempts, it’s not the sole solution. To effectively detect phishing and BEC incidents,…
Hundreds of Thousands of Dollars Worth of Solana Cryptocurrency Assets Stolen in Recent CLINKSINK Drainer Campaigns
Read Article On January 3, 2024, Mandiant’s X social media account was taken over and subsequently used to distribute links to a cryptocurrency drainer phishing page. Working with X, we were able to regain control of the account and, based on our investigation over the following days, we found no evidence of malicious activity on,…